From bugzilla at redhat.com Wed Oct 1 19:17:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Oct 2014 19:17:17 +0000 Subject: [RHSA-2014:1352-01] Moderate: libvirt security and bug fix update Message-ID: <201410011917.s91JHHvK020651@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security and bug fix update Advisory ID: RHSA-2014:1352-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1352.html Issue date: 2014-10-01 CVE Names: CVE-2014-3633 CVE-2014-3657 ===================================================================== 1. Summary: Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug: * Prior to this update, libvirt was setting the cpuset.mems parameter for domains with numatune/memory[nodeset] prior to starting them. As a consequence, domains with such a nodeset, which excluded the NUMA node with DMA and DMA32 zones (found in /proc/zoneinfo), could not be started due to failed KVM initialization. With this update, libvirt sets the cpuset.mems parameter after the initialization, and domains with any nodeset (in /numatune/memory) can be started without an error. (BZ#1135871) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1141131 - CVE-2014-3633 libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index 1145667 - CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libvirt-1.1.1-29.el7_0.3.src.rpm x86_64: libvirt-1.1.1-29.el7_0.3.x86_64.rpm libvirt-client-1.1.1-29.el7_0.3.i686.rpm libvirt-client-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm libvirt-python-1.1.1-29.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvirt-daemon-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.3.i686.rpm libvirt-devel-1.1.1-29.el7_0.3.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.3.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.3.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libvirt-1.1.1-29.el7_0.3.src.rpm x86_64: libvirt-client-1.1.1-29.el7_0.3.i686.rpm libvirt-client-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libvirt-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.3.i686.rpm libvirt-devel-1.1.1-29.el7_0.3.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.3.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.3.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.3.x86_64.rpm libvirt-python-1.1.1-29.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libvirt-1.1.1-29.el7_0.3.src.rpm ppc64: libvirt-1.1.1-29.el7_0.3.ppc64.rpm libvirt-client-1.1.1-29.el7_0.3.ppc.rpm libvirt-client-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.3.ppc64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.3.ppc64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.ppc.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.ppc64.rpm libvirt-devel-1.1.1-29.el7_0.3.ppc.rpm libvirt-devel-1.1.1-29.el7_0.3.ppc64.rpm libvirt-docs-1.1.1-29.el7_0.3.ppc64.rpm libvirt-python-1.1.1-29.el7_0.3.ppc64.rpm s390x: libvirt-1.1.1-29.el7_0.3.s390x.rpm libvirt-client-1.1.1-29.el7_0.3.s390.rpm libvirt-client-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.3.s390x.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.3.s390x.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.s390.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.s390x.rpm libvirt-devel-1.1.1-29.el7_0.3.s390.rpm libvirt-devel-1.1.1-29.el7_0.3.s390x.rpm libvirt-docs-1.1.1-29.el7_0.3.s390x.rpm libvirt-python-1.1.1-29.el7_0.3.s390x.rpm x86_64: libvirt-1.1.1-29.el7_0.3.x86_64.rpm libvirt-client-1.1.1-29.el7_0.3.i686.rpm libvirt-client-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.3.i686.rpm libvirt-devel-1.1.1-29.el7_0.3.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.3.x86_64.rpm libvirt-python-1.1.1-29.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libvirt-daemon-lxc-1.1.1-29.el7_0.3.ppc64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.ppc64.rpm libvirt-login-shell-1.1.1-29.el7_0.3.ppc64.rpm s390x: libvirt-daemon-lxc-1.1.1-29.el7_0.3.s390x.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.s390x.rpm libvirt-login-shell-1.1.1-29.el7_0.3.s390x.rpm x86_64: libvirt-daemon-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.3.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvirt-1.1.1-29.el7_0.3.src.rpm x86_64: libvirt-1.1.1-29.el7_0.3.x86_64.rpm libvirt-client-1.1.1-29.el7_0.3.i686.rpm libvirt-client-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.3.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.3.i686.rpm libvirt-devel-1.1.1-29.el7_0.3.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.3.x86_64.rpm libvirt-python-1.1.1-29.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvirt-daemon-lxc-1.1.1-29.el7_0.3.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.3.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.3.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3633.html https://www.redhat.com/security/data/cve/CVE-2014-3657.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFULFMyXlSAg2UNWIIRAgnlAJ4xpiSWFERj85UqA7221JplN7hIOgCfc0R0 HawDgpgRVnAPDKcCFPHFmxc= =OqRn -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 6 17:03:49 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 6 Oct 2014 17:03:49 +0000 Subject: [RHSA-2014:1359-01] Important: polkit-qt security update Message-ID: <201410061703.s96H3npx027670@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit-qt security update Advisory ID: RHSA-2014:1359-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1359.html Issue date: 2014-10-06 CVE Names: CVE-2014-5033 ===================================================================== 1. Summary: Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1094890 - CVE-2014-5033 polkit-qt: insecure calling of polkit 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: polkit-qt-0.103.0-10.el7_0.src.rpm x86_64: polkit-qt-0.103.0-10.el7_0.i686.rpm polkit-qt-0.103.0-10.el7_0.x86_64.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: polkit-qt-doc-0.103.0-10.el7_0.noarch.rpm x86_64: polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm polkit-qt-devel-0.103.0-10.el7_0.i686.rpm polkit-qt-devel-0.103.0-10.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: polkit-qt-0.103.0-10.el7_0.src.rpm x86_64: polkit-qt-0.103.0-10.el7_0.i686.rpm polkit-qt-0.103.0-10.el7_0.x86_64.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: polkit-qt-doc-0.103.0-10.el7_0.noarch.rpm x86_64: polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm polkit-qt-devel-0.103.0-10.el7_0.i686.rpm polkit-qt-devel-0.103.0-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: polkit-qt-0.103.0-10.el7_0.src.rpm x86_64: polkit-qt-0.103.0-10.el7_0.i686.rpm polkit-qt-0.103.0-10.el7_0.x86_64.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: polkit-qt-0.103.0-10.el7_0.src.rpm noarch: polkit-qt-doc-0.103.0-10.el7_0.noarch.rpm ppc64: polkit-qt-0.103.0-10.el7_0.ppc.rpm polkit-qt-0.103.0-10.el7_0.ppc64.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.ppc.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.ppc64.rpm polkit-qt-devel-0.103.0-10.el7_0.ppc.rpm polkit-qt-devel-0.103.0-10.el7_0.ppc64.rpm s390x: polkit-qt-0.103.0-10.el7_0.s390.rpm polkit-qt-0.103.0-10.el7_0.s390x.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.s390.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.s390x.rpm polkit-qt-devel-0.103.0-10.el7_0.s390.rpm polkit-qt-devel-0.103.0-10.el7_0.s390x.rpm x86_64: polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm polkit-qt-devel-0.103.0-10.el7_0.i686.rpm polkit-qt-devel-0.103.0-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: polkit-qt-0.103.0-10.el7_0.src.rpm x86_64: polkit-qt-0.103.0-10.el7_0.i686.rpm polkit-qt-0.103.0-10.el7_0.x86_64.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: polkit-qt-doc-0.103.0-10.el7_0.noarch.rpm x86_64: polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpm polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpm polkit-qt-devel-0.103.0-10.el7_0.i686.rpm polkit-qt-devel-0.103.0-10.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-5033.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUMstcXlSAg2UNWIIRAntOAJ98zdZZe2DO94YkSDF3yuUkG1NjHgCfYh/+ UzSK3g5uKhxwd+IE+HBuYtM= =miyB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 7 16:37:52 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Oct 2014 16:37:52 +0000 Subject: [RHSA-2014:1365-01] Important: kernel security and bug fix update Message-ID: <201410071637.s97GbqL9019830@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1365-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1365.html Issue date: 2014-10-07 CVE Names: CVE-2014-0205 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. (CVE-2014-0205, Important) The security impact of this issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bugs: * A rare race between the file system unmount code and the file system notification code could lead to a kernel panic. With this update, a series of patches has been applied to the kernel to prevent this problem. (BZ#1130628) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1131410) * Later Intel CPUs added a new "Condition Changed" bit to the MSR_CORE_PERF_GLOBAL_STATUS register. Previously, the kernel falsely assumed that this bit indicates a performance interrupt, which prevented other NMI handlers from running and executing. To fix this problem, a patch has been applied to the kernel to ignore this bit in the perf code, enabling other NMI handlers to run. (BZ#1134695) * Previously, certain network device drivers did not accept ethtool commands right after they were mounted. As a consequence, the current setting of the specified device driver was not applied and an error message was returned. The ETHTOOL_DELAY variable has been added, which makes sure the ethtool utility waits for some time before it tries to apply the options settings, thus fixing the bug. (BZ#1138300) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1094455 - CVE-2014-0205 kernel: futex: refcount issue in case of requeue 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: kernel-2.6.32-358.49.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.49.1.el6.noarch.rpm kernel-firmware-2.6.32-358.49.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.49.1.el6.x86_64.rpm kernel-debug-2.6.32-358.49.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.49.1.el6.x86_64.rpm kernel-devel-2.6.32-358.49.1.el6.x86_64.rpm kernel-headers-2.6.32-358.49.1.el6.x86_64.rpm perf-2.6.32-358.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: kernel-2.6.32-358.49.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm python-perf-2.6.32-358.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: kernel-2.6.32-358.49.1.el6.src.rpm i386: kernel-2.6.32-358.49.1.el6.i686.rpm kernel-debug-2.6.32-358.49.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.49.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.49.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.49.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.49.1.el6.i686.rpm kernel-devel-2.6.32-358.49.1.el6.i686.rpm kernel-headers-2.6.32-358.49.1.el6.i686.rpm perf-2.6.32-358.49.1.el6.i686.rpm perf-debuginfo-2.6.32-358.49.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.49.1.el6.noarch.rpm kernel-firmware-2.6.32-358.49.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.49.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.49.1.el6.ppc64.rpm kernel-debug-2.6.32-358.49.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.49.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.49.1.el6.ppc64.rpm kernel-devel-2.6.32-358.49.1.el6.ppc64.rpm kernel-headers-2.6.32-358.49.1.el6.ppc64.rpm perf-2.6.32-358.49.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.49.1.el6.s390x.rpm kernel-debug-2.6.32-358.49.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.49.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.49.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.49.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.49.1.el6.s390x.rpm kernel-devel-2.6.32-358.49.1.el6.s390x.rpm kernel-headers-2.6.32-358.49.1.el6.s390x.rpm kernel-kdump-2.6.32-358.49.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.49.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.49.1.el6.s390x.rpm perf-2.6.32-358.49.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.49.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.49.1.el6.x86_64.rpm kernel-debug-2.6.32-358.49.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.49.1.el6.x86_64.rpm kernel-devel-2.6.32-358.49.1.el6.x86_64.rpm kernel-headers-2.6.32-358.49.1.el6.x86_64.rpm perf-2.6.32-358.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: kernel-2.6.32-358.49.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.49.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.49.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.49.1.el6.i686.rpm perf-debuginfo-2.6.32-358.49.1.el6.i686.rpm python-perf-2.6.32-358.49.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.49.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm python-perf-2.6.32-358.49.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.49.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.49.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.49.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.49.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.49.1.el6.s390x.rpm python-perf-2.6.32-358.49.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm python-perf-2.6.32-358.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.49.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0205.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUNBabXlSAg2UNWIIRAkp/AJ4zadOWNLvjHGya+qSFWczAGUet9wCfRRDv +fMV1LT5ehvr5Cn8842Ej4U= =H1pM -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 10 03:48:35 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 10 Oct 2014 03:48:35 +0000 Subject: [RHSA-2014:1371-01] Important: nss security update Message-ID: <201410100340.s9A3e5Qo025337@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss security update Advisory ID: RHSA-2014:1371-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1371.html Issue date: 2014-10-10 CVE Names: CVE-2014-1568 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1145429 - CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73) 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: nss-3.12.10-10.el4.src.rpm i386: nss-3.12.10-10.el4.i386.rpm nss-debuginfo-3.12.10-10.el4.i386.rpm nss-devel-3.12.10-10.el4.i386.rpm nss-tools-3.12.10-10.el4.i386.rpm ia64: nss-3.12.10-10.el4.i386.rpm nss-3.12.10-10.el4.ia64.rpm nss-debuginfo-3.12.10-10.el4.i386.rpm nss-debuginfo-3.12.10-10.el4.ia64.rpm nss-devel-3.12.10-10.el4.ia64.rpm nss-tools-3.12.10-10.el4.ia64.rpm x86_64: nss-3.12.10-10.el4.i386.rpm nss-3.12.10-10.el4.x86_64.rpm nss-debuginfo-3.12.10-10.el4.i386.rpm nss-debuginfo-3.12.10-10.el4.x86_64.rpm nss-devel-3.12.10-10.el4.x86_64.rpm nss-tools-3.12.10-10.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: nss-3.12.10-10.el4.src.rpm i386: nss-3.12.10-10.el4.i386.rpm nss-debuginfo-3.12.10-10.el4.i386.rpm nss-devel-3.12.10-10.el4.i386.rpm nss-tools-3.12.10-10.el4.i386.rpm x86_64: nss-3.12.10-10.el4.i386.rpm nss-3.12.10-10.el4.x86_64.rpm nss-debuginfo-3.12.10-10.el4.i386.rpm nss-debuginfo-3.12.10-10.el4.x86_64.rpm nss-devel-3.12.10-10.el4.x86_64.rpm nss-tools-3.12.10-10.el4.x86_64.rpm Red Hat Enterprise Linux LL (v. 5.6 server): Source: nss-3.12.8-10.el5_6.src.rpm i386: nss-3.12.8-10.el5_6.i386.rpm nss-debuginfo-3.12.8-10.el5_6.i386.rpm nss-devel-3.12.8-10.el5_6.i386.rpm nss-pkcs11-devel-3.12.8-10.el5_6.i386.rpm nss-tools-3.12.8-10.el5_6.i386.rpm ia64: nss-3.12.8-10.el5_6.i386.rpm nss-3.12.8-10.el5_6.ia64.rpm nss-debuginfo-3.12.8-10.el5_6.i386.rpm nss-debuginfo-3.12.8-10.el5_6.ia64.rpm nss-devel-3.12.8-10.el5_6.ia64.rpm nss-pkcs11-devel-3.12.8-10.el5_6.ia64.rpm nss-tools-3.12.8-10.el5_6.ia64.rpm x86_64: nss-3.12.8-10.el5_6.i386.rpm nss-3.12.8-10.el5_6.x86_64.rpm nss-debuginfo-3.12.8-10.el5_6.i386.rpm nss-debuginfo-3.12.8-10.el5_6.x86_64.rpm nss-devel-3.12.8-10.el5_6.i386.rpm nss-devel-3.12.8-10.el5_6.x86_64.rpm nss-pkcs11-devel-3.12.8-10.el5_6.i386.rpm nss-pkcs11-devel-3.12.8-10.el5_6.x86_64.rpm nss-tools-3.12.8-10.el5_6.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: nss-3.14.3-10.el5_9.src.rpm i386: nss-3.14.3-10.el5_9.i386.rpm nss-debuginfo-3.14.3-10.el5_9.i386.rpm nss-devel-3.14.3-10.el5_9.i386.rpm nss-pkcs11-devel-3.14.3-10.el5_9.i386.rpm nss-tools-3.14.3-10.el5_9.i386.rpm ia64: nss-3.14.3-10.el5_9.i386.rpm nss-3.14.3-10.el5_9.ia64.rpm nss-debuginfo-3.14.3-10.el5_9.i386.rpm nss-debuginfo-3.14.3-10.el5_9.ia64.rpm nss-devel-3.14.3-10.el5_9.ia64.rpm nss-pkcs11-devel-3.14.3-10.el5_9.ia64.rpm nss-tools-3.14.3-10.el5_9.ia64.rpm ppc: nss-3.14.3-10.el5_9.ppc.rpm nss-3.14.3-10.el5_9.ppc64.rpm nss-debuginfo-3.14.3-10.el5_9.ppc.rpm nss-debuginfo-3.14.3-10.el5_9.ppc64.rpm nss-devel-3.14.3-10.el5_9.ppc.rpm nss-devel-3.14.3-10.el5_9.ppc64.rpm nss-pkcs11-devel-3.14.3-10.el5_9.ppc.rpm nss-pkcs11-devel-3.14.3-10.el5_9.ppc64.rpm nss-tools-3.14.3-10.el5_9.ppc.rpm s390x: nss-3.14.3-10.el5_9.s390.rpm nss-3.14.3-10.el5_9.s390x.rpm nss-debuginfo-3.14.3-10.el5_9.s390.rpm nss-debuginfo-3.14.3-10.el5_9.s390x.rpm nss-devel-3.14.3-10.el5_9.s390.rpm nss-devel-3.14.3-10.el5_9.s390x.rpm nss-pkcs11-devel-3.14.3-10.el5_9.s390.rpm nss-pkcs11-devel-3.14.3-10.el5_9.s390x.rpm nss-tools-3.14.3-10.el5_9.s390x.rpm x86_64: nss-3.14.3-10.el5_9.i386.rpm nss-3.14.3-10.el5_9.x86_64.rpm nss-debuginfo-3.14.3-10.el5_9.i386.rpm nss-debuginfo-3.14.3-10.el5_9.x86_64.rpm nss-devel-3.14.3-10.el5_9.i386.rpm nss-devel-3.14.3-10.el5_9.x86_64.rpm nss-pkcs11-devel-3.14.3-10.el5_9.i386.rpm nss-pkcs11-devel-3.14.3-10.el5_9.x86_64.rpm nss-tools-3.14.3-10.el5_9.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: nss-3.14.3-8.el6_4.src.rpm nss-softokn-3.14.3-4.el6_4.src.rpm nss-util-3.14.3-4.el6_4.src.rpm x86_64: nss-3.14.3-8.el6_4.i686.rpm nss-3.14.3-8.el6_4.x86_64.rpm nss-debuginfo-3.14.3-8.el6_4.i686.rpm nss-debuginfo-3.14.3-8.el6_4.x86_64.rpm nss-softokn-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-4.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-4.el6_4.i686.rpm nss-softokn-freebl-3.14.3-4.el6_4.x86_64.rpm nss-sysinit-3.14.3-8.el6_4.x86_64.rpm nss-tools-3.14.3-8.el6_4.x86_64.rpm nss-util-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-4.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-4.el6_4.i686.rpm nss-util-debuginfo-3.14.3-4.el6_4.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: nss-3.14.3-8.el6_4.src.rpm nss-softokn-3.14.3-4.el6_4.src.rpm nss-util-3.14.3-4.el6_4.src.rpm x86_64: nss-debuginfo-3.14.3-8.el6_4.i686.rpm nss-debuginfo-3.14.3-8.el6_4.x86_64.rpm nss-devel-3.14.3-8.el6_4.i686.rpm nss-devel-3.14.3-8.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-8.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-8.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-4.el6_4.i686.rpm nss-util-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-util-devel-3.14.3-4.el6_4.i686.rpm nss-util-devel-3.14.3-4.el6_4.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: nss-3.13.1-11.el6_2.src.rpm nss-softokn-3.12.9-12.el6_2.src.rpm nss-util-3.13.1-6.el6_2.src.rpm x86_64: nss-3.13.1-11.el6_2.i686.rpm nss-3.13.1-11.el6_2.x86_64.rpm nss-debuginfo-3.13.1-11.el6_2.i686.rpm nss-debuginfo-3.13.1-11.el6_2.x86_64.rpm nss-devel-3.13.1-11.el6_2.i686.rpm nss-devel-3.13.1-11.el6_2.x86_64.rpm nss-softokn-3.12.9-12.el6_2.i686.rpm nss-softokn-3.12.9-12.el6_2.x86_64.rpm nss-softokn-debuginfo-3.12.9-12.el6_2.i686.rpm nss-softokn-debuginfo-3.12.9-12.el6_2.x86_64.rpm nss-softokn-devel-3.12.9-12.el6_2.i686.rpm nss-softokn-devel-3.12.9-12.el6_2.x86_64.rpm nss-softokn-freebl-3.12.9-12.el6_2.i686.rpm nss-softokn-freebl-3.12.9-12.el6_2.x86_64.rpm nss-softokn-freebl-devel-3.12.9-12.el6_2.i686.rpm nss-softokn-freebl-devel-3.12.9-12.el6_2.x86_64.rpm nss-sysinit-3.13.1-11.el6_2.x86_64.rpm nss-tools-3.13.1-11.el6_2.x86_64.rpm nss-util-3.13.1-6.el6_2.i686.rpm nss-util-3.13.1-6.el6_2.x86_64.rpm nss-util-debuginfo-3.13.1-6.el6_2.i686.rpm nss-util-debuginfo-3.13.1-6.el6_2.x86_64.rpm nss-util-devel-3.13.1-6.el6_2.i686.rpm nss-util-devel-3.13.1-6.el6_2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: nss-3.14.3-8.el6_4.src.rpm nss-softokn-3.14.3-4.el6_4.src.rpm nss-util-3.14.3-4.el6_4.src.rpm i386: nss-3.14.3-8.el6_4.i686.rpm nss-debuginfo-3.14.3-8.el6_4.i686.rpm nss-devel-3.14.3-8.el6_4.i686.rpm nss-softokn-3.14.3-4.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.i686.rpm nss-softokn-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-freebl-3.14.3-4.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.i686.rpm nss-sysinit-3.14.3-8.el6_4.i686.rpm nss-tools-3.14.3-8.el6_4.i686.rpm nss-util-3.14.3-4.el6_4.i686.rpm nss-util-debuginfo-3.14.3-4.el6_4.i686.rpm nss-util-devel-3.14.3-4.el6_4.i686.rpm ppc64: nss-3.14.3-8.el6_4.ppc.rpm nss-3.14.3-8.el6_4.ppc64.rpm nss-debuginfo-3.14.3-8.el6_4.ppc.rpm nss-debuginfo-3.14.3-8.el6_4.ppc64.rpm nss-devel-3.14.3-8.el6_4.ppc.rpm nss-devel-3.14.3-8.el6_4.ppc64.rpm nss-softokn-3.14.3-4.el6_4.ppc.rpm nss-softokn-3.14.3-4.el6_4.ppc64.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.ppc.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.ppc64.rpm nss-softokn-devel-3.14.3-4.el6_4.ppc.rpm nss-softokn-devel-3.14.3-4.el6_4.ppc64.rpm nss-softokn-freebl-3.14.3-4.el6_4.ppc.rpm nss-softokn-freebl-3.14.3-4.el6_4.ppc64.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.ppc.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.ppc64.rpm nss-sysinit-3.14.3-8.el6_4.ppc64.rpm nss-tools-3.14.3-8.el6_4.ppc64.rpm nss-util-3.14.3-4.el6_4.ppc.rpm nss-util-3.14.3-4.el6_4.ppc64.rpm nss-util-debuginfo-3.14.3-4.el6_4.ppc.rpm nss-util-debuginfo-3.14.3-4.el6_4.ppc64.rpm nss-util-devel-3.14.3-4.el6_4.ppc.rpm nss-util-devel-3.14.3-4.el6_4.ppc64.rpm s390x: nss-3.14.3-8.el6_4.s390.rpm nss-3.14.3-8.el6_4.s390x.rpm nss-debuginfo-3.14.3-8.el6_4.s390.rpm nss-debuginfo-3.14.3-8.el6_4.s390x.rpm nss-devel-3.14.3-8.el6_4.s390.rpm nss-devel-3.14.3-8.el6_4.s390x.rpm nss-softokn-3.14.3-4.el6_4.s390.rpm nss-softokn-3.14.3-4.el6_4.s390x.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.s390.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.s390x.rpm nss-softokn-devel-3.14.3-4.el6_4.s390.rpm nss-softokn-devel-3.14.3-4.el6_4.s390x.rpm nss-softokn-freebl-3.14.3-4.el6_4.s390.rpm nss-softokn-freebl-3.14.3-4.el6_4.s390x.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.s390.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.s390x.rpm nss-sysinit-3.14.3-8.el6_4.s390x.rpm nss-tools-3.14.3-8.el6_4.s390x.rpm nss-util-3.14.3-4.el6_4.s390.rpm nss-util-3.14.3-4.el6_4.s390x.rpm nss-util-debuginfo-3.14.3-4.el6_4.s390.rpm nss-util-debuginfo-3.14.3-4.el6_4.s390x.rpm nss-util-devel-3.14.3-4.el6_4.s390.rpm nss-util-devel-3.14.3-4.el6_4.s390x.rpm x86_64: nss-3.14.3-8.el6_4.i686.rpm nss-3.14.3-8.el6_4.x86_64.rpm nss-debuginfo-3.14.3-8.el6_4.i686.rpm nss-debuginfo-3.14.3-8.el6_4.x86_64.rpm nss-devel-3.14.3-8.el6_4.i686.rpm nss-devel-3.14.3-8.el6_4.x86_64.rpm nss-softokn-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-4.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-4.el6_4.i686.rpm nss-softokn-freebl-3.14.3-4.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-4.el6_4.x86_64.rpm nss-sysinit-3.14.3-8.el6_4.x86_64.rpm nss-tools-3.14.3-8.el6_4.x86_64.rpm nss-util-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-4.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-4.el6_4.i686.rpm nss-util-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-util-devel-3.14.3-4.el6_4.i686.rpm nss-util-devel-3.14.3-4.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: nss-3.13.1-11.el6_2.src.rpm x86_64: nss-debuginfo-3.13.1-11.el6_2.i686.rpm nss-debuginfo-3.13.1-11.el6_2.x86_64.rpm nss-pkcs11-devel-3.13.1-11.el6_2.i686.rpm nss-pkcs11-devel-3.13.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: nss-3.14.3-8.el6_4.src.rpm i386: nss-debuginfo-3.14.3-8.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-8.el6_4.i686.rpm ppc64: nss-debuginfo-3.14.3-8.el6_4.ppc.rpm nss-debuginfo-3.14.3-8.el6_4.ppc64.rpm nss-pkcs11-devel-3.14.3-8.el6_4.ppc.rpm nss-pkcs11-devel-3.14.3-8.el6_4.ppc64.rpm s390x: nss-debuginfo-3.14.3-8.el6_4.s390.rpm nss-debuginfo-3.14.3-8.el6_4.s390x.rpm nss-pkcs11-devel-3.14.3-8.el6_4.s390.rpm nss-pkcs11-devel-3.14.3-8.el6_4.s390x.rpm x86_64: nss-debuginfo-3.14.3-8.el6_4.i686.rpm nss-debuginfo-3.14.3-8.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-8.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-8.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-1568.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUN1T/XlSAg2UNWIIRApOjAJ4vCR5tJWQOAR9N0X5mBJJh4ByqswCePxeG PeV6zAFxyyCxlnjE7Ih/ZDI= =LAQJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 13 21:11:47 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Oct 2014 21:11:47 +0000 Subject: [RHSA-2014:1397-01] Important: rsyslog security update Message-ID: <201410132111.s9DLBmlX010538@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rsyslog security update Advisory ID: RHSA-2014:1397-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1397.html Issue date: 2014-10-13 CVE Names: CVE-2014-3634 ===================================================================== 1. Summary: Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1142373 - CVE-2014-3634 rsyslog: remote syslog PRI vulnerability 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: rsyslog-7.4.7-7.el7_0.src.rpm x86_64: rsyslog-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: rsyslog-7.4.7-7.el7_0.src.rpm x86_64: rsyslog-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: rsyslog-7.4.7-7.el7_0.src.rpm ppc64: rsyslog-7.4.7-7.el7_0.ppc64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.ppc64.rpm rsyslog-gnutls-7.4.7-7.el7_0.ppc64.rpm rsyslog-gssapi-7.4.7-7.el7_0.ppc64.rpm rsyslog-mysql-7.4.7-7.el7_0.ppc64.rpm rsyslog-pgsql-7.4.7-7.el7_0.ppc64.rpm rsyslog-relp-7.4.7-7.el7_0.ppc64.rpm s390x: rsyslog-7.4.7-7.el7_0.s390x.rpm rsyslog-debuginfo-7.4.7-7.el7_0.s390x.rpm rsyslog-gnutls-7.4.7-7.el7_0.s390x.rpm rsyslog-gssapi-7.4.7-7.el7_0.s390x.rpm rsyslog-mysql-7.4.7-7.el7_0.s390x.rpm rsyslog-pgsql-7.4.7-7.el7_0.s390x.rpm rsyslog-relp-7.4.7-7.el7_0.s390x.rpm x86_64: rsyslog-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: rsyslog-crypto-7.4.7-7.el7_0.ppc64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.ppc64.rpm rsyslog-doc-7.4.7-7.el7_0.ppc64.rpm rsyslog-elasticsearch-7.4.7-7.el7_0.ppc64.rpm rsyslog-libdbi-7.4.7-7.el7_0.ppc64.rpm rsyslog-mmaudit-7.4.7-7.el7_0.ppc64.rpm rsyslog-mmjsonparse-7.4.7-7.el7_0.ppc64.rpm rsyslog-mmnormalize-7.4.7-7.el7_0.ppc64.rpm rsyslog-mmsnmptrapd-7.4.7-7.el7_0.ppc64.rpm rsyslog-snmp-7.4.7-7.el7_0.ppc64.rpm rsyslog-udpspoof-7.4.7-7.el7_0.ppc64.rpm s390x: rsyslog-crypto-7.4.7-7.el7_0.s390x.rpm rsyslog-debuginfo-7.4.7-7.el7_0.s390x.rpm rsyslog-doc-7.4.7-7.el7_0.s390x.rpm rsyslog-elasticsearch-7.4.7-7.el7_0.s390x.rpm rsyslog-libdbi-7.4.7-7.el7_0.s390x.rpm rsyslog-mmaudit-7.4.7-7.el7_0.s390x.rpm rsyslog-mmjsonparse-7.4.7-7.el7_0.s390x.rpm rsyslog-mmnormalize-7.4.7-7.el7_0.s390x.rpm rsyslog-mmsnmptrapd-7.4.7-7.el7_0.s390x.rpm rsyslog-snmp-7.4.7-7.el7_0.s390x.rpm rsyslog-udpspoof-7.4.7-7.el7_0.s390x.rpm x86_64: rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: rsyslog-7.4.7-7.el7_0.src.rpm x86_64: rsyslog-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3634.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPD/lXlSAg2UNWIIRAo1FAKCZg2VCQChSnmJ3FyrAyTzfUEkLggCgpLID 2N3ucjPeIgSpeqWObHYKOYc= =oa+h -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 04:56:57 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 04:56:57 +0000 Subject: [RHSA-2014:1388-02] Moderate: cups security and bug fix update Message-ID: <201410140448.s9E4mNNe012714@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2014:1388-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1388.html Issue date: 2014-10-14 CVE Names: CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 ===================================================================== 1. Summary: Updated cups packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. (CVE-2014-2856) It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031) The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security. These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 978387 - Bad IPP responses with version 2.0 (collection handling bug) 1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide 1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release 1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation 1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537 1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack 1128767 - CVE-2014-5031 cups: world-readable permissions 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: cups-1.4.2-67.el6.src.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm ppc64: cups-1.4.2-67.el6.ppc64.rpm cups-debuginfo-1.4.2-67.el6.ppc.rpm cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-devel-1.4.2-67.el6.ppc.rpm cups-devel-1.4.2-67.el6.ppc64.rpm cups-libs-1.4.2-67.el6.ppc.rpm cups-libs-1.4.2-67.el6.ppc64.rpm cups-lpd-1.4.2-67.el6.ppc64.rpm s390x: cups-1.4.2-67.el6.s390x.rpm cups-debuginfo-1.4.2-67.el6.s390.rpm cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-devel-1.4.2-67.el6.s390.rpm cups-devel-1.4.2-67.el6.s390x.rpm cups-libs-1.4.2-67.el6.s390.rpm cups-libs-1.4.2-67.el6.s390x.rpm cups-lpd-1.4.2-67.el6.s390x.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm ppc64: cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-php-1.4.2-67.el6.ppc64.rpm s390x: cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-php-1.4.2-67.el6.s390x.rpm x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-2856.html https://www.redhat.com/security/data/cve/CVE-2014-3537.html https://www.redhat.com/security/data/cve/CVE-2014-5029.html https://www.redhat.com/security/data/cve/CVE-2014-5030.html https://www.redhat.com/security/data/cve/CVE-2014-5031.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKsIXlSAg2UNWIIRApSvAJ9WxP5yQ+v5GDRGnSINYq0Pro0AoQCfXZqW WjIIQcBG+Sou8Is2vIFlLok= =5S/K -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 04:58:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 04:58:07 +0000 Subject: [RHSA-2014:1389-02] Moderate: krb5 security and bug fix update Message-ID: <201410140449.s9E4nYoi003104@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security and bug fix update Advisory ID: RHSA-2014:1389-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1389.html Issue date: 2014-10-14 CVE Names: CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1001961 - Wrong obsoletes in krb5-pkinit-openssl 1009389 - service krb5kdc start unable to get default realm 1026942 - CVE-2013-1418 krb5: multi-realm KDC null dereference leads to crash 1031499 - CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) 1059730 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1087068 - 0006526: GSS api stopped working properly after krb5 update 1113652 - trusted domain logins cannot find KDC for requested realm 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: krb5-1.10.3-33.el6.src.rpm i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-pkinit-openssl-1.10.3-33.el6.i686.rpm krb5-workstation-1.10.3-33.el6.i686.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-server-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: krb5-1.10.3-33.el6.src.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: krb5-1.10.3-33.el6.src.rpm i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-pkinit-openssl-1.10.3-33.el6.i686.rpm krb5-server-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-workstation-1.10.3-33.el6.i686.rpm ppc64: krb5-debuginfo-1.10.3-33.el6.ppc.rpm krb5-debuginfo-1.10.3-33.el6.ppc64.rpm krb5-devel-1.10.3-33.el6.ppc.rpm krb5-devel-1.10.3-33.el6.ppc64.rpm krb5-libs-1.10.3-33.el6.ppc.rpm krb5-libs-1.10.3-33.el6.ppc64.rpm krb5-pkinit-openssl-1.10.3-33.el6.ppc64.rpm krb5-server-1.10.3-33.el6.ppc64.rpm krb5-server-ldap-1.10.3-33.el6.ppc.rpm krb5-server-ldap-1.10.3-33.el6.ppc64.rpm krb5-workstation-1.10.3-33.el6.ppc64.rpm s390x: krb5-debuginfo-1.10.3-33.el6.s390.rpm krb5-debuginfo-1.10.3-33.el6.s390x.rpm krb5-devel-1.10.3-33.el6.s390.rpm krb5-devel-1.10.3-33.el6.s390x.rpm krb5-libs-1.10.3-33.el6.s390.rpm krb5-libs-1.10.3-33.el6.s390x.rpm krb5-pkinit-openssl-1.10.3-33.el6.s390x.rpm krb5-server-1.10.3-33.el6.s390x.rpm krb5-server-ldap-1.10.3-33.el6.s390.rpm krb5-server-ldap-1.10.3-33.el6.s390x.rpm krb5-workstation-1.10.3-33.el6.s390x.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: krb5-1.10.3-33.el6.src.rpm i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-pkinit-openssl-1.10.3-33.el6.i686.rpm krb5-server-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-workstation-1.10.3-33.el6.i686.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1418.html https://www.redhat.com/security/data/cve/CVE-2013-6800.html https://www.redhat.com/security/data/cve/CVE-2014-4341.html https://www.redhat.com/security/data/cve/CVE-2014-4342.html https://www.redhat.com/security/data/cve/CVE-2014-4343.html https://www.redhat.com/security/data/cve/CVE-2014-4344.html https://www.redhat.com/security/data/cve/CVE-2014-4345.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/krb5.html#RHSA-2014-1389 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKtIXlSAg2UNWIIRAvWWAKCIPvD42qwV6OJacP3t/NqhesvYDQCgwaB6 OijTyj8pzslkZpZbdIFkl6E= =ZvXN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 04:59:10 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 04:59:10 +0000 Subject: [RHSA-2014:1390-02] Moderate: luci security, bug fix, and enhancement update Message-ID: <201410140450.s9E4obUO003678@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: luci security, bug fix, and enhancement update Advisory ID: RHSA-2014:1390-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1390.html Issue date: 2014-10-14 CVE Names: CVE-2014-3593 ===================================================================== 1. Summary: Updated luci packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64 3. Description: Luci is a web-based high availability administration application. It was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci. (CVE-2014-3593) This issue was discovered by Jan Pokorn? of Red Hat. These updated luci packages also include several bug fixes and multiple enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 855112 - Encode XML-unsafe characters from user input as XML entities 982771 - luci vs. sessions: check length of secret on startup 989005 - CVE-2014-3593 luci: privilege escalation through cluster with specially crafted configuration 1026374 - Add a custom luci launcher allowing sane Python runtime + SELinux coexistence 1100817 - luci to cope with virtual machine in both plain and service-like resource (incl. complex defs in cluster.conf) 1117398 - Sync luci with recent changes in the schema for RHEL 6.6 (RAs, FAs, rgmanager, fenced, ...) 6. Package List: Red Hat Enterprise Linux High Availability (v. 6): Source: luci-0.26.0-63.el6.src.rpm i386: luci-0.26.0-63.el6.i686.rpm luci-debuginfo-0.26.0-63.el6.i686.rpm x86_64: luci-0.26.0-63.el6.x86_64.rpm luci-debuginfo-0.26.0-63.el6.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 6): Source: luci-0.26.0-63.el6.src.rpm i386: luci-0.26.0-63.el6.i686.rpm luci-debuginfo-0.26.0-63.el6.i686.rpm x86_64: luci-0.26.0-63.el6.x86_64.rpm luci-debuginfo-0.26.0-63.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3593.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/luci.html#RHSA-2014-1390 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKt2XlSAg2UNWIIRAuiaAKCDBBWeRR8ptKbXqtk/DD4cDObohgCeP4Po 2qIYoUbfGUHiCW/nfsCjZzQ= =gw8U -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 05:00:04 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 05:00:04 +0000 Subject: [RHSA-2014:1391-02] Moderate: glibc security, bug fix, and enhancement update Message-ID: <201410140451.s9E4pVAD027537@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2014:1391-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1391.html Issue date: 2014-10-14 CVE Names: CVE-2013-4237 CVE-2013-4458 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-4458) These updated glibc packages also include several bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 905941 - Fix memory fencing error in unwind-forcedunwind.c 981942 - ping6 with idn causes crash 995839 - CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters 1022280 - CVE-2013-4458 glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 1032628 - Symbol lookup in elf/dl-lookup.c results in returning wrong values 1043557 - nscd segfaults when running sudo with netgroup caching enabled. 1044628 - getaddrinfo return EAI_NONAME instead of EAI_AGAIN in case the DNS query times out 1087833 - nscd-2.12-1.132.el6 enters busy loop on long netgroup entry via nss_ldap of nslcd 1099025 - ftime() possibly broken on ppc 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.149.el6.src.rpm i386: glibc-2.12-1.149.el6.i686.rpm glibc-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-devel-2.12-1.149.el6.i686.rpm glibc-headers-2.12-1.149.el6.i686.rpm glibc-utils-2.12-1.149.el6.i686.rpm nscd-2.12-1.149.el6.i686.rpm x86_64: glibc-2.12-1.149.el6.i686.rpm glibc-2.12-1.149.el6.x86_64.rpm glibc-common-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-devel-2.12-1.149.el6.i686.rpm glibc-devel-2.12-1.149.el6.x86_64.rpm glibc-headers-2.12-1.149.el6.x86_64.rpm glibc-utils-2.12-1.149.el6.x86_64.rpm nscd-2.12-1.149.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-static-2.12-1.149.el6.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-static-2.12-1.149.el6.i686.rpm glibc-static-2.12-1.149.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.149.el6.src.rpm x86_64: glibc-2.12-1.149.el6.i686.rpm glibc-2.12-1.149.el6.x86_64.rpm glibc-common-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-devel-2.12-1.149.el6.i686.rpm glibc-devel-2.12-1.149.el6.x86_64.rpm glibc-headers-2.12-1.149.el6.x86_64.rpm glibc-utils-2.12-1.149.el6.x86_64.rpm nscd-2.12-1.149.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-static-2.12-1.149.el6.i686.rpm glibc-static-2.12-1.149.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.149.el6.src.rpm i386: glibc-2.12-1.149.el6.i686.rpm glibc-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-devel-2.12-1.149.el6.i686.rpm glibc-headers-2.12-1.149.el6.i686.rpm glibc-utils-2.12-1.149.el6.i686.rpm nscd-2.12-1.149.el6.i686.rpm ppc64: glibc-2.12-1.149.el6.ppc.rpm glibc-2.12-1.149.el6.ppc64.rpm glibc-common-2.12-1.149.el6.ppc64.rpm glibc-debuginfo-2.12-1.149.el6.ppc.rpm glibc-debuginfo-2.12-1.149.el6.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6.ppc64.rpm glibc-devel-2.12-1.149.el6.ppc.rpm glibc-devel-2.12-1.149.el6.ppc64.rpm glibc-headers-2.12-1.149.el6.ppc64.rpm glibc-utils-2.12-1.149.el6.ppc64.rpm nscd-2.12-1.149.el6.ppc64.rpm s390x: glibc-2.12-1.149.el6.s390.rpm glibc-2.12-1.149.el6.s390x.rpm glibc-common-2.12-1.149.el6.s390x.rpm glibc-debuginfo-2.12-1.149.el6.s390.rpm glibc-debuginfo-2.12-1.149.el6.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6.s390.rpm glibc-debuginfo-common-2.12-1.149.el6.s390x.rpm glibc-devel-2.12-1.149.el6.s390.rpm glibc-devel-2.12-1.149.el6.s390x.rpm glibc-headers-2.12-1.149.el6.s390x.rpm glibc-utils-2.12-1.149.el6.s390x.rpm nscd-2.12-1.149.el6.s390x.rpm x86_64: glibc-2.12-1.149.el6.i686.rpm glibc-2.12-1.149.el6.x86_64.rpm glibc-common-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-devel-2.12-1.149.el6.i686.rpm glibc-devel-2.12-1.149.el6.x86_64.rpm glibc-headers-2.12-1.149.el6.x86_64.rpm glibc-utils-2.12-1.149.el6.x86_64.rpm nscd-2.12-1.149.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-static-2.12-1.149.el6.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6.ppc.rpm glibc-debuginfo-2.12-1.149.el6.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6.ppc64.rpm glibc-static-2.12-1.149.el6.ppc.rpm glibc-static-2.12-1.149.el6.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6.s390.rpm glibc-debuginfo-2.12-1.149.el6.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6.s390.rpm glibc-debuginfo-common-2.12-1.149.el6.s390x.rpm glibc-static-2.12-1.149.el6.s390.rpm glibc-static-2.12-1.149.el6.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-static-2.12-1.149.el6.i686.rpm glibc-static-2.12-1.149.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.149.el6.src.rpm i386: glibc-2.12-1.149.el6.i686.rpm glibc-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-devel-2.12-1.149.el6.i686.rpm glibc-headers-2.12-1.149.el6.i686.rpm glibc-utils-2.12-1.149.el6.i686.rpm nscd-2.12-1.149.el6.i686.rpm x86_64: glibc-2.12-1.149.el6.i686.rpm glibc-2.12-1.149.el6.x86_64.rpm glibc-common-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-devel-2.12-1.149.el6.i686.rpm glibc-devel-2.12-1.149.el6.x86_64.rpm glibc-headers-2.12-1.149.el6.x86_64.rpm glibc-utils-2.12-1.149.el6.x86_64.rpm nscd-2.12-1.149.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-static-2.12-1.149.el6.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6.i686.rpm glibc-debuginfo-2.12-1.149.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6.i686.rpm glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm glibc-static-2.12-1.149.el6.i686.rpm glibc-static-2.12-1.149.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4237.html https://www.redhat.com/security/data/cve/CVE-2013-4458.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/glibc.html#RHSA-2014-1391 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKvOXlSAg2UNWIIRAjr3AJ9YaCgw4xG5+kbb4lkT/sBqaNTQ3wCfYPUP etQwr5zR/MUtSI4S8YnS9RM= =ILB0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 05:02:08 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 05:02:08 +0000 Subject: [RHSA-2014:1392-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201410140453.s9E4rZvH028906@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2014:1392-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1392.html Issue date: 2014-10-14 CVE Names: CVE-2013-2596 CVE-2013-4483 CVE-2014-0181 CVE-2014-3122 CVE-2014-3601 CVE-2014-4608 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-5045 CVE-2014-5077 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of Red Hat. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 739866 - checkpolicy cannot parse /selinux/policy on ppc64 and s390x 786463 - nfs mount hangs when kerberos ticket expires 889471 - [Btrfs] BUG: unable to handle kernel NULL pointer dereference at (null) btrfs_get_sb should return error when open_ctree failed 915862 - The sync mount option does not work for NFSv4 mounts in RHEL6 997651 - possible recursive locking detected 998024 - nfsd sometimes grants delegations too soon following conflicting open requests 1010882 - kvm: backport "Improve create VCPU parameter" 1024854 - CVE-2013-4483 kernel: ipc: ipc_rcu_putref refcount races 1027480 - alb_send_learning_packets using an obsolete EtherType 1030411 - resizing thin-snapshot with external origin should return zeros behind origin's end 1031488 - Restore the mask bit correctly in eoi_ioapic_irq() 1034490 - CVE-2013-2596 kernel: integer overflow in fb_mmap 1036972 - use after free in new nfsd DRC code 1044438 - cifs: Unable to append to an existing file in cache=none mode. 1059496 - KVM: x86 emulator: Implement jmp far opcode ff/5 1063836 - kvm: 23090: cpu0 unhandled wrmsr 0x391 data 2000000f 1065304 - kernel/sched: incorrect setup of sched_group->cpu_power for NUMA systems 1069028 - ixgbevf prematurely strips VLAN tags 1072373 - Along with the increase of vCPUs in guest, and guest OS will spend more time to boot up in specified machine. 1077463 - gfs2: quotas not refreshed in gfs2_adjust_quota 1090423 - Data integrity issue on rebuilding RAID 6 with 100MB resync speed 1093076 - CVE-2014-3122 Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking 1094265 - CVE-2014-0181 kernel: net: insufficient permision checks of netlink messages 1095627 - missing vhost schedule causing thread starvation 1100523 - ext4 filesystem option 'max_batch_time' actually displays 'min_batch_time' in /proc/mounts 1113409 - CVE-2014-4653 Kernel: ALSA: control: do not access controls outside of protected regions 1113445 - CVE-2014-4654 CVE-2014-4655 Kernel: ALSA: control: use-after-free in replacing user controls 1113899 - CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow 1118123 - [Hyper-V][REHL 6.6] fcopy large file from host to guest failed 1122472 - CVE-2014-5045 kernel: vfs: refcount issues during unmount on symlink 1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions 1124351 - raid1 Data corruption after recovery with bitmap 1127231 - dmeventd hanging while handling lost leg in RAID1 LV 1131951 - CVE-2014-3601 kernel: kvm: invalid parameter passing in kvm_iommu_map_pages() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-504.el6.src.rpm i386: kernel-2.6.32-504.el6.i686.rpm kernel-debug-2.6.32-504.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.el6.i686.rpm kernel-debug-devel-2.6.32-504.el6.i686.rpm kernel-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.el6.i686.rpm kernel-devel-2.6.32-504.el6.i686.rpm kernel-headers-2.6.32-504.el6.i686.rpm perf-2.6.32-504.el6.i686.rpm perf-debuginfo-2.6.32-504.el6.i686.rpm python-perf-debuginfo-2.6.32-504.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.el6.noarch.rpm kernel-doc-2.6.32-504.el6.noarch.rpm kernel-firmware-2.6.32-504.el6.noarch.rpm x86_64: kernel-2.6.32-504.el6.x86_64.rpm kernel-debug-2.6.32-504.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm kernel-devel-2.6.32-504.el6.x86_64.rpm kernel-headers-2.6.32-504.el6.x86_64.rpm perf-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.el6.i686.rpm perf-debuginfo-2.6.32-504.el6.i686.rpm python-perf-2.6.32-504.el6.i686.rpm python-perf-debuginfo-2.6.32-504.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-504.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.el6.noarch.rpm kernel-doc-2.6.32-504.el6.noarch.rpm kernel-firmware-2.6.32-504.el6.noarch.rpm x86_64: kernel-2.6.32-504.el6.x86_64.rpm kernel-debug-2.6.32-504.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm kernel-devel-2.6.32-504.el6.x86_64.rpm kernel-headers-2.6.32-504.el6.x86_64.rpm perf-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-504.el6.src.rpm i386: kernel-2.6.32-504.el6.i686.rpm kernel-debug-2.6.32-504.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.el6.i686.rpm kernel-debug-devel-2.6.32-504.el6.i686.rpm kernel-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.el6.i686.rpm kernel-devel-2.6.32-504.el6.i686.rpm kernel-headers-2.6.32-504.el6.i686.rpm perf-2.6.32-504.el6.i686.rpm perf-debuginfo-2.6.32-504.el6.i686.rpm python-perf-debuginfo-2.6.32-504.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.el6.noarch.rpm kernel-doc-2.6.32-504.el6.noarch.rpm kernel-firmware-2.6.32-504.el6.noarch.rpm ppc64: kernel-2.6.32-504.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.el6.ppc64.rpm kernel-debug-2.6.32-504.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.el6.ppc64.rpm kernel-devel-2.6.32-504.el6.ppc64.rpm kernel-headers-2.6.32-504.el6.ppc64.rpm perf-2.6.32-504.el6.ppc64.rpm perf-debuginfo-2.6.32-504.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.el6.ppc64.rpm s390x: kernel-2.6.32-504.el6.s390x.rpm kernel-debug-2.6.32-504.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.el6.s390x.rpm kernel-debug-devel-2.6.32-504.el6.s390x.rpm kernel-debuginfo-2.6.32-504.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.el6.s390x.rpm kernel-devel-2.6.32-504.el6.s390x.rpm kernel-headers-2.6.32-504.el6.s390x.rpm kernel-kdump-2.6.32-504.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.el6.s390x.rpm perf-2.6.32-504.el6.s390x.rpm perf-debuginfo-2.6.32-504.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.el6.s390x.rpm x86_64: kernel-2.6.32-504.el6.x86_64.rpm kernel-debug-2.6.32-504.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm kernel-devel-2.6.32-504.el6.x86_64.rpm kernel-headers-2.6.32-504.el6.x86_64.rpm perf-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.el6.i686.rpm perf-debuginfo-2.6.32-504.el6.i686.rpm python-perf-2.6.32-504.el6.i686.rpm python-perf-debuginfo-2.6.32-504.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.el6.ppc64.rpm perf-debuginfo-2.6.32-504.el6.ppc64.rpm python-perf-2.6.32-504.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.el6.s390x.rpm kernel-debuginfo-2.6.32-504.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.el6.s390x.rpm perf-debuginfo-2.6.32-504.el6.s390x.rpm python-perf-2.6.32-504.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-504.el6.src.rpm i386: kernel-2.6.32-504.el6.i686.rpm kernel-debug-2.6.32-504.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.el6.i686.rpm kernel-debug-devel-2.6.32-504.el6.i686.rpm kernel-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.el6.i686.rpm kernel-devel-2.6.32-504.el6.i686.rpm kernel-headers-2.6.32-504.el6.i686.rpm perf-2.6.32-504.el6.i686.rpm perf-debuginfo-2.6.32-504.el6.i686.rpm python-perf-debuginfo-2.6.32-504.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.el6.noarch.rpm kernel-doc-2.6.32-504.el6.noarch.rpm kernel-firmware-2.6.32-504.el6.noarch.rpm x86_64: kernel-2.6.32-504.el6.x86_64.rpm kernel-debug-2.6.32-504.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm kernel-devel-2.6.32-504.el6.x86_64.rpm kernel-headers-2.6.32-504.el6.x86_64.rpm perf-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-2.6.32-504.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.el6.i686.rpm perf-debuginfo-2.6.32-504.el6.i686.rpm python-perf-2.6.32-504.el6.i686.rpm python-perf-debuginfo-2.6.32-504.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm perf-debuginfo-2.6.32-504.el6.x86_64.rpm python-perf-2.6.32-504.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2596.html https://www.redhat.com/security/data/cve/CVE-2013-4483.html https://www.redhat.com/security/data/cve/CVE-2014-0181.html https://www.redhat.com/security/data/cve/CVE-2014-3122.html https://www.redhat.com/security/data/cve/CVE-2014-3601.html https://www.redhat.com/security/data/cve/CVE-2014-4608.html https://www.redhat.com/security/data/cve/CVE-2014-4653.html https://www.redhat.com/security/data/cve/CVE-2014-4654.html https://www.redhat.com/security/data/cve/CVE-2014-4655.html https://www.redhat.com/security/data/cve/CVE-2014-5045.html https://www.redhat.com/security/data/cve/CVE-2014-5077.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/kernel.html#RHSA-2014-1392 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.6_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKxFXlSAg2UNWIIRAkwDAJ9mvXUXLdfD/FRwrdkPl2+B610zpACdHa+q m8JupSzJWBzh/fi0DUX0uyI= =D7cp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 05:04:24 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 05:04:24 +0000 Subject: [RHSA-2014:1436-02] Moderate: X11 client libraries security, bug fix, and enhancement update Message-ID: <201410140455.s9E4tpHm030490@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: X11 client libraries security, bug fix, and enhancement update Advisory ID: RHSA-2014:1436-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1436.html Issue date: 2014-10-14 CVE Names: CVE-2013-1981 CVE-2013-1982 CVE-2013-1983 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1987 CVE-2013-1988 CVE-2013-1989 CVE-2013-1990 CVE-2013-1991 CVE-2013-1995 CVE-2013-1997 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2002 CVE-2013-2003 CVE-2013-2004 CVE-2013-2005 CVE-2013-2062 CVE-2013-2064 CVE-2013-2066 ===================================================================== 1. Summary: Updated X11 client libraries packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The X11 (Xorg) libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064) Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066) A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995) A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005) Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004) The xkeyboard-config package has been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version. (BZ#1077471) This update also fixes the following bugs: * Previously, updating the mesa-libGL package did not update the libX11 package, although it was listed as a dependency of mesa-libGL. This bug has been fixed and updating mesa-libGL now updates all dependent packages as expected. (BZ#1054614) * Previously, closing a customer application could occasionally cause the X Server to terminate unexpectedly. After this update, the X Server no longer hangs when a user closes a customer application. (BZ#971626) All X11 client libraries users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 959040 - CVE-2013-1981 libX11: Multiple integer overflows leading to heap-based buffer-overflows 959046 - CVE-2013-1982 libXext: Multiple integer overflows leading to heap-based buffer-overflows 959048 - CVE-2013-1983 libXfixes: Integer overflow leading to heap-based buffer overflow 959049 - CVE-2013-1984 libXi: Multiple integer overflows leading to heap-based buffer-overflows 959056 - CVE-2013-1985 libXinerama: Integer overflow leading to heap-based buffer overflow 959059 - CVE-2013-1986 libXrandr: Multiple integer overflows leading to heap-based bufer overflows 959061 - CVE-2013-1987 libXrender: Multiple integer overflows leading to heap-based bufer overflows 959066 - CVE-2013-1988 libXRes: Multiple integer overflows leading to heap-based bufer overflows 959068 - CVE-2013-1989 libXv: Multiple integer overflows leading to heap-based bufer overflows 959070 - CVE-2013-1990 libXvMC: Multiple integer overflows leading to heap-based buffer overflows 959072 - CVE-2013-1991 libXxf86dga: Multiple integer overflows leading to heap-based buffer overflows 959077 - CVE-2013-2003 libXcursor: Integer overflow leading to heap-based buffer overflow 959108 - CVE-2013-2005 libXt: Memory corruption due to unchecked use of unchecked function pointers 959112 - CVE-2013-2004 libX11: unbounded recursion leading to stack-overflow 960345 - CVE-2013-1997 libX11: Multiple Array Index error leading to heap-based OOB write 960346 - CVE-2013-1998 libXi: Multiple Array Index error leading to heap-based OOB write 960347 - CVE-2013-1999 libXvMC: Array Index error leading to heap-based OOB write 960349 - CVE-2013-2000 libXxf86dga: Array Index error leading to heap-based OOB write 960350 - CVE-2013-2001 libXxf86vm: Multiple Array Index error leading to heap-based OOB write 960352 - CVE-2013-2002 libXt: Array Index error leading to heap-based OOB write 960357 - CVE-2013-1995 libXi: Sign extension issues resulting in heap-based buffer overflow 960362 - CVE-2013-2062 libXp: Integer overflow leading to heap-based buffer overflow 960367 - CVE-2013-2064 libxcb: Integer overflow leading to heap-based buffer overflow 960369 - CVE-2013-2066 libXv: Array Index error leading to heap-based OOB write 971626 - Closing an in-house app can occasionally hang the X server 1119322 - %{dist} found instead of %{?dist} in: libXi-1.7.2-2.1.el6.src.rpm.spec 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libX11-1.6.0-2.2.el6.src.rpm libXcursor-1.1.14-2.1.el6.src.rpm libXext-1.3.2-2.1.el6.src.rpm libXfixes-5.0.1-2.1.el6.src.rpm libXi-1.7.2-2.2.el6.src.rpm libXinerama-1.1.3-2.1.el6.src.rpm libXp-1.0.2-2.1.el6.src.rpm libXrandr-1.4.1-2.1.el6.src.rpm libXrender-0.9.8-2.1.el6.src.rpm libXres-1.0.7-2.1.el6.src.rpm libXt-1.1.4-6.1.el6.src.rpm libXtst-1.2.2-2.1.el6.src.rpm libXv-1.0.9-2.1.el6.src.rpm libXvMC-1.0.8-2.1.el6.src.rpm libXxf86dga-1.1.4-2.1.el6.src.rpm libXxf86vm-1.1.3-2.1.el6.src.rpm libdmx-1.1.3-3.el6.src.rpm libxcb-1.9.1-2.el6.src.rpm xkeyboard-config-2.11-1.el6.src.rpm i386: libX11-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libXcursor-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXext-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXfixes-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXi-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXinerama-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXp-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXrandr-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrender-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXres-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXt-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXtst-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXv-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXvMC-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXxf86dga-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86vm-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libdmx-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libxcb-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm noarch: libX11-common-1.6.0-2.2.el6.noarch.rpm xkeyboard-config-2.11-1.el6.noarch.rpm x86_64: libX11-1.6.0-2.2.el6.i686.rpm libX11-1.6.0-2.2.el6.x86_64.rpm libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm libXcursor-1.1.14-2.1.el6.i686.rpm libXcursor-1.1.14-2.1.el6.x86_64.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm libXext-1.3.2-2.1.el6.i686.rpm libXext-1.3.2-2.1.el6.x86_64.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm libXfixes-5.0.1-2.1.el6.i686.rpm libXfixes-5.0.1-2.1.el6.x86_64.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm libXi-1.7.2-2.2.el6.i686.rpm libXi-1.7.2-2.2.el6.x86_64.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm libXinerama-1.1.3-2.1.el6.i686.rpm libXinerama-1.1.3-2.1.el6.x86_64.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXp-1.0.2-2.1.el6.i686.rpm libXp-1.0.2-2.1.el6.x86_64.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm libXrandr-1.4.1-2.1.el6.i686.rpm libXrandr-1.4.1-2.1.el6.x86_64.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm libXrender-0.9.8-2.1.el6.i686.rpm libXrender-0.9.8-2.1.el6.x86_64.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm libXres-1.0.7-2.1.el6.i686.rpm libXres-1.0.7-2.1.el6.x86_64.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm libXt-1.1.4-6.1.el6.i686.rpm libXt-1.1.4-6.1.el6.x86_64.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm libXtst-1.2.2-2.1.el6.i686.rpm libXtst-1.2.2-2.1.el6.x86_64.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm libXv-1.0.9-2.1.el6.i686.rpm libXv-1.0.9-2.1.el6.x86_64.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm libXvMC-1.0.8-2.1.el6.i686.rpm libXvMC-1.0.8-2.1.el6.x86_64.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm libXxf86dga-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm libXxf86vm-1.1.3-2.1.el6.i686.rpm libXxf86vm-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm libdmx-1.1.3-3.el6.x86_64.rpm libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm libxcb-1.9.1-2.el6.i686.rpm libxcb-1.9.1-2.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: xcb-proto-1.8-3.el6.src.rpm xorg-x11-proto-devel-7.7-9.el6.src.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.src.rpm i386: libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-devel-1.6.0-2.2.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-devel-1.1.14-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-devel-1.3.2-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-devel-5.0.1-2.1.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-devel-1.7.2-2.2.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-devel-1.1.3-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-devel-1.0.2-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-devel-1.4.1-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-devel-0.9.8-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-devel-1.0.7-2.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-devel-1.1.4-6.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-devel-1.2.2-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-devel-1.0.9-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-devel-1.0.8-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libdmx-devel-1.1.3-3.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-devel-1.9.1-2.el6.i686.rpm libxcb-python-1.9.1-2.el6.i686.rpm noarch: libxcb-doc-1.9.1-2.el6.noarch.rpm xcb-proto-1.8-3.el6.noarch.rpm xkeyboard-config-devel-2.11-1.el6.noarch.rpm xorg-x11-proto-devel-7.7-9.el6.noarch.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm x86_64: libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm libX11-devel-1.6.0-2.2.el6.i686.rpm libX11-devel-1.6.0-2.2.el6.x86_64.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm libXcursor-devel-1.1.14-2.1.el6.i686.rpm libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm libXext-devel-1.3.2-2.1.el6.i686.rpm libXext-devel-1.3.2-2.1.el6.x86_64.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm libXfixes-devel-5.0.1-2.1.el6.i686.rpm libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm libXi-devel-1.7.2-2.2.el6.i686.rpm libXi-devel-1.7.2-2.2.el6.x86_64.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXinerama-devel-1.1.3-2.1.el6.i686.rpm libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm libXp-devel-1.0.2-2.1.el6.i686.rpm libXp-devel-1.0.2-2.1.el6.x86_64.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm libXrandr-devel-1.4.1-2.1.el6.i686.rpm libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm libXrender-devel-0.9.8-2.1.el6.i686.rpm libXrender-devel-0.9.8-2.1.el6.x86_64.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm libXres-devel-1.0.7-2.1.el6.i686.rpm libXres-devel-1.0.7-2.1.el6.x86_64.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm libXt-devel-1.1.4-6.1.el6.i686.rpm libXt-devel-1.1.4-6.1.el6.x86_64.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm libXtst-devel-1.2.2-2.1.el6.i686.rpm libXtst-devel-1.2.2-2.1.el6.x86_64.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm libXv-devel-1.0.9-2.1.el6.i686.rpm libXv-devel-1.0.9-2.1.el6.x86_64.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm libXvMC-devel-1.0.8-2.1.el6.i686.rpm libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm libXxf86dga-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm libdmx-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm libdmx-devel-1.1.3-3.el6.i686.rpm libdmx-devel-1.1.3-3.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm libxcb-devel-1.9.1-2.el6.i686.rpm libxcb-devel-1.9.1-2.el6.x86_64.rpm libxcb-python-1.9.1-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libX11-1.6.0-2.2.el6.src.rpm libXcursor-1.1.14-2.1.el6.src.rpm libXext-1.3.2-2.1.el6.src.rpm libXfixes-5.0.1-2.1.el6.src.rpm libXi-1.7.2-2.2.el6.src.rpm libXinerama-1.1.3-2.1.el6.src.rpm libXp-1.0.2-2.1.el6.src.rpm libXrandr-1.4.1-2.1.el6.src.rpm libXrender-0.9.8-2.1.el6.src.rpm libXt-1.1.4-6.1.el6.src.rpm libXtst-1.2.2-2.1.el6.src.rpm libXv-1.0.9-2.1.el6.src.rpm libXxf86vm-1.1.3-2.1.el6.src.rpm libxcb-1.9.1-2.el6.src.rpm noarch: libX11-common-1.6.0-2.2.el6.noarch.rpm x86_64: libX11-1.6.0-2.2.el6.i686.rpm libX11-1.6.0-2.2.el6.x86_64.rpm libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm libXcursor-1.1.14-2.1.el6.i686.rpm libXcursor-1.1.14-2.1.el6.x86_64.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm libXext-1.3.2-2.1.el6.i686.rpm libXext-1.3.2-2.1.el6.x86_64.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm libXfixes-5.0.1-2.1.el6.i686.rpm libXfixes-5.0.1-2.1.el6.x86_64.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm libXi-1.7.2-2.2.el6.i686.rpm libXi-1.7.2-2.2.el6.x86_64.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm libXinerama-1.1.3-2.1.el6.i686.rpm libXinerama-1.1.3-2.1.el6.x86_64.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXp-1.0.2-2.1.el6.i686.rpm libXp-1.0.2-2.1.el6.x86_64.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm libXrandr-1.4.1-2.1.el6.i686.rpm libXrandr-1.4.1-2.1.el6.x86_64.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm libXrender-0.9.8-2.1.el6.i686.rpm libXrender-0.9.8-2.1.el6.x86_64.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm libXt-1.1.4-6.1.el6.i686.rpm libXt-1.1.4-6.1.el6.x86_64.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm libXtst-1.2.2-2.1.el6.i686.rpm libXtst-1.2.2-2.1.el6.x86_64.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm libXv-1.0.9-2.1.el6.i686.rpm libXv-1.0.9-2.1.el6.x86_64.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm libXxf86vm-1.1.3-2.1.el6.i686.rpm libXxf86vm-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm libxcb-1.9.1-2.el6.i686.rpm libxcb-1.9.1-2.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: libXres-1.0.7-2.1.el6.src.rpm libXxf86dga-1.1.4-2.1.el6.src.rpm libdmx-1.1.3-3.el6.src.rpm xcb-proto-1.8-3.el6.src.rpm xkeyboard-config-2.11-1.el6.src.rpm xorg-x11-proto-devel-7.7-9.el6.src.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.src.rpm noarch: libxcb-doc-1.9.1-2.el6.noarch.rpm xcb-proto-1.8-3.el6.noarch.rpm xkeyboard-config-2.11-1.el6.noarch.rpm xkeyboard-config-devel-2.11-1.el6.noarch.rpm xorg-x11-proto-devel-7.7-9.el6.noarch.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm x86_64: libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm libX11-devel-1.6.0-2.2.el6.i686.rpm libX11-devel-1.6.0-2.2.el6.x86_64.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm libXcursor-devel-1.1.14-2.1.el6.i686.rpm libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm libXext-devel-1.3.2-2.1.el6.i686.rpm libXext-devel-1.3.2-2.1.el6.x86_64.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm libXfixes-devel-5.0.1-2.1.el6.i686.rpm libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm libXi-devel-1.7.2-2.2.el6.i686.rpm libXi-devel-1.7.2-2.2.el6.x86_64.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXinerama-devel-1.1.3-2.1.el6.i686.rpm libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm libXp-devel-1.0.2-2.1.el6.i686.rpm libXp-devel-1.0.2-2.1.el6.x86_64.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm libXrandr-devel-1.4.1-2.1.el6.i686.rpm libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm libXrender-devel-0.9.8-2.1.el6.i686.rpm libXrender-devel-0.9.8-2.1.el6.x86_64.rpm libXres-1.0.7-2.1.el6.i686.rpm libXres-1.0.7-2.1.el6.x86_64.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm libXres-devel-1.0.7-2.1.el6.i686.rpm libXres-devel-1.0.7-2.1.el6.x86_64.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm libXt-devel-1.1.4-6.1.el6.i686.rpm libXt-devel-1.1.4-6.1.el6.x86_64.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm libXtst-devel-1.2.2-2.1.el6.i686.rpm libXtst-devel-1.2.2-2.1.el6.x86_64.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm libXv-devel-1.0.9-2.1.el6.i686.rpm libXv-devel-1.0.9-2.1.el6.x86_64.rpm libXxf86dga-1.1.4-2.1.el6.i686.rpm libXxf86dga-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm libdmx-1.1.3-3.el6.i686.rpm libdmx-1.1.3-3.el6.x86_64.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm libdmx-devel-1.1.3-3.el6.i686.rpm libdmx-devel-1.1.3-3.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm libxcb-devel-1.9.1-2.el6.i686.rpm libxcb-devel-1.9.1-2.el6.x86_64.rpm libxcb-python-1.9.1-2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libX11-1.6.0-2.2.el6.src.rpm libXcursor-1.1.14-2.1.el6.src.rpm libXext-1.3.2-2.1.el6.src.rpm libXfixes-5.0.1-2.1.el6.src.rpm libXi-1.7.2-2.2.el6.src.rpm libXinerama-1.1.3-2.1.el6.src.rpm libXp-1.0.2-2.1.el6.src.rpm libXrandr-1.4.1-2.1.el6.src.rpm libXrender-0.9.8-2.1.el6.src.rpm libXres-1.0.7-2.1.el6.src.rpm libXt-1.1.4-6.1.el6.src.rpm libXtst-1.2.2-2.1.el6.src.rpm libXv-1.0.9-2.1.el6.src.rpm libXvMC-1.0.8-2.1.el6.src.rpm libXxf86dga-1.1.4-2.1.el6.src.rpm libXxf86vm-1.1.3-2.1.el6.src.rpm libdmx-1.1.3-3.el6.src.rpm libxcb-1.9.1-2.el6.src.rpm xkeyboard-config-2.11-1.el6.src.rpm xorg-x11-proto-devel-7.7-9.el6.src.rpm i386: libX11-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-devel-1.6.0-2.2.el6.i686.rpm libXcursor-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-devel-1.1.14-2.1.el6.i686.rpm libXext-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-devel-1.3.2-2.1.el6.i686.rpm libXfixes-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-devel-5.0.1-2.1.el6.i686.rpm libXi-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-devel-1.7.2-2.2.el6.i686.rpm libXinerama-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-devel-1.1.3-2.1.el6.i686.rpm libXp-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-devel-1.0.2-2.1.el6.i686.rpm libXrandr-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-devel-1.4.1-2.1.el6.i686.rpm libXrender-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-devel-0.9.8-2.1.el6.i686.rpm libXres-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXt-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-devel-1.1.4-6.1.el6.i686.rpm libXtst-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-devel-1.2.2-2.1.el6.i686.rpm libXv-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-devel-1.0.9-2.1.el6.i686.rpm libXvMC-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXxf86dga-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86vm-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm libdmx-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libxcb-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-devel-1.9.1-2.el6.i686.rpm noarch: libX11-common-1.6.0-2.2.el6.noarch.rpm xkeyboard-config-2.11-1.el6.noarch.rpm xorg-x11-proto-devel-7.7-9.el6.noarch.rpm ppc64: libX11-1.6.0-2.2.el6.ppc.rpm libX11-1.6.0-2.2.el6.ppc64.rpm libX11-debuginfo-1.6.0-2.2.el6.ppc.rpm libX11-debuginfo-1.6.0-2.2.el6.ppc64.rpm libX11-devel-1.6.0-2.2.el6.ppc.rpm libX11-devel-1.6.0-2.2.el6.ppc64.rpm libXcursor-1.1.14-2.1.el6.ppc.rpm libXcursor-1.1.14-2.1.el6.ppc64.rpm libXcursor-debuginfo-1.1.14-2.1.el6.ppc.rpm libXcursor-debuginfo-1.1.14-2.1.el6.ppc64.rpm libXcursor-devel-1.1.14-2.1.el6.ppc.rpm libXcursor-devel-1.1.14-2.1.el6.ppc64.rpm libXext-1.3.2-2.1.el6.ppc.rpm libXext-1.3.2-2.1.el6.ppc64.rpm libXext-debuginfo-1.3.2-2.1.el6.ppc.rpm libXext-debuginfo-1.3.2-2.1.el6.ppc64.rpm libXext-devel-1.3.2-2.1.el6.ppc.rpm libXext-devel-1.3.2-2.1.el6.ppc64.rpm libXfixes-5.0.1-2.1.el6.ppc.rpm libXfixes-5.0.1-2.1.el6.ppc64.rpm libXfixes-debuginfo-5.0.1-2.1.el6.ppc.rpm libXfixes-debuginfo-5.0.1-2.1.el6.ppc64.rpm libXfixes-devel-5.0.1-2.1.el6.ppc.rpm libXfixes-devel-5.0.1-2.1.el6.ppc64.rpm libXi-1.7.2-2.2.el6.ppc.rpm libXi-1.7.2-2.2.el6.ppc64.rpm libXi-debuginfo-1.7.2-2.2.el6.ppc.rpm libXi-debuginfo-1.7.2-2.2.el6.ppc64.rpm libXi-devel-1.7.2-2.2.el6.ppc.rpm libXi-devel-1.7.2-2.2.el6.ppc64.rpm libXinerama-1.1.3-2.1.el6.ppc.rpm libXinerama-1.1.3-2.1.el6.ppc64.rpm libXinerama-debuginfo-1.1.3-2.1.el6.ppc.rpm libXinerama-debuginfo-1.1.3-2.1.el6.ppc64.rpm libXinerama-devel-1.1.3-2.1.el6.ppc.rpm libXinerama-devel-1.1.3-2.1.el6.ppc64.rpm libXp-1.0.2-2.1.el6.ppc.rpm libXp-1.0.2-2.1.el6.ppc64.rpm libXp-debuginfo-1.0.2-2.1.el6.ppc.rpm libXp-debuginfo-1.0.2-2.1.el6.ppc64.rpm libXp-devel-1.0.2-2.1.el6.ppc.rpm libXp-devel-1.0.2-2.1.el6.ppc64.rpm libXrandr-1.4.1-2.1.el6.ppc.rpm libXrandr-1.4.1-2.1.el6.ppc64.rpm libXrandr-debuginfo-1.4.1-2.1.el6.ppc.rpm libXrandr-debuginfo-1.4.1-2.1.el6.ppc64.rpm libXrandr-devel-1.4.1-2.1.el6.ppc.rpm libXrandr-devel-1.4.1-2.1.el6.ppc64.rpm libXrender-0.9.8-2.1.el6.ppc.rpm libXrender-0.9.8-2.1.el6.ppc64.rpm libXrender-debuginfo-0.9.8-2.1.el6.ppc.rpm libXrender-debuginfo-0.9.8-2.1.el6.ppc64.rpm libXrender-devel-0.9.8-2.1.el6.ppc.rpm libXrender-devel-0.9.8-2.1.el6.ppc64.rpm libXres-1.0.7-2.1.el6.ppc.rpm libXres-1.0.7-2.1.el6.ppc64.rpm libXres-debuginfo-1.0.7-2.1.el6.ppc.rpm libXres-debuginfo-1.0.7-2.1.el6.ppc64.rpm libXt-1.1.4-6.1.el6.ppc.rpm libXt-1.1.4-6.1.el6.ppc64.rpm libXt-debuginfo-1.1.4-6.1.el6.ppc.rpm libXt-debuginfo-1.1.4-6.1.el6.ppc64.rpm libXt-devel-1.1.4-6.1.el6.ppc.rpm libXt-devel-1.1.4-6.1.el6.ppc64.rpm libXtst-1.2.2-2.1.el6.ppc.rpm libXtst-1.2.2-2.1.el6.ppc64.rpm libXtst-debuginfo-1.2.2-2.1.el6.ppc.rpm libXtst-debuginfo-1.2.2-2.1.el6.ppc64.rpm libXtst-devel-1.2.2-2.1.el6.ppc.rpm libXtst-devel-1.2.2-2.1.el6.ppc64.rpm libXv-1.0.9-2.1.el6.ppc.rpm libXv-1.0.9-2.1.el6.ppc64.rpm libXv-debuginfo-1.0.9-2.1.el6.ppc.rpm libXv-debuginfo-1.0.9-2.1.el6.ppc64.rpm libXv-devel-1.0.9-2.1.el6.ppc.rpm libXv-devel-1.0.9-2.1.el6.ppc64.rpm libXxf86dga-1.1.4-2.1.el6.ppc64.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.ppc64.rpm libXxf86vm-1.1.3-2.1.el6.ppc.rpm libXxf86vm-1.1.3-2.1.el6.ppc64.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.ppc.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.ppc64.rpm libXxf86vm-devel-1.1.3-2.1.el6.ppc.rpm libXxf86vm-devel-1.1.3-2.1.el6.ppc64.rpm libdmx-1.1.3-3.el6.ppc64.rpm libdmx-debuginfo-1.1.3-3.el6.ppc64.rpm libxcb-1.9.1-2.el6.ppc.rpm libxcb-1.9.1-2.el6.ppc64.rpm libxcb-debuginfo-1.9.1-2.el6.ppc.rpm libxcb-debuginfo-1.9.1-2.el6.ppc64.rpm libxcb-devel-1.9.1-2.el6.ppc.rpm libxcb-devel-1.9.1-2.el6.ppc64.rpm s390x: libX11-1.6.0-2.2.el6.s390.rpm libX11-1.6.0-2.2.el6.s390x.rpm libX11-debuginfo-1.6.0-2.2.el6.s390.rpm libX11-debuginfo-1.6.0-2.2.el6.s390x.rpm libX11-devel-1.6.0-2.2.el6.s390.rpm libX11-devel-1.6.0-2.2.el6.s390x.rpm libXcursor-1.1.14-2.1.el6.s390.rpm libXcursor-1.1.14-2.1.el6.s390x.rpm libXcursor-debuginfo-1.1.14-2.1.el6.s390.rpm libXcursor-debuginfo-1.1.14-2.1.el6.s390x.rpm libXcursor-devel-1.1.14-2.1.el6.s390.rpm libXcursor-devel-1.1.14-2.1.el6.s390x.rpm libXext-1.3.2-2.1.el6.s390.rpm libXext-1.3.2-2.1.el6.s390x.rpm libXext-debuginfo-1.3.2-2.1.el6.s390.rpm libXext-debuginfo-1.3.2-2.1.el6.s390x.rpm libXext-devel-1.3.2-2.1.el6.s390.rpm libXext-devel-1.3.2-2.1.el6.s390x.rpm libXfixes-5.0.1-2.1.el6.s390.rpm libXfixes-5.0.1-2.1.el6.s390x.rpm libXfixes-debuginfo-5.0.1-2.1.el6.s390.rpm libXfixes-debuginfo-5.0.1-2.1.el6.s390x.rpm libXfixes-devel-5.0.1-2.1.el6.s390.rpm libXfixes-devel-5.0.1-2.1.el6.s390x.rpm libXi-1.7.2-2.2.el6.s390.rpm libXi-1.7.2-2.2.el6.s390x.rpm libXi-debuginfo-1.7.2-2.2.el6.s390.rpm libXi-debuginfo-1.7.2-2.2.el6.s390x.rpm libXi-devel-1.7.2-2.2.el6.s390.rpm libXi-devel-1.7.2-2.2.el6.s390x.rpm libXinerama-1.1.3-2.1.el6.s390.rpm libXinerama-1.1.3-2.1.el6.s390x.rpm libXinerama-debuginfo-1.1.3-2.1.el6.s390.rpm libXinerama-debuginfo-1.1.3-2.1.el6.s390x.rpm libXinerama-devel-1.1.3-2.1.el6.s390.rpm libXinerama-devel-1.1.3-2.1.el6.s390x.rpm libXp-1.0.2-2.1.el6.s390.rpm libXp-1.0.2-2.1.el6.s390x.rpm libXp-debuginfo-1.0.2-2.1.el6.s390.rpm libXp-debuginfo-1.0.2-2.1.el6.s390x.rpm libXp-devel-1.0.2-2.1.el6.s390.rpm libXp-devel-1.0.2-2.1.el6.s390x.rpm libXrandr-1.4.1-2.1.el6.s390.rpm libXrandr-1.4.1-2.1.el6.s390x.rpm libXrandr-debuginfo-1.4.1-2.1.el6.s390.rpm libXrandr-debuginfo-1.4.1-2.1.el6.s390x.rpm libXrandr-devel-1.4.1-2.1.el6.s390.rpm libXrandr-devel-1.4.1-2.1.el6.s390x.rpm libXrender-0.9.8-2.1.el6.s390.rpm libXrender-0.9.8-2.1.el6.s390x.rpm libXrender-debuginfo-0.9.8-2.1.el6.s390.rpm libXrender-debuginfo-0.9.8-2.1.el6.s390x.rpm libXrender-devel-0.9.8-2.1.el6.s390.rpm libXrender-devel-0.9.8-2.1.el6.s390x.rpm libXres-1.0.7-2.1.el6.s390.rpm libXres-1.0.7-2.1.el6.s390x.rpm libXres-debuginfo-1.0.7-2.1.el6.s390.rpm libXres-debuginfo-1.0.7-2.1.el6.s390x.rpm libXt-1.1.4-6.1.el6.s390.rpm libXt-1.1.4-6.1.el6.s390x.rpm libXt-debuginfo-1.1.4-6.1.el6.s390.rpm libXt-debuginfo-1.1.4-6.1.el6.s390x.rpm libXt-devel-1.1.4-6.1.el6.s390.rpm libXt-devel-1.1.4-6.1.el6.s390x.rpm libXtst-1.2.2-2.1.el6.s390.rpm libXtst-1.2.2-2.1.el6.s390x.rpm libXtst-debuginfo-1.2.2-2.1.el6.s390.rpm libXtst-debuginfo-1.2.2-2.1.el6.s390x.rpm libXtst-devel-1.2.2-2.1.el6.s390.rpm libXtst-devel-1.2.2-2.1.el6.s390x.rpm libXv-1.0.9-2.1.el6.s390.rpm libXv-1.0.9-2.1.el6.s390x.rpm libXv-debuginfo-1.0.9-2.1.el6.s390.rpm libXv-debuginfo-1.0.9-2.1.el6.s390x.rpm libXv-devel-1.0.9-2.1.el6.s390.rpm libXv-devel-1.0.9-2.1.el6.s390x.rpm libXxf86dga-1.1.4-2.1.el6.s390x.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.s390x.rpm libXxf86vm-1.1.3-2.1.el6.s390.rpm libXxf86vm-1.1.3-2.1.el6.s390x.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.s390.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.s390x.rpm libXxf86vm-devel-1.1.3-2.1.el6.s390.rpm libXxf86vm-devel-1.1.3-2.1.el6.s390x.rpm libdmx-1.1.3-3.el6.s390x.rpm libdmx-debuginfo-1.1.3-3.el6.s390x.rpm libxcb-1.9.1-2.el6.s390.rpm libxcb-1.9.1-2.el6.s390x.rpm libxcb-debuginfo-1.9.1-2.el6.s390.rpm libxcb-debuginfo-1.9.1-2.el6.s390x.rpm libxcb-devel-1.9.1-2.el6.s390.rpm libxcb-devel-1.9.1-2.el6.s390x.rpm x86_64: libX11-1.6.0-2.2.el6.i686.rpm libX11-1.6.0-2.2.el6.x86_64.rpm libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm libX11-devel-1.6.0-2.2.el6.i686.rpm libX11-devel-1.6.0-2.2.el6.x86_64.rpm libXcursor-1.1.14-2.1.el6.i686.rpm libXcursor-1.1.14-2.1.el6.x86_64.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm libXcursor-devel-1.1.14-2.1.el6.i686.rpm libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm libXext-1.3.2-2.1.el6.i686.rpm libXext-1.3.2-2.1.el6.x86_64.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm libXext-devel-1.3.2-2.1.el6.i686.rpm libXext-devel-1.3.2-2.1.el6.x86_64.rpm libXfixes-5.0.1-2.1.el6.i686.rpm libXfixes-5.0.1-2.1.el6.x86_64.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm libXfixes-devel-5.0.1-2.1.el6.i686.rpm libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm libXi-1.7.2-2.2.el6.i686.rpm libXi-1.7.2-2.2.el6.x86_64.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm libXi-devel-1.7.2-2.2.el6.i686.rpm libXi-devel-1.7.2-2.2.el6.x86_64.rpm libXinerama-1.1.3-2.1.el6.i686.rpm libXinerama-1.1.3-2.1.el6.x86_64.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXinerama-devel-1.1.3-2.1.el6.i686.rpm libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm libXp-1.0.2-2.1.el6.i686.rpm libXp-1.0.2-2.1.el6.x86_64.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm libXp-devel-1.0.2-2.1.el6.i686.rpm libXp-devel-1.0.2-2.1.el6.x86_64.rpm libXrandr-1.4.1-2.1.el6.i686.rpm libXrandr-1.4.1-2.1.el6.x86_64.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm libXrandr-devel-1.4.1-2.1.el6.i686.rpm libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm libXrender-0.9.8-2.1.el6.i686.rpm libXrender-0.9.8-2.1.el6.x86_64.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm libXrender-devel-0.9.8-2.1.el6.i686.rpm libXrender-devel-0.9.8-2.1.el6.x86_64.rpm libXres-1.0.7-2.1.el6.i686.rpm libXres-1.0.7-2.1.el6.x86_64.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm libXt-1.1.4-6.1.el6.i686.rpm libXt-1.1.4-6.1.el6.x86_64.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm libXt-devel-1.1.4-6.1.el6.i686.rpm libXt-devel-1.1.4-6.1.el6.x86_64.rpm libXtst-1.2.2-2.1.el6.i686.rpm libXtst-1.2.2-2.1.el6.x86_64.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm libXtst-devel-1.2.2-2.1.el6.i686.rpm libXtst-devel-1.2.2-2.1.el6.x86_64.rpm libXv-1.0.9-2.1.el6.i686.rpm libXv-1.0.9-2.1.el6.x86_64.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm libXv-devel-1.0.9-2.1.el6.i686.rpm libXv-devel-1.0.9-2.1.el6.x86_64.rpm libXvMC-1.0.8-2.1.el6.i686.rpm libXvMC-1.0.8-2.1.el6.x86_64.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm libXxf86dga-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm libXxf86vm-1.1.3-2.1.el6.i686.rpm libXxf86vm-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm libdmx-1.1.3-3.el6.x86_64.rpm libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm libxcb-1.9.1-2.el6.i686.rpm libxcb-1.9.1-2.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm libxcb-devel-1.9.1-2.el6.i686.rpm libxcb-devel-1.9.1-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: xcb-proto-1.8-3.el6.src.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.src.rpm i386: libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-devel-1.0.7-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-devel-1.0.8-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libdmx-devel-1.1.3-3.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-python-1.9.1-2.el6.i686.rpm noarch: libxcb-doc-1.9.1-2.el6.noarch.rpm xcb-proto-1.8-3.el6.noarch.rpm xkeyboard-config-devel-2.11-1.el6.noarch.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm ppc64: libXres-debuginfo-1.0.7-2.1.el6.ppc.rpm libXres-debuginfo-1.0.7-2.1.el6.ppc64.rpm libXres-devel-1.0.7-2.1.el6.ppc.rpm libXres-devel-1.0.7-2.1.el6.ppc64.rpm libXxf86dga-1.1.4-2.1.el6.ppc.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.ppc.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.ppc64.rpm libXxf86dga-devel-1.1.4-2.1.el6.ppc.rpm libXxf86dga-devel-1.1.4-2.1.el6.ppc64.rpm libdmx-1.1.3-3.el6.ppc.rpm libdmx-debuginfo-1.1.3-3.el6.ppc.rpm libdmx-debuginfo-1.1.3-3.el6.ppc64.rpm libdmx-devel-1.1.3-3.el6.ppc.rpm libdmx-devel-1.1.3-3.el6.ppc64.rpm libxcb-debuginfo-1.9.1-2.el6.ppc64.rpm libxcb-python-1.9.1-2.el6.ppc64.rpm s390x: libXres-debuginfo-1.0.7-2.1.el6.s390.rpm libXres-debuginfo-1.0.7-2.1.el6.s390x.rpm libXres-devel-1.0.7-2.1.el6.s390.rpm libXres-devel-1.0.7-2.1.el6.s390x.rpm libXxf86dga-1.1.4-2.1.el6.s390.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.s390.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.s390x.rpm libXxf86dga-devel-1.1.4-2.1.el6.s390.rpm libXxf86dga-devel-1.1.4-2.1.el6.s390x.rpm libdmx-1.1.3-3.el6.s390.rpm libdmx-debuginfo-1.1.3-3.el6.s390.rpm libdmx-debuginfo-1.1.3-3.el6.s390x.rpm libdmx-devel-1.1.3-3.el6.s390.rpm libdmx-devel-1.1.3-3.el6.s390x.rpm libxcb-debuginfo-1.9.1-2.el6.s390x.rpm libxcb-python-1.9.1-2.el6.s390x.rpm x86_64: libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm libXres-devel-1.0.7-2.1.el6.i686.rpm libXres-devel-1.0.7-2.1.el6.x86_64.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm libXvMC-devel-1.0.8-2.1.el6.i686.rpm libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm libXxf86dga-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm libdmx-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm libdmx-devel-1.1.3-3.el6.i686.rpm libdmx-devel-1.1.3-3.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm libxcb-python-1.9.1-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libX11-1.6.0-2.2.el6.src.rpm libXcursor-1.1.14-2.1.el6.src.rpm libXext-1.3.2-2.1.el6.src.rpm libXfixes-5.0.1-2.1.el6.src.rpm libXi-1.7.2-2.2.el6.src.rpm libXinerama-1.1.3-2.1.el6.src.rpm libXp-1.0.2-2.1.el6.src.rpm libXrandr-1.4.1-2.1.el6.src.rpm libXrender-0.9.8-2.1.el6.src.rpm libXres-1.0.7-2.1.el6.src.rpm libXt-1.1.4-6.1.el6.src.rpm libXtst-1.2.2-2.1.el6.src.rpm libXv-1.0.9-2.1.el6.src.rpm libXvMC-1.0.8-2.1.el6.src.rpm libXxf86dga-1.1.4-2.1.el6.src.rpm libXxf86vm-1.1.3-2.1.el6.src.rpm libdmx-1.1.3-3.el6.src.rpm libxcb-1.9.1-2.el6.src.rpm xkeyboard-config-2.11-1.el6.src.rpm xorg-x11-proto-devel-7.7-9.el6.src.rpm i386: libX11-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-devel-1.6.0-2.2.el6.i686.rpm libXcursor-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-devel-1.1.14-2.1.el6.i686.rpm libXext-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-devel-1.3.2-2.1.el6.i686.rpm libXfixes-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-devel-5.0.1-2.1.el6.i686.rpm libXi-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-devel-1.7.2-2.2.el6.i686.rpm libXinerama-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-devel-1.1.3-2.1.el6.i686.rpm libXp-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-devel-1.0.2-2.1.el6.i686.rpm libXrandr-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-devel-1.4.1-2.1.el6.i686.rpm libXrender-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-devel-0.9.8-2.1.el6.i686.rpm libXres-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXt-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-devel-1.1.4-6.1.el6.i686.rpm libXtst-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-devel-1.2.2-2.1.el6.i686.rpm libXv-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-devel-1.0.9-2.1.el6.i686.rpm libXvMC-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXxf86dga-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86vm-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm libdmx-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libxcb-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-devel-1.9.1-2.el6.i686.rpm noarch: libX11-common-1.6.0-2.2.el6.noarch.rpm xkeyboard-config-2.11-1.el6.noarch.rpm xorg-x11-proto-devel-7.7-9.el6.noarch.rpm x86_64: libX11-1.6.0-2.2.el6.i686.rpm libX11-1.6.0-2.2.el6.x86_64.rpm libX11-debuginfo-1.6.0-2.2.el6.i686.rpm libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm libX11-devel-1.6.0-2.2.el6.i686.rpm libX11-devel-1.6.0-2.2.el6.x86_64.rpm libXcursor-1.1.14-2.1.el6.i686.rpm libXcursor-1.1.14-2.1.el6.x86_64.rpm libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm libXcursor-devel-1.1.14-2.1.el6.i686.rpm libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm libXext-1.3.2-2.1.el6.i686.rpm libXext-1.3.2-2.1.el6.x86_64.rpm libXext-debuginfo-1.3.2-2.1.el6.i686.rpm libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm libXext-devel-1.3.2-2.1.el6.i686.rpm libXext-devel-1.3.2-2.1.el6.x86_64.rpm libXfixes-5.0.1-2.1.el6.i686.rpm libXfixes-5.0.1-2.1.el6.x86_64.rpm libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm libXfixes-devel-5.0.1-2.1.el6.i686.rpm libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm libXi-1.7.2-2.2.el6.i686.rpm libXi-1.7.2-2.2.el6.x86_64.rpm libXi-debuginfo-1.7.2-2.2.el6.i686.rpm libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm libXi-devel-1.7.2-2.2.el6.i686.rpm libXi-devel-1.7.2-2.2.el6.x86_64.rpm libXinerama-1.1.3-2.1.el6.i686.rpm libXinerama-1.1.3-2.1.el6.x86_64.rpm libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXinerama-devel-1.1.3-2.1.el6.i686.rpm libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm libXp-1.0.2-2.1.el6.i686.rpm libXp-1.0.2-2.1.el6.x86_64.rpm libXp-debuginfo-1.0.2-2.1.el6.i686.rpm libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm libXp-devel-1.0.2-2.1.el6.i686.rpm libXp-devel-1.0.2-2.1.el6.x86_64.rpm libXrandr-1.4.1-2.1.el6.i686.rpm libXrandr-1.4.1-2.1.el6.x86_64.rpm libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm libXrandr-devel-1.4.1-2.1.el6.i686.rpm libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm libXrender-0.9.8-2.1.el6.i686.rpm libXrender-0.9.8-2.1.el6.x86_64.rpm libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm libXrender-devel-0.9.8-2.1.el6.i686.rpm libXrender-devel-0.9.8-2.1.el6.x86_64.rpm libXres-1.0.7-2.1.el6.i686.rpm libXres-1.0.7-2.1.el6.x86_64.rpm libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm libXt-1.1.4-6.1.el6.i686.rpm libXt-1.1.4-6.1.el6.x86_64.rpm libXt-debuginfo-1.1.4-6.1.el6.i686.rpm libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm libXt-devel-1.1.4-6.1.el6.i686.rpm libXt-devel-1.1.4-6.1.el6.x86_64.rpm libXtst-1.2.2-2.1.el6.i686.rpm libXtst-1.2.2-2.1.el6.x86_64.rpm libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm libXtst-devel-1.2.2-2.1.el6.i686.rpm libXtst-devel-1.2.2-2.1.el6.x86_64.rpm libXv-1.0.9-2.1.el6.i686.rpm libXv-1.0.9-2.1.el6.x86_64.rpm libXv-debuginfo-1.0.9-2.1.el6.i686.rpm libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm libXv-devel-1.0.9-2.1.el6.i686.rpm libXv-devel-1.0.9-2.1.el6.x86_64.rpm libXvMC-1.0.8-2.1.el6.i686.rpm libXvMC-1.0.8-2.1.el6.x86_64.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm libXxf86dga-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm libXxf86vm-1.1.3-2.1.el6.i686.rpm libXxf86vm-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm libdmx-1.1.3-3.el6.x86_64.rpm libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm libxcb-1.9.1-2.el6.i686.rpm libxcb-1.9.1-2.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm libxcb-devel-1.9.1-2.el6.i686.rpm libxcb-devel-1.9.1-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: xcb-proto-1.8-3.el6.src.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.src.rpm i386: libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-devel-1.0.7-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-devel-1.0.8-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libdmx-devel-1.1.3-3.el6.i686.rpm libxcb-debuginfo-1.9.1-2.el6.i686.rpm libxcb-python-1.9.1-2.el6.i686.rpm noarch: libxcb-doc-1.9.1-2.el6.noarch.rpm xcb-proto-1.8-3.el6.noarch.rpm xkeyboard-config-devel-2.11-1.el6.noarch.rpm xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm x86_64: libXres-debuginfo-1.0.7-2.1.el6.i686.rpm libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm libXres-devel-1.0.7-2.1.el6.i686.rpm libXres-devel-1.0.7-2.1.el6.x86_64.rpm libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm libXvMC-devel-1.0.8-2.1.el6.i686.rpm libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm libXxf86dga-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm libdmx-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.i686.rpm libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm libdmx-devel-1.1.3-3.el6.i686.rpm libdmx-devel-1.1.3-3.el6.x86_64.rpm libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm libxcb-python-1.9.1-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1981.html https://www.redhat.com/security/data/cve/CVE-2013-1982.html https://www.redhat.com/security/data/cve/CVE-2013-1983.html https://www.redhat.com/security/data/cve/CVE-2013-1984.html https://www.redhat.com/security/data/cve/CVE-2013-1985.html https://www.redhat.com/security/data/cve/CVE-2013-1986.html https://www.redhat.com/security/data/cve/CVE-2013-1987.html https://www.redhat.com/security/data/cve/CVE-2013-1988.html https://www.redhat.com/security/data/cve/CVE-2013-1989.html https://www.redhat.com/security/data/cve/CVE-2013-1990.html https://www.redhat.com/security/data/cve/CVE-2013-1991.html https://www.redhat.com/security/data/cve/CVE-2013-1995.html https://www.redhat.com/security/data/cve/CVE-2013-1997.html https://www.redhat.com/security/data/cve/CVE-2013-1998.html https://www.redhat.com/security/data/cve/CVE-2013-1999.html https://www.redhat.com/security/data/cve/CVE-2013-2000.html https://www.redhat.com/security/data/cve/CVE-2013-2001.html https://www.redhat.com/security/data/cve/CVE-2013-2002.html https://www.redhat.com/security/data/cve/CVE-2013-2003.html https://www.redhat.com/security/data/cve/CVE-2013-2004.html https://www.redhat.com/security/data/cve/CVE-2013-2005.html https://www.redhat.com/security/data/cve/CVE-2013-2062.html https://www.redhat.com/security/data/cve/CVE-2013-2064.html https://www.redhat.com/security/data/cve/CVE-2013-2066.html https://access.redhat.com/security/updates/classification/#moderate http://www.x.org/wiki/Development/Security/Advisory-2013-05-23/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKypXlSAg2UNWIIRAiMsAJ9cF7DHUmCdqHAl62G9t3/qs6bhgwCdFNLk V+3Ge4QauIYyGA6Nzza2FKk= =lVo6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 05:05:39 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 05:05:39 +0000 Subject: [RHSA-2014:1507-02] Low: trousers security, bug fix, and enhancement update Message-ID: <201410140457.s9E4v5p9031562@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: trousers security, bug fix, and enhancement update Advisory ID: RHSA-2014:1507-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1507.html Issue date: 2014-10-14 CVE Names: CVE-2012-0698 ===================================================================== 1. Summary: Updated trousers packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of your TPM hardware. TPM hardware can create, store and use RSA keys securely (without ever being exposed in memory), verify a platform's software state using cryptographic hashes and more. A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a specially crafted TCP packet that, when processed by tcsd, could cause the daemon to crash. Note that by default tcsd accepts requests on localhost only. (CVE-2012-0698) Red Hat would like to thank Andrew Lutomirski for reporting this issue. The trousers package has been upgraded to upstream version 0.3.13, which provides a number of bug fixes and enhancements over the previous version, including corrected internal symbol names to avoid collisions with other applications, fixed memory leaks, added IPv6 support, fixed buffer handling in tcsd, as well as changed the license to BSD. (BZ#633584, BZ#1074634) All trousers users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 781648 - CVE-2012-0698 trousers: DoS vulnerability in tcsd 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: trousers-0.3.13-2.el6.src.rpm i386: trousers-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.i686.rpm x86_64: trousers-0.3.13-2.el6.i686.rpm trousers-0.3.13-2.el6.x86_64.rpm trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-devel-0.3.13-2.el6.i686.rpm trousers-static-0.3.13-2.el6.i686.rpm x86_64: trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm trousers-devel-0.3.13-2.el6.i686.rpm trousers-devel-0.3.13-2.el6.x86_64.rpm trousers-static-0.3.13-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: trousers-0.3.13-2.el6.src.rpm x86_64: trousers-0.3.13-2.el6.i686.rpm trousers-0.3.13-2.el6.x86_64.rpm trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm trousers-devel-0.3.13-2.el6.i686.rpm trousers-devel-0.3.13-2.el6.x86_64.rpm trousers-static-0.3.13-2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: trousers-0.3.13-2.el6.src.rpm i386: trousers-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.i686.rpm ppc64: trousers-0.3.13-2.el6.ppc.rpm trousers-0.3.13-2.el6.ppc64.rpm trousers-debuginfo-0.3.13-2.el6.ppc.rpm trousers-debuginfo-0.3.13-2.el6.ppc64.rpm s390x: trousers-0.3.13-2.el6.s390.rpm trousers-0.3.13-2.el6.s390x.rpm trousers-debuginfo-0.3.13-2.el6.s390.rpm trousers-debuginfo-0.3.13-2.el6.s390x.rpm x86_64: trousers-0.3.13-2.el6.i686.rpm trousers-0.3.13-2.el6.x86_64.rpm trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-devel-0.3.13-2.el6.i686.rpm trousers-static-0.3.13-2.el6.i686.rpm ppc64: trousers-debuginfo-0.3.13-2.el6.ppc.rpm trousers-debuginfo-0.3.13-2.el6.ppc64.rpm trousers-devel-0.3.13-2.el6.ppc.rpm trousers-devel-0.3.13-2.el6.ppc64.rpm trousers-static-0.3.13-2.el6.ppc64.rpm s390x: trousers-debuginfo-0.3.13-2.el6.s390.rpm trousers-debuginfo-0.3.13-2.el6.s390x.rpm trousers-devel-0.3.13-2.el6.s390.rpm trousers-devel-0.3.13-2.el6.s390x.rpm trousers-static-0.3.13-2.el6.s390x.rpm x86_64: trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm trousers-devel-0.3.13-2.el6.i686.rpm trousers-devel-0.3.13-2.el6.x86_64.rpm trousers-static-0.3.13-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: trousers-0.3.13-2.el6.src.rpm i386: trousers-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.i686.rpm x86_64: trousers-0.3.13-2.el6.i686.rpm trousers-0.3.13-2.el6.x86_64.rpm trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-devel-0.3.13-2.el6.i686.rpm trousers-static-0.3.13-2.el6.i686.rpm x86_64: trousers-debuginfo-0.3.13-2.el6.i686.rpm trousers-debuginfo-0.3.13-2.el6.x86_64.rpm trousers-devel-0.3.13-2.el6.i686.rpm trousers-devel-0.3.13-2.el6.x86_64.rpm trousers-static-0.3.13-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0698.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPK0dXlSAg2UNWIIRAhfsAJ0REbQbcZsTqT4UFT7W1Nlb/wJeDgCgqVau kettvfkRnErKoqEXKaKpmnk= =Oeip -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 05:07:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 05:07:07 +0000 Subject: [RHSA-2014:1552-02] Moderate: openssh security, bug fix, and enhancement update Message-ID: <201410140458.s9E4wXnS005927@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2014:1552-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1552.html Issue date: 2014-10-14 CVE Names: CVE-2014-2532 CVE-2014-2653 ===================================================================== 1. Summary: Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) This update also fixes the following bugs: * Based on the SP800-131A information security standard, the generation of a digital signature using the Digital Signature Algorithm (DSA) with the key size of 1024 bits and RSA with the key size of less than 2048 bits is disallowed after the year 2013. After this update, ssh-keygen no longer generates keys with less than 2048 bits in FIPS mode. However, the sshd service accepts keys of size 1024 bits as well as larger keys for compatibility reasons. (BZ#993580) * Previously, the openssh utility incorrectly set the oom_adj value to -17 for all of its children processes. This behavior was incorrect because the children processes were supposed to have this value set to 0. This update applies a patch to fix this bug and oom_adj is now properly set to 0 for all children processes as expected. (BZ#1010429) * Previously, if the sshd service failed to verify the checksum of an installed FIPS module using the fipscheck library, the information about this failure was only provided at the standard error output of sshd. As a consequence, the user could not notice this message and be uninformed when a system had not been properly configured for FIPS mode. To fix this bug, this behavior has been changed and sshd now sends such messages via the syslog service. (BZ#1020803) * When keys provided by the pkcs11 library were removed from the ssh agent using the "ssh-add -e" command, the user was prompted to enter a PIN. With this update, a patch has been applied to allow the user to remove the keys provided by pkcs11 without the PIN. (BZ#1042519) In addition, this update adds the following enhancements: * With this update, ControlPersist has been added to OpenSSH. The option in conjunction with the ControlMaster configuration directive specifies that the master connection remains open in the background after the initial client connection has been closed. (BZ#953088) * When the sshd daemon is configured to force the internal SFTP session, and the user attempts to use a connection other than SFTP, the appropriate message is logged to the /var/log/secure file. (BZ#997377) * Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and host user keys (ECDSA) as specified by RFC5656 has been added to the openssh packages. However, they are not enabled by default and the user has to enable them manually. For more information on how to configure ECDSA and ECDH with OpenSSH, see: https://access.redhat.com/solutions/711953 (BZ#1028335) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 953088 - OpenSSH adding ControlPersist patch to enable full usage of SSH control options 1010429 - Openssh Incorrectly sets oom_adj in all Children after Performing a Reload 1023043 - ssh_config manual page lists incorrect default value of KexAlgorithms 1023044 - Fix man page for ssh-keygen because of certificate support 1027197 - X11 Forwarding does not work with default config - error: Failed to allocate internet-domain X11 display socket 1028643 - Connection remains when fork() fails. 1077843 - CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw 1081338 - CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios 1108836 - ssh-keyscan should ignore SIGPIPE 1111568 - AUTOCREATE_SERVER_KEYS=RSAONLY is not supported by init script 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssh-5.3p1-104.el6.src.rpm i386: openssh-5.3p1-104.el6.i686.rpm openssh-askpass-5.3p1-104.el6.i686.rpm openssh-clients-5.3p1-104.el6.i686.rpm openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-server-5.3p1-104.el6.i686.rpm x86_64: openssh-5.3p1-104.el6.x86_64.rpm openssh-askpass-5.3p1-104.el6.x86_64.rpm openssh-clients-5.3p1-104.el6.x86_64.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-server-5.3p1-104.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-ldap-5.3p1-104.el6.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-ldap-5.3p1-104.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssh-5.3p1-104.el6.src.rpm x86_64: openssh-5.3p1-104.el6.x86_64.rpm openssh-clients-5.3p1-104.el6.x86_64.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-server-5.3p1-104.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssh-askpass-5.3p1-104.el6.x86_64.rpm openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-ldap-5.3p1-104.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssh-5.3p1-104.el6.src.rpm i386: openssh-5.3p1-104.el6.i686.rpm openssh-askpass-5.3p1-104.el6.i686.rpm openssh-clients-5.3p1-104.el6.i686.rpm openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-server-5.3p1-104.el6.i686.rpm ppc64: openssh-5.3p1-104.el6.ppc64.rpm openssh-askpass-5.3p1-104.el6.ppc64.rpm openssh-clients-5.3p1-104.el6.ppc64.rpm openssh-debuginfo-5.3p1-104.el6.ppc64.rpm openssh-server-5.3p1-104.el6.ppc64.rpm s390x: openssh-5.3p1-104.el6.s390x.rpm openssh-askpass-5.3p1-104.el6.s390x.rpm openssh-clients-5.3p1-104.el6.s390x.rpm openssh-debuginfo-5.3p1-104.el6.s390x.rpm openssh-server-5.3p1-104.el6.s390x.rpm x86_64: openssh-5.3p1-104.el6.x86_64.rpm openssh-askpass-5.3p1-104.el6.x86_64.rpm openssh-clients-5.3p1-104.el6.x86_64.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-server-5.3p1-104.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-ldap-5.3p1-104.el6.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm ppc64: openssh-debuginfo-5.3p1-104.el6.ppc.rpm openssh-debuginfo-5.3p1-104.el6.ppc64.rpm openssh-ldap-5.3p1-104.el6.ppc64.rpm pam_ssh_agent_auth-0.9.3-104.el6.ppc.rpm pam_ssh_agent_auth-0.9.3-104.el6.ppc64.rpm s390x: openssh-debuginfo-5.3p1-104.el6.s390.rpm openssh-debuginfo-5.3p1-104.el6.s390x.rpm openssh-ldap-5.3p1-104.el6.s390x.rpm pam_ssh_agent_auth-0.9.3-104.el6.s390.rpm pam_ssh_agent_auth-0.9.3-104.el6.s390x.rpm x86_64: openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-ldap-5.3p1-104.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssh-5.3p1-104.el6.src.rpm i386: openssh-5.3p1-104.el6.i686.rpm openssh-askpass-5.3p1-104.el6.i686.rpm openssh-clients-5.3p1-104.el6.i686.rpm openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-server-5.3p1-104.el6.i686.rpm x86_64: openssh-5.3p1-104.el6.x86_64.rpm openssh-askpass-5.3p1-104.el6.x86_64.rpm openssh-clients-5.3p1-104.el6.x86_64.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-server-5.3p1-104.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-ldap-5.3p1-104.el6.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-104.el6.i686.rpm openssh-debuginfo-5.3p1-104.el6.x86_64.rpm openssh-ldap-5.3p1-104.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-2532.html https://www.redhat.com/security/data/cve/CVE-2014-2653.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/solutions/711953 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPK1zXlSAg2UNWIIRAgLFAKCbc0zGun3IBr/70ChlueemUsEORgCfa8RL IT6RfneDJRTv3j8EqBZSrp0= =33Fn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 05:08:16 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 05:08:16 +0000 Subject: [RHSA-2014:1606-02] Moderate: file security and bug fix update Message-ID: <201410140459.s9E4xh79013214@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: file security and bug fix update Advisory ID: RHSA-2014:1606-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1606.html Issue date: 2014-10-14 CVE Names: CVE-2012-1571 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3479 CVE-2014-3480 ===================================================================== 1. Summary: Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way file handled indirect and search rules. A remote attacker could use either of these flaws to cause file, or an application using file, to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) This update also fixes the following bugs: * Previously, the output of the "file" command contained redundant white spaces. With this update, the new STRING_TRIM flag has been introduced to remove the unnecessary white spaces. (BZ#664513) * Due to a bug, the "file" command could incorrectly identify an XML document as a LaTex document. The underlying source code has been modified to fix this bug and the command now works as expected. (BZ#849621) * Previously, the "file" command could not recognize .JPG files and incorrectly labeled them as "Minix filesystem". This bug has been fixed and the command now properly detects .JPG files. (BZ#873997) * Under certain circumstances, the "file" command incorrectly detected NETpbm files as "x86 boot sector". This update applies a patch to fix this bug and the command now detects NETpbm files as expected. (BZ#884396) * Previously, the "file" command incorrectly identified ASCII text files as a .PIC image file. With this update, a patch has been provided to address this bug and the command now correctly recognizes ASCII text files. (BZ#980941) * On 32-bit PowerPC systems, the "from" field was missing from the output of the "file" command. The underlying source code has been modified to fix this bug and "file" output now contains the "from" field as expected. (BZ#1037279) * The "file" command incorrectly detected text files as "RRDTool DB version ool - Round Robin Database Tool". This update applies a patch to fix this bug and the command now correctly detects text files. (BZ#1064463) * Previously, the "file" command supported only version 1 and 2 of the QCOW format. As a consequence, file was unable to detect a "qcow2 compat=1.1" file created on Red Hat Enterprise Linux 7. With this update, support for QCOW version 3 has been added so that the command now detects such files as expected. (BZ#1067771) All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 664513 - too many spaces ... 805197 - CVE-2012-1571 file: out of bounds read in CDF parser 849621 - file is coming back with 'LaTeX document text' instead of 'XML document text' 873997 - file thinks the attached jpg is "Minix filesystem, V2, 50968 zones" 884396 - file detects netpbm files as x86 boot sector type sometimes 980941 - file reported wrong file type (reported .PIC image file instead of ASCII text file) 1064463 - text file detected as 'RRDTool DB version ool - Round Robin Database Tool' 1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules 1067771 - file unable to detect qcow2 compat=1.1 img created by RHEL7 1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: file-5.04-21.el6.src.rpm i386: file-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.i686.rpm file-libs-5.04-21.el6.i686.rpm x86_64: file-5.04-21.el6.x86_64.rpm file-debuginfo-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.x86_64.rpm file-libs-5.04-21.el6.i686.rpm file-libs-5.04-21.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: file-debuginfo-5.04-21.el6.i686.rpm file-devel-5.04-21.el6.i686.rpm file-static-5.04-21.el6.i686.rpm python-magic-5.04-21.el6.i686.rpm x86_64: file-debuginfo-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.x86_64.rpm file-devel-5.04-21.el6.i686.rpm file-devel-5.04-21.el6.x86_64.rpm file-static-5.04-21.el6.x86_64.rpm python-magic-5.04-21.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: file-5.04-21.el6.src.rpm x86_64: file-5.04-21.el6.x86_64.rpm file-debuginfo-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.x86_64.rpm file-libs-5.04-21.el6.i686.rpm file-libs-5.04-21.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: file-debuginfo-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.x86_64.rpm file-devel-5.04-21.el6.i686.rpm file-devel-5.04-21.el6.x86_64.rpm file-static-5.04-21.el6.x86_64.rpm python-magic-5.04-21.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: file-5.04-21.el6.src.rpm i386: file-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.i686.rpm file-devel-5.04-21.el6.i686.rpm file-libs-5.04-21.el6.i686.rpm python-magic-5.04-21.el6.i686.rpm ppc64: file-5.04-21.el6.ppc64.rpm file-debuginfo-5.04-21.el6.ppc.rpm file-debuginfo-5.04-21.el6.ppc64.rpm file-devel-5.04-21.el6.ppc.rpm file-devel-5.04-21.el6.ppc64.rpm file-libs-5.04-21.el6.ppc.rpm file-libs-5.04-21.el6.ppc64.rpm python-magic-5.04-21.el6.ppc64.rpm s390x: file-5.04-21.el6.s390x.rpm file-debuginfo-5.04-21.el6.s390.rpm file-debuginfo-5.04-21.el6.s390x.rpm file-devel-5.04-21.el6.s390.rpm file-devel-5.04-21.el6.s390x.rpm file-libs-5.04-21.el6.s390.rpm file-libs-5.04-21.el6.s390x.rpm python-magic-5.04-21.el6.s390x.rpm x86_64: file-5.04-21.el6.x86_64.rpm file-debuginfo-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.x86_64.rpm file-devel-5.04-21.el6.i686.rpm file-devel-5.04-21.el6.x86_64.rpm file-libs-5.04-21.el6.i686.rpm file-libs-5.04-21.el6.x86_64.rpm python-magic-5.04-21.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: file-debuginfo-5.04-21.el6.i686.rpm file-static-5.04-21.el6.i686.rpm ppc64: file-debuginfo-5.04-21.el6.ppc64.rpm file-static-5.04-21.el6.ppc64.rpm s390x: file-debuginfo-5.04-21.el6.s390x.rpm file-static-5.04-21.el6.s390x.rpm x86_64: file-debuginfo-5.04-21.el6.x86_64.rpm file-static-5.04-21.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: file-5.04-21.el6.src.rpm i386: file-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.i686.rpm file-devel-5.04-21.el6.i686.rpm file-libs-5.04-21.el6.i686.rpm python-magic-5.04-21.el6.i686.rpm x86_64: file-5.04-21.el6.x86_64.rpm file-debuginfo-5.04-21.el6.i686.rpm file-debuginfo-5.04-21.el6.x86_64.rpm file-devel-5.04-21.el6.i686.rpm file-devel-5.04-21.el6.x86_64.rpm file-libs-5.04-21.el6.i686.rpm file-libs-5.04-21.el6.x86_64.rpm python-magic-5.04-21.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: file-debuginfo-5.04-21.el6.i686.rpm file-static-5.04-21.el6.i686.rpm x86_64: file-debuginfo-5.04-21.el6.x86_64.rpm file-static-5.04-21.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1571.html https://www.redhat.com/security/data/cve/CVE-2014-0237.html https://www.redhat.com/security/data/cve/CVE-2014-0238.html https://www.redhat.com/security/data/cve/CVE-2014-1943.html https://www.redhat.com/security/data/cve/CVE-2014-2270.html https://www.redhat.com/security/data/cve/CVE-2014-3479.html https://www.redhat.com/security/data/cve/CVE-2014-3480.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPK2pXlSAg2UNWIIRAso7AKC/EbxFblMfli0lLhGrWgaITTXzWwCfVRz8 WJQeVt3iCpD2AmTeeVy2qa8= =Jpq5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 14 08:04:41 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Oct 2014 08:04:41 +0000 Subject: [RHSA-2014:1626-01] Critical: chromium-browser security update Message-ID: <201410140756.s9E7u7pJ010178@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2014:1626-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1626.html Issue date: 2014-10-14 CVE Names: CVE-2014-3188 CVE-2014-3189 CVE-2014-3190 CVE-2014-3191 CVE-2014-3192 CVE-2014-3193 CVE-2014-3194 CVE-2014-3195 CVE-2014-3197 CVE-2014-3198 CVE-2014-3199 CVE-2014-3200 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3199, CVE-2014-3200) Several information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to disclose potentially sensitive information. (CVE-2014-3195, CVE-2014-3197, CVE-2014-3198) All Chromium users should upgrade to these updated packages, which contain Chromium version 38.0.2125.101, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1150848 - CVE-2014-3188 v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101 1150849 - CVE-2014-3195 v8: information leak fixed in Google Chrome 38.0.2125.101 1151368 - CVE-2014-3189 CVE-2014-3198 chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101 1151381 - CVE-2014-3190 CVE-2014-3191 CVE-2014-3193 CVE-2014-3199 chromium: multiple security fixes in Chrome 38.0.2125.101 1151383 - CVE-2014-3194 chromium: use-after-free issue in Web Workers fixed in Chrome 38.0.2125.101 1151395 - CVE-2014-3192 chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.101 1151422 - CVE-2014-3197 chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101 1151425 - CVE-2014-3200 chromium: multiple unspecified issues fixed in Chrome 38.0.2125.101 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-38.0.2125.101-2.el6_6.src.rpm i386: chromium-browser-38.0.2125.101-2.el6_6.i686.rpm chromium-browser-debuginfo-38.0.2125.101-2.el6_6.i686.rpm x86_64: chromium-browser-38.0.2125.101-2.el6_6.x86_64.rpm chromium-browser-debuginfo-38.0.2125.101-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-38.0.2125.101-2.el6_6.src.rpm i386: chromium-browser-38.0.2125.101-2.el6_6.i686.rpm chromium-browser-debuginfo-38.0.2125.101-2.el6_6.i686.rpm x86_64: chromium-browser-38.0.2125.101-2.el6_6.x86_64.rpm chromium-browser-debuginfo-38.0.2125.101-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-38.0.2125.101-2.el6_6.src.rpm i386: chromium-browser-38.0.2125.101-2.el6_6.i686.rpm chromium-browser-debuginfo-38.0.2125.101-2.el6_6.i686.rpm x86_64: chromium-browser-38.0.2125.101-2.el6_6.x86_64.rpm chromium-browser-debuginfo-38.0.2125.101-2.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3188.html https://www.redhat.com/security/data/cve/CVE-2014-3189.html https://www.redhat.com/security/data/cve/CVE-2014-3190.html https://www.redhat.com/security/data/cve/CVE-2014-3191.html https://www.redhat.com/security/data/cve/CVE-2014-3192.html https://www.redhat.com/security/data/cve/CVE-2014-3193.html https://www.redhat.com/security/data/cve/CVE-2014-3194.html https://www.redhat.com/security/data/cve/CVE-2014-3195.html https://www.redhat.com/security/data/cve/CVE-2014-3197.html https://www.redhat.com/security/data/cve/CVE-2014-3198.html https://www.redhat.com/security/data/cve/CVE-2014-3199.html https://www.redhat.com/security/data/cve/CVE-2014-3200.html https://access.redhat.com/security/updates/classification/#critical http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPNcTXlSAg2UNWIIRArpxAJ4j8S3Ge1+QwFdsFe7lFocX1SkT+ACdGjwr QV0KBxn2naFo+v/nKSm3rtA= =+e84 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 15 03:12:54 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Oct 2014 03:12:54 +0000 Subject: [RHSA-2014:1620-01] Important: java-1.7.0-openjdk security and bug fix update Message-ID: <201410150312.s9F3Cs6f012978@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security and bug fix update Advisory ID: RHSA-2014:1620-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1620.html Issue date: 2014-10-15 CVE Names: CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150182 - CVE-2014-6504 OpenJDK: incorrect optimization of range checks in C2 compiler (Hotspot, 8022783) 1150273 - CVE-2014-6519 OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151364 - CVE-2014-6517 OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm i386: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm i386: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el6.noarch.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el6.i686.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm i386: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el6.noarch.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el6.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el6.i686.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el6.i686.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el7_0.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el7_0.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm s390x: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el7_0.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.ppc64.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.s390x.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el7_0.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-6457.html https://www.redhat.com/security/data/cve/CVE-2014-6502.html https://www.redhat.com/security/data/cve/CVE-2014-6504.html https://www.redhat.com/security/data/cve/CVE-2014-6506.html https://www.redhat.com/security/data/cve/CVE-2014-6511.html https://www.redhat.com/security/data/cve/CVE-2014-6512.html https://www.redhat.com/security/data/cve/CVE-2014-6517.html https://www.redhat.com/security/data/cve/CVE-2014-6519.html https://www.redhat.com/security/data/cve/CVE-2014-6531.html https://www.redhat.com/security/data/cve/CVE-2014-6558.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPeXrXlSAg2UNWIIRAtQoAKCQC721zzhsBcSq7CNWuMqGpg6bCACcC7xB 22vy6FrpeY4jjZJNptR814k= =CHaM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 15 03:14:41 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Oct 2014 03:14:41 +0000 Subject: [RHSA-2014:1633-01] Important: java-1.7.0-openjdk security and bug fix update Message-ID: <201410150314.s9F3EfOE030538@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security and bug fix update Advisory ID: RHSA-2014:1633-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1633.html Issue date: 2014-10-14 CVE Names: CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150182 - CVE-2014-6504 OpenJDK: incorrect optimization of range checks in C2 compiler (Hotspot, 8022783) 1150273 - CVE-2014-6519 OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151364 - CVE-2014-6517 OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-6457.html https://www.redhat.com/security/data/cve/CVE-2014-6502.html https://www.redhat.com/security/data/cve/CVE-2014-6504.html https://www.redhat.com/security/data/cve/CVE-2014-6506.html https://www.redhat.com/security/data/cve/CVE-2014-6511.html https://www.redhat.com/security/data/cve/CVE-2014-6512.html https://www.redhat.com/security/data/cve/CVE-2014-6517.html https://www.redhat.com/security/data/cve/CVE-2014-6519.html https://www.redhat.com/security/data/cve/CVE-2014-6531.html https://www.redhat.com/security/data/cve/CVE-2014-6558.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPeZpXlSAg2UNWIIRAv84AJ4pxexW2Jl6EugmXjH6A6IDtZ3powCgn+Vc Mg3lMaqHTt72U4a22A1EFFI= =2PpL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 15 03:17:12 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Oct 2014 03:17:12 +0000 Subject: [RHSA-2014:1634-01] Important: java-1.6.0-openjdk security and bug fix update Message-ID: <201410150317.s9F3HClt026118@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security and bug fix update Advisory ID: RHSA-2014:1634-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1634.html Issue date: 2014-10-14 Updated on: 2014-10-15 CVE Names: CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150182 - CVE-2014-6504 OpenJDK: incorrect optimization of range checks in C2 compiler (Hotspot, 8022783) 1150273 - CVE-2014-6519 OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151364 - CVE-2014-6517 OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el6_6.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.s390x.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-6457.html https://www.redhat.com/security/data/cve/CVE-2014-6502.html https://www.redhat.com/security/data/cve/CVE-2014-6504.html https://www.redhat.com/security/data/cve/CVE-2014-6506.html https://www.redhat.com/security/data/cve/CVE-2014-6511.html https://www.redhat.com/security/data/cve/CVE-2014-6512.html https://www.redhat.com/security/data/cve/CVE-2014-6517.html https://www.redhat.com/security/data/cve/CVE-2014-6519.html https://www.redhat.com/security/data/cve/CVE-2014-6531.html https://www.redhat.com/security/data/cve/CVE-2014-6558.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPebNXlSAg2UNWIIRAmjHAKCPgqKTJuBHcAmLvU40ZhkcMMfzngCgusQO RVEaCPT4amm8YWnuYKOake8= =hNyx -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 15 03:19:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Oct 2014 03:19:17 +0000 Subject: [RHSA-2014:1635-01] Critical: firefox security update Message-ID: <201410150319.s9F3JHOc015694@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2014:1635-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1635.html Issue date: 2014-10-14 Updated on: 2014-10-15 CVE Names: CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576, CVE-2014-1577) A flaw was found in the Alarm API, which allows applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass cross-origin restrictions. (CVE-2014-1583) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron Campen Jon Coppeard, Atte Kettunen, Holger Fuhrmannek, Abhishek Arya, regenrecht, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152356 - CVE-2014-1574 Mozilla: Miscellaneous memory safety hazards (rv:31.2) (MFSA 2014-74) 1152358 - CVE-2014-1576 Mozilla: Buffer overflow during CSS manipulation (MFSA 2014-75) 1152359 - CVE-2014-1577 Mozilla: Web Audio memory corruption issues with custom waveforms (MFSA 2014-76) 1152361 - CVE-2014-1578 Mozilla: Out-of-bounds write with WebM video (MFSA 2014-77) 1152363 - CVE-2014-1581 Mozilla: Use-after-free interacting with text directionality (MFSA 2014-79) 1152683 - CVE-2014-1583 Mozilla: Accessing cross-origin objects via the Alarms API (MFSA 2014-82) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-31.2.0-3.el5_11.src.rpm i386: firefox-31.2.0-3.el5_11.i386.rpm firefox-debuginfo-31.2.0-3.el5_11.i386.rpm x86_64: firefox-31.2.0-3.el5_11.i386.rpm firefox-31.2.0-3.el5_11.x86_64.rpm firefox-debuginfo-31.2.0-3.el5_11.i386.rpm firefox-debuginfo-31.2.0-3.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-31.2.0-3.el5_11.src.rpm i386: firefox-31.2.0-3.el5_11.i386.rpm firefox-debuginfo-31.2.0-3.el5_11.i386.rpm ia64: firefox-31.2.0-3.el5_11.ia64.rpm firefox-debuginfo-31.2.0-3.el5_11.ia64.rpm ppc: firefox-31.2.0-3.el5_11.ppc.rpm firefox-debuginfo-31.2.0-3.el5_11.ppc.rpm s390x: firefox-31.2.0-3.el5_11.s390.rpm firefox-31.2.0-3.el5_11.s390x.rpm firefox-debuginfo-31.2.0-3.el5_11.s390.rpm firefox-debuginfo-31.2.0-3.el5_11.s390x.rpm x86_64: firefox-31.2.0-3.el5_11.i386.rpm firefox-31.2.0-3.el5_11.x86_64.rpm firefox-debuginfo-31.2.0-3.el5_11.i386.rpm firefox-debuginfo-31.2.0-3.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-31.2.0-3.el6_6.src.rpm i386: firefox-31.2.0-3.el6_6.i686.rpm firefox-debuginfo-31.2.0-3.el6_6.i686.rpm x86_64: firefox-31.2.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.2.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-31.2.0-3.el6_6.i686.rpm firefox-debuginfo-31.2.0-3.el6_6.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-31.2.0-3.el6_6.src.rpm x86_64: firefox-31.2.0-3.el6_6.i686.rpm firefox-31.2.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.2.0-3.el6_6.i686.rpm firefox-debuginfo-31.2.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-31.2.0-3.el6_6.src.rpm i386: firefox-31.2.0-3.el6_6.i686.rpm firefox-debuginfo-31.2.0-3.el6_6.i686.rpm ppc64: firefox-31.2.0-3.el6_6.ppc64.rpm firefox-debuginfo-31.2.0-3.el6_6.ppc64.rpm s390x: firefox-31.2.0-3.el6_6.s390x.rpm firefox-debuginfo-31.2.0-3.el6_6.s390x.rpm x86_64: firefox-31.2.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.2.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-31.2.0-3.el6_6.ppc.rpm firefox-debuginfo-31.2.0-3.el6_6.ppc.rpm s390x: firefox-31.2.0-3.el6_6.s390.rpm firefox-debuginfo-31.2.0-3.el6_6.s390.rpm x86_64: firefox-31.2.0-3.el6_6.i686.rpm firefox-debuginfo-31.2.0-3.el6_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-31.2.0-3.el6_6.src.rpm i386: firefox-31.2.0-3.el6_6.i686.rpm firefox-debuginfo-31.2.0-3.el6_6.i686.rpm x86_64: firefox-31.2.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.2.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-31.2.0-3.el6_6.i686.rpm firefox-debuginfo-31.2.0-3.el6_6.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-31.2.0-3.el7_0.src.rpm xulrunner-31.2.0-1.el7_0.src.rpm x86_64: firefox-31.2.0-3.el7_0.x86_64.rpm firefox-debuginfo-31.2.0-3.el7_0.x86_64.rpm xulrunner-31.2.0-1.el7_0.i686.rpm xulrunner-31.2.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.2.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-31.2.0-3.el7_0.i686.rpm firefox-debuginfo-31.2.0-3.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.x86_64.rpm xulrunner-devel-31.2.0-1.el7_0.i686.rpm xulrunner-devel-31.2.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xulrunner-31.2.0-1.el7_0.src.rpm x86_64: xulrunner-31.2.0-1.el7_0.i686.rpm xulrunner-31.2.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.2.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.x86_64.rpm xulrunner-devel-31.2.0-1.el7_0.i686.rpm xulrunner-devel-31.2.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-31.2.0-3.el7_0.src.rpm xulrunner-31.2.0-1.el7_0.src.rpm ppc64: firefox-31.2.0-3.el7_0.ppc64.rpm firefox-debuginfo-31.2.0-3.el7_0.ppc64.rpm xulrunner-31.2.0-1.el7_0.ppc.rpm xulrunner-31.2.0-1.el7_0.ppc64.rpm xulrunner-debuginfo-31.2.0-1.el7_0.ppc.rpm xulrunner-debuginfo-31.2.0-1.el7_0.ppc64.rpm s390x: firefox-31.2.0-3.el7_0.s390x.rpm firefox-debuginfo-31.2.0-3.el7_0.s390x.rpm x86_64: firefox-31.2.0-3.el7_0.x86_64.rpm firefox-debuginfo-31.2.0-3.el7_0.x86_64.rpm xulrunner-31.2.0-1.el7_0.i686.rpm xulrunner-31.2.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.2.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: xulrunner-31.2.0-1.el7_0.src.rpm ppc64: firefox-31.2.0-3.el7_0.ppc.rpm firefox-debuginfo-31.2.0-3.el7_0.ppc.rpm xulrunner-debuginfo-31.2.0-1.el7_0.ppc.rpm xulrunner-debuginfo-31.2.0-1.el7_0.ppc64.rpm xulrunner-devel-31.2.0-1.el7_0.ppc.rpm xulrunner-devel-31.2.0-1.el7_0.ppc64.rpm s390x: firefox-31.2.0-3.el7_0.s390.rpm firefox-debuginfo-31.2.0-3.el7_0.s390.rpm xulrunner-31.2.0-1.el7_0.s390.rpm xulrunner-31.2.0-1.el7_0.s390x.rpm xulrunner-debuginfo-31.2.0-1.el7_0.s390.rpm xulrunner-debuginfo-31.2.0-1.el7_0.s390x.rpm xulrunner-devel-31.2.0-1.el7_0.s390.rpm xulrunner-devel-31.2.0-1.el7_0.s390x.rpm x86_64: firefox-31.2.0-3.el7_0.i686.rpm firefox-debuginfo-31.2.0-3.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.x86_64.rpm xulrunner-devel-31.2.0-1.el7_0.i686.rpm xulrunner-devel-31.2.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-31.2.0-3.el7_0.src.rpm xulrunner-31.2.0-1.el7_0.src.rpm x86_64: firefox-31.2.0-3.el7_0.x86_64.rpm firefox-debuginfo-31.2.0-3.el7_0.x86_64.rpm xulrunner-31.2.0-1.el7_0.i686.rpm xulrunner-31.2.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.2.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-31.2.0-3.el7_0.i686.rpm firefox-debuginfo-31.2.0-3.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.2.0-1.el7_0.x86_64.rpm xulrunner-devel-31.2.0-1.el7_0.i686.rpm xulrunner-devel-31.2.0-1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-1574.html https://www.redhat.com/security/data/cve/CVE-2014-1576.html https://www.redhat.com/security/data/cve/CVE-2014-1577.html https://www.redhat.com/security/data/cve/CVE-2014-1578.html https://www.redhat.com/security/data/cve/CVE-2014-1581.html https://www.redhat.com/security/data/cve/CVE-2014-1583.html https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox31.2 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPednXlSAg2UNWIIRArSwAKC0xBOIE8PkH09Uri60gyuoYCa5xQCffXhx w1HCaGrsEGcZ3T39PHcgF40= =Zs4P -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 15 03:20:47 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Oct 2014 03:20:47 +0000 Subject: [RHSA-2014:1636-01] Important: java-1.8.0-openjdk security update Message-ID: <201410150320.s9F3Klam027906@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2014:1636-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1636.html Issue date: 2014-10-14 CVE Names: CVE-2014-6457 CVE-2014-6468 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6562 ===================================================================== 1. Summary: Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-6562) Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges. (CVE-2014-6468) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150182 - CVE-2014-6504 OpenJDK: incorrect optimization of range checks in C2 compiler (Hotspot, 8022783) 1150273 - CVE-2014-6519 OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151364 - CVE-2014-6517 OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1151988 - CVE-2014-6562 OpenJDK: incorrect handling of zip entries with NUL in name (Libraries, 8048025) 1152049 - CVE-2014-6468 OpenJDK: insufficient SharedArchiveFile checks (Hotspot, 8044269) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.src.rpm i386: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.25-1.b17.el6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.25-1.b17.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-src-1.8.0.25-1.b17.el6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.25-1.b17.el6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.25-1.b17.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.25-1.b17.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.25-1.b17.el6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.25-1.b17.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.src.rpm i386: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.25-1.b17.el6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.25-1.b17.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-src-1.8.0.25-1.b17.el6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.25-1.b17.el6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.25-1.b17.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.src.rpm i386: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.25-1.b17.el6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.25-1.b17.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.25-1.b17.el6.i686.rpm java-1.8.0-openjdk-src-1.8.0.25-1.b17.el6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.25-1.b17.el6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.25-1.b17.el6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.25-1.b17.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-6457.html https://www.redhat.com/security/data/cve/CVE-2014-6468.html https://www.redhat.com/security/data/cve/CVE-2014-6502.html https://www.redhat.com/security/data/cve/CVE-2014-6504.html https://www.redhat.com/security/data/cve/CVE-2014-6506.html https://www.redhat.com/security/data/cve/CVE-2014-6511.html https://www.redhat.com/security/data/cve/CVE-2014-6512.html https://www.redhat.com/security/data/cve/CVE-2014-6517.html https://www.redhat.com/security/data/cve/CVE-2014-6519.html https://www.redhat.com/security/data/cve/CVE-2014-6531.html https://www.redhat.com/security/data/cve/CVE-2014-6558.html https://www.redhat.com/security/data/cve/CVE-2014-6562.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPefcXlSAg2UNWIIRAhmGAJ4lJAh4s3sYi9TvAU28fAN+d4nhcgCfYZAq aLbJFosqjJ53tjOTOrwmPsI= =0BQu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 15 21:01:32 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Oct 2014 21:01:32 +0000 Subject: [RHSA-2014:1647-01] Important: thunderbird security update Message-ID: <201410152101.s9FL1W8c006507@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2014:1647-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1647.html Issue date: 2014-10-15 CVE Names: CVE-2014-1574 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1577) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron Campen Jon Coppeard, Holger Fuhrmannek, Abhishek Arya, and regenrecht as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.2.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.2.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152356 - CVE-2014-1574 Mozilla: Miscellaneous memory safety hazards (rv:31.2) (MFSA 2014-74) 1152359 - CVE-2014-1577 Mozilla: Web Audio memory corruption issues with custom waveforms (MFSA 2014-76) 1152361 - CVE-2014-1578 Mozilla: Out-of-bounds write with WebM video (MFSA 2014-77) 1152363 - CVE-2014-1581 Mozilla: Use-after-free interacting with text directionality (MFSA 2014-79) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-31.2.0-2.el5_11.src.rpm i386: thunderbird-31.2.0-2.el5_11.i386.rpm thunderbird-debuginfo-31.2.0-2.el5_11.i386.rpm x86_64: thunderbird-31.2.0-2.el5_11.x86_64.rpm thunderbird-debuginfo-31.2.0-2.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-31.2.0-3.el6_6.src.rpm i386: thunderbird-31.2.0-3.el6_6.i686.rpm thunderbird-debuginfo-31.2.0-3.el6_6.i686.rpm x86_64: thunderbird-31.2.0-3.el6_6.x86_64.rpm thunderbird-debuginfo-31.2.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-31.2.0-3.el6_6.src.rpm i386: thunderbird-31.2.0-3.el6_6.i686.rpm thunderbird-debuginfo-31.2.0-3.el6_6.i686.rpm ppc64: thunderbird-31.2.0-3.el6_6.ppc64.rpm thunderbird-debuginfo-31.2.0-3.el6_6.ppc64.rpm s390x: thunderbird-31.2.0-3.el6_6.s390x.rpm thunderbird-debuginfo-31.2.0-3.el6_6.s390x.rpm x86_64: thunderbird-31.2.0-3.el6_6.x86_64.rpm thunderbird-debuginfo-31.2.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-31.2.0-3.el6_6.src.rpm i386: thunderbird-31.2.0-3.el6_6.i686.rpm thunderbird-debuginfo-31.2.0-3.el6_6.i686.rpm x86_64: thunderbird-31.2.0-3.el6_6.x86_64.rpm thunderbird-debuginfo-31.2.0-3.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-1574.html https://www.redhat.com/security/data/cve/CVE-2014-1577.html https://www.redhat.com/security/data/cve/CVE-2014-1578.html https://www.redhat.com/security/data/cve/CVE-2014-1581.html https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird31.2 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFUPuCZXlSAg2UNWIIRAhHNAJ9AogEyHaerdaQVJV1M0uvm2wjrPwCXcK+5 OY3SuicziNVbRbfgpXI36g== =D/FQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 15 21:02:24 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Oct 2014 21:02:24 +0000 Subject: [RHSA-2014:1648-01] Critical: flash-plugin security update Message-ID: <201410152102.s9FL2OTO019310@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1648-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1648.html Issue date: 2014-10-15 CVE Names: CVE-2014-0558 CVE-2014-0564 CVE-2014-0569 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-22, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0558, CVE-2014-0564, CVE-2014-0569) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.411. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152775 - CVE-2014-0564 CVE-2014-0558 CVE-2014-0569 flash-plugin: multiple code execution flaws (APSB14-22) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.411-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.411-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.411-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.411-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.411-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.411-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.411-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.411-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.411-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.411-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.411-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0558.html https://www.redhat.com/security/data/cve/CVE-2014-0564.html https://www.redhat.com/security/data/cve/CVE-2014-0569.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-22.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPuDGXlSAg2UNWIIRAsobAJ9vnW0PysUhlqb4KDFHcw8Q7+rzqgCePtuZ Wum8dH3c44zrI0LJNv9/khY= =kNs5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 16 15:12:08 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Oct 2014 15:12:08 +0000 Subject: [RHSA-2014:1652-01] Important: openssl security update Message-ID: <201410161503.s9GF3XYo015807@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1652-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1652.html Issue date: 2014-10-16 CVE Names: CVE-2014-3513 CVE-2014-3567 ===================================================================== 1. Summary: Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152789 - CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack 1152953 - CVE-2014-3513 openssl: SRTP memory leak causes crash when using specially-crafted handshake message 1152961 - CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-30.el6_6.2.src.rpm i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-30.el6_6.2.src.rpm x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-30.el6_6.2.src.rpm i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm ppc64: openssl-1.0.1e-30.el6_6.2.ppc.rpm openssl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc64.rpm s390x: openssl-1.0.1e-30.el6_6.2.s390.rpm openssl-1.0.1e-30.el6_6.2.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-devel-1.0.1e-30.el6_6.2.s390.rpm openssl-devel-1.0.1e-30.el6_6.2.s390x.rpm x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm ppc64: openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-static-1.0.1e-30.el6_6.2.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-perl-1.0.1e-30.el6_6.2.s390x.rpm openssl-static-1.0.1e-30.el6_6.2.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-30.el6_6.2.src.rpm i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-34.el7_0.6.src.rpm x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-34.el7_0.6.src.rpm x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-34.el7_0.6.src.rpm ppc64: openssl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc64.rpm s390x: openssl-1.0.1e-34.el7_0.6.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-devel-1.0.1e-34.el7_0.6.s390.rpm openssl-devel-1.0.1e-34.el7_0.6.s390x.rpm openssl-libs-1.0.1e-34.el7_0.6.s390.rpm openssl-libs-1.0.1e-34.el7_0.6.s390x.rpm x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-static-1.0.1e-34.el7_0.6.ppc.rpm openssl-static-1.0.1e-34.el7_0.6.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-perl-1.0.1e-34.el7_0.6.s390x.rpm openssl-static-1.0.1e-34.el7_0.6.s390.rpm openssl-static-1.0.1e-34.el7_0.6.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-34.el7_0.6.src.rpm x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3513.html https://www.redhat.com/security/data/cve/CVE-2014-3567.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUP940XlSAg2UNWIIRAhUYAJ4or1rZ25E0BXjTPyeDsN+keTz3twCdHDEz qY686VXQQ02SLq5vTvKfuHk= =McEc -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 16 15:12:56 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Oct 2014 15:12:56 +0000 Subject: [RHSA-2014:1653-01] Moderate: openssl security update Message-ID: <201410161504.s9GF4Mb3007273@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1653-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1653.html Issue date: 2014-10-16 ===================================================================== 1. Summary: Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152789 - CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: openssl-0.9.8e-31.el5_11.src.rpm i386: openssl-0.9.8e-31.el5_11.i386.rpm openssl-0.9.8e-31.el5_11.i686.rpm openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm openssl-perl-0.9.8e-31.el5_11.i386.rpm x86_64: openssl-0.9.8e-31.el5_11.i686.rpm openssl-0.9.8e-31.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm openssl-perl-0.9.8e-31.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: openssl-0.9.8e-31.el5_11.src.rpm i386: openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm openssl-devel-0.9.8e-31.el5_11.i386.rpm x86_64: openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm openssl-devel-0.9.8e-31.el5_11.i386.rpm openssl-devel-0.9.8e-31.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: openssl-0.9.8e-31.el5_11.src.rpm i386: openssl-0.9.8e-31.el5_11.i386.rpm openssl-0.9.8e-31.el5_11.i686.rpm openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm openssl-devel-0.9.8e-31.el5_11.i386.rpm openssl-perl-0.9.8e-31.el5_11.i386.rpm ia64: openssl-0.9.8e-31.el5_11.i686.rpm openssl-0.9.8e-31.el5_11.ia64.rpm openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm openssl-debuginfo-0.9.8e-31.el5_11.ia64.rpm openssl-devel-0.9.8e-31.el5_11.ia64.rpm openssl-perl-0.9.8e-31.el5_11.ia64.rpm ppc: openssl-0.9.8e-31.el5_11.ppc.rpm openssl-0.9.8e-31.el5_11.ppc64.rpm openssl-debuginfo-0.9.8e-31.el5_11.ppc.rpm openssl-debuginfo-0.9.8e-31.el5_11.ppc64.rpm openssl-devel-0.9.8e-31.el5_11.ppc.rpm openssl-devel-0.9.8e-31.el5_11.ppc64.rpm openssl-perl-0.9.8e-31.el5_11.ppc.rpm s390x: openssl-0.9.8e-31.el5_11.s390.rpm openssl-0.9.8e-31.el5_11.s390x.rpm openssl-debuginfo-0.9.8e-31.el5_11.s390.rpm openssl-debuginfo-0.9.8e-31.el5_11.s390x.rpm openssl-devel-0.9.8e-31.el5_11.s390.rpm openssl-devel-0.9.8e-31.el5_11.s390x.rpm openssl-perl-0.9.8e-31.el5_11.s390x.rpm x86_64: openssl-0.9.8e-31.el5_11.i686.rpm openssl-0.9.8e-31.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm openssl-devel-0.9.8e-31.el5_11.i386.rpm openssl-devel-0.9.8e-31.el5_11.x86_64.rpm openssl-perl-0.9.8e-31.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/1232123 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUP95tXlSAg2UNWIIRAkc5AJ9nmEF3JBRZonktefvvJetST/IDwACfRLlK kXhpxz+knoilme+6qGxo2rQ= =PYRu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 16 17:59:54 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Oct 2014 17:59:54 +0000 Subject: [RHSA-2014:1654-01] Important: rsyslog7 security update Message-ID: <201410161759.s9GHxsUd007896@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rsyslog7 security update Advisory ID: RHSA-2014:1654-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1654.html Issue date: 2014-10-16 CVE Names: CVE-2014-3634 ===================================================================== 1. Summary: Updated rsyslog7 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1142373 - CVE-2014-3634 rsyslog: remote syslog PRI vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: rsyslog7-7.4.10-3.el6_6.src.rpm i386: rsyslog7-7.4.10-3.el6_6.i686.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.i686.rpm rsyslog7-gnutls-7.4.10-3.el6_6.i686.rpm rsyslog7-gssapi-7.4.10-3.el6_6.i686.rpm rsyslog7-relp-7.4.10-3.el6_6.i686.rpm x86_64: rsyslog7-7.4.10-3.el6_6.x86_64.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gnutls-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gssapi-7.4.10-3.el6_6.x86_64.rpm rsyslog7-relp-7.4.10-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: rsyslog7-debuginfo-7.4.10-3.el6_6.i686.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.i686.rpm rsyslog7-mysql-7.4.10-3.el6_6.i686.rpm rsyslog7-pgsql-7.4.10-3.el6_6.i686.rpm rsyslog7-snmp-7.4.10-3.el6_6.i686.rpm x86_64: rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.x86_64.rpm rsyslog7-mysql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-pgsql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-snmp-7.4.10-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: rsyslog7-7.4.10-3.el6_6.src.rpm x86_64: rsyslog7-7.4.10-3.el6_6.x86_64.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gnutls-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gssapi-7.4.10-3.el6_6.x86_64.rpm rsyslog7-relp-7.4.10-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.x86_64.rpm rsyslog7-mysql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-pgsql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-snmp-7.4.10-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: rsyslog7-7.4.10-3.el6_6.src.rpm i386: rsyslog7-7.4.10-3.el6_6.i686.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.i686.rpm rsyslog7-gnutls-7.4.10-3.el6_6.i686.rpm rsyslog7-gssapi-7.4.10-3.el6_6.i686.rpm rsyslog7-mysql-7.4.10-3.el6_6.i686.rpm rsyslog7-pgsql-7.4.10-3.el6_6.i686.rpm rsyslog7-relp-7.4.10-3.el6_6.i686.rpm ppc64: rsyslog7-7.4.10-3.el6_6.ppc64.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.ppc64.rpm rsyslog7-gnutls-7.4.10-3.el6_6.ppc64.rpm rsyslog7-gssapi-7.4.10-3.el6_6.ppc64.rpm rsyslog7-mysql-7.4.10-3.el6_6.ppc64.rpm rsyslog7-pgsql-7.4.10-3.el6_6.ppc64.rpm rsyslog7-relp-7.4.10-3.el6_6.ppc64.rpm s390x: rsyslog7-7.4.10-3.el6_6.s390x.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.s390x.rpm rsyslog7-gnutls-7.4.10-3.el6_6.s390x.rpm rsyslog7-gssapi-7.4.10-3.el6_6.s390x.rpm rsyslog7-mysql-7.4.10-3.el6_6.s390x.rpm rsyslog7-pgsql-7.4.10-3.el6_6.s390x.rpm rsyslog7-relp-7.4.10-3.el6_6.s390x.rpm x86_64: rsyslog7-7.4.10-3.el6_6.x86_64.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gnutls-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gssapi-7.4.10-3.el6_6.x86_64.rpm rsyslog7-mysql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-pgsql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-relp-7.4.10-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: rsyslog7-debuginfo-7.4.10-3.el6_6.i686.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.i686.rpm rsyslog7-snmp-7.4.10-3.el6_6.i686.rpm ppc64: rsyslog7-debuginfo-7.4.10-3.el6_6.ppc64.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.ppc64.rpm rsyslog7-snmp-7.4.10-3.el6_6.ppc64.rpm s390x: rsyslog7-debuginfo-7.4.10-3.el6_6.s390x.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.s390x.rpm rsyslog7-snmp-7.4.10-3.el6_6.s390x.rpm x86_64: rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.x86_64.rpm rsyslog7-snmp-7.4.10-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: rsyslog7-7.4.10-3.el6_6.src.rpm i386: rsyslog7-7.4.10-3.el6_6.i686.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.i686.rpm rsyslog7-gnutls-7.4.10-3.el6_6.i686.rpm rsyslog7-gssapi-7.4.10-3.el6_6.i686.rpm rsyslog7-mysql-7.4.10-3.el6_6.i686.rpm rsyslog7-pgsql-7.4.10-3.el6_6.i686.rpm rsyslog7-relp-7.4.10-3.el6_6.i686.rpm x86_64: rsyslog7-7.4.10-3.el6_6.x86_64.rpm rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gnutls-7.4.10-3.el6_6.x86_64.rpm rsyslog7-gssapi-7.4.10-3.el6_6.x86_64.rpm rsyslog7-mysql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-pgsql-7.4.10-3.el6_6.x86_64.rpm rsyslog7-relp-7.4.10-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: rsyslog7-debuginfo-7.4.10-3.el6_6.i686.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.i686.rpm rsyslog7-snmp-7.4.10-3.el6_6.i686.rpm x86_64: rsyslog7-debuginfo-7.4.10-3.el6_6.x86_64.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.x86_64.rpm rsyslog7-snmp-7.4.10-3.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3634.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUQAcPXlSAg2UNWIIRAqegAJoDRHqsmPGRFBgOriZQ73Q8klxY1gCgpOou SLgdWLVMlIkrJP6PA3twopg= =u1Fl -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 16 18:01:31 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Oct 2014 18:01:31 +0000 Subject: [RHSA-2014:1655-01] Moderate: libxml2 security update Message-ID: <201410161801.s9GI1VI1028475@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2014:1655-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1655.html Issue date: 2014-10-16 CVE Names: CVE-2014-3660 ===================================================================== 1. Summary: Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1149084 - CVE-2014-3660 libxml2: denial of service via recursive entity expansion 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libxml2-2.7.6-17.el6_6.1.src.rpm i386: libxml2-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-python-2.7.6-17.el6_6.1.i686.rpm x86_64: libxml2-2.7.6-17.el6_6.1.i686.rpm libxml2-2.7.6-17.el6_6.1.x86_64.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-python-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-devel-2.7.6-17.el6_6.1.i686.rpm libxml2-static-2.7.6-17.el6_6.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-devel-2.7.6-17.el6_6.1.i686.rpm libxml2-devel-2.7.6-17.el6_6.1.x86_64.rpm libxml2-static-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libxml2-2.7.6-17.el6_6.1.src.rpm x86_64: libxml2-2.7.6-17.el6_6.1.i686.rpm libxml2-2.7.6-17.el6_6.1.x86_64.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-python-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-devel-2.7.6-17.el6_6.1.i686.rpm libxml2-devel-2.7.6-17.el6_6.1.x86_64.rpm libxml2-static-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libxml2-2.7.6-17.el6_6.1.src.rpm i386: libxml2-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-devel-2.7.6-17.el6_6.1.i686.rpm libxml2-python-2.7.6-17.el6_6.1.i686.rpm ppc64: libxml2-2.7.6-17.el6_6.1.ppc.rpm libxml2-2.7.6-17.el6_6.1.ppc64.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.ppc.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.ppc64.rpm libxml2-devel-2.7.6-17.el6_6.1.ppc.rpm libxml2-devel-2.7.6-17.el6_6.1.ppc64.rpm libxml2-python-2.7.6-17.el6_6.1.ppc64.rpm s390x: libxml2-2.7.6-17.el6_6.1.s390.rpm libxml2-2.7.6-17.el6_6.1.s390x.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.s390.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.s390x.rpm libxml2-devel-2.7.6-17.el6_6.1.s390.rpm libxml2-devel-2.7.6-17.el6_6.1.s390x.rpm libxml2-python-2.7.6-17.el6_6.1.s390x.rpm x86_64: libxml2-2.7.6-17.el6_6.1.i686.rpm libxml2-2.7.6-17.el6_6.1.x86_64.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-devel-2.7.6-17.el6_6.1.i686.rpm libxml2-devel-2.7.6-17.el6_6.1.x86_64.rpm libxml2-python-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-static-2.7.6-17.el6_6.1.i686.rpm ppc64: libxml2-debuginfo-2.7.6-17.el6_6.1.ppc64.rpm libxml2-static-2.7.6-17.el6_6.1.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-17.el6_6.1.s390x.rpm libxml2-static-2.7.6-17.el6_6.1.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-static-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libxml2-2.7.6-17.el6_6.1.src.rpm i386: libxml2-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-devel-2.7.6-17.el6_6.1.i686.rpm libxml2-python-2.7.6-17.el6_6.1.i686.rpm x86_64: libxml2-2.7.6-17.el6_6.1.i686.rpm libxml2-2.7.6-17.el6_6.1.x86_64.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-devel-2.7.6-17.el6_6.1.i686.rpm libxml2-devel-2.7.6-17.el6_6.1.x86_64.rpm libxml2-python-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libxml2-debuginfo-2.7.6-17.el6_6.1.i686.rpm libxml2-static-2.7.6-17.el6_6.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-17.el6_6.1.x86_64.rpm libxml2-static-2.7.6-17.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-5.el7_0.1.src.rpm x86_64: libxml2-2.9.1-5.el7_0.1.i686.rpm libxml2-2.9.1-5.el7_0.1.x86_64.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-devel-2.9.1-5.el7_0.1.i686.rpm libxml2-devel-2.9.1-5.el7_0.1.x86_64.rpm libxml2-static-2.9.1-5.el7_0.1.i686.rpm libxml2-static-2.9.1-5.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-5.el7_0.1.src.rpm x86_64: libxml2-2.9.1-5.el7_0.1.i686.rpm libxml2-2.9.1-5.el7_0.1.x86_64.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-devel-2.9.1-5.el7_0.1.i686.rpm libxml2-devel-2.9.1-5.el7_0.1.x86_64.rpm libxml2-static-2.9.1-5.el7_0.1.i686.rpm libxml2-static-2.9.1-5.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-5.el7_0.1.src.rpm ppc64: libxml2-2.9.1-5.el7_0.1.ppc.rpm libxml2-2.9.1-5.el7_0.1.ppc64.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.ppc.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.ppc64.rpm libxml2-devel-2.9.1-5.el7_0.1.ppc.rpm libxml2-devel-2.9.1-5.el7_0.1.ppc64.rpm libxml2-python-2.9.1-5.el7_0.1.ppc64.rpm s390x: libxml2-2.9.1-5.el7_0.1.s390.rpm libxml2-2.9.1-5.el7_0.1.s390x.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.s390.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.s390x.rpm libxml2-devel-2.9.1-5.el7_0.1.s390.rpm libxml2-devel-2.9.1-5.el7_0.1.s390x.rpm libxml2-python-2.9.1-5.el7_0.1.s390x.rpm x86_64: libxml2-2.9.1-5.el7_0.1.i686.rpm libxml2-2.9.1-5.el7_0.1.x86_64.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-devel-2.9.1-5.el7_0.1.i686.rpm libxml2-devel-2.9.1-5.el7_0.1.x86_64.rpm libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-5.el7_0.1.ppc.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.ppc64.rpm libxml2-static-2.9.1-5.el7_0.1.ppc.rpm libxml2-static-2.9.1-5.el7_0.1.ppc64.rpm s390x: libxml2-debuginfo-2.9.1-5.el7_0.1.s390.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.s390x.rpm libxml2-static-2.9.1-5.el7_0.1.s390.rpm libxml2-static-2.9.1-5.el7_0.1.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-static-2.9.1-5.el7_0.1.i686.rpm libxml2-static-2.9.1-5.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-5.el7_0.1.src.rpm x86_64: libxml2-2.9.1-5.el7_0.1.i686.rpm libxml2-2.9.1-5.el7_0.1.x86_64.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-devel-2.9.1-5.el7_0.1.i686.rpm libxml2-devel-2.9.1-5.el7_0.1.x86_64.rpm libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-5.el7_0.1.i686.rpm libxml2-debuginfo-2.9.1-5.el7_0.1.x86_64.rpm libxml2-static-2.9.1-5.el7_0.1.i686.rpm libxml2-static-2.9.1-5.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3660.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUQAfJXlSAg2UNWIIRAhekAJ48b6nIfRsZqrZRM/GQcEv1hKhuMwCeI/Lp GVauQhpqnaB3Ok2vdL+Kbgw= =n+ck -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 16 23:20:45 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Oct 2014 23:20:45 +0000 Subject: [RHSA-2014:1657-01] Critical: java-1.7.0-oracle security update Message-ID: <201410162320.s9GNKj4g019134@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2014:1657-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1657.html Issue date: 2014-10-16 CVE Names: CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 72 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150182 - CVE-2014-6504 OpenJDK: incorrect optimization of range checks in C2 compiler (Hotspot, 8022783) 1150273 - CVE-2014-6519 OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151364 - CVE-2014-6517 OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.4.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.4.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.7.0-oracle-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.4.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.4.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.4.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.4.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): Source: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.72-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.72-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4288.html https://www.redhat.com/security/data/cve/CVE-2014-6456.html https://www.redhat.com/security/data/cve/CVE-2014-6457.html https://www.redhat.com/security/data/cve/CVE-2014-6458.html https://www.redhat.com/security/data/cve/CVE-2014-6476.html https://www.redhat.com/security/data/cve/CVE-2014-6492.html https://www.redhat.com/security/data/cve/CVE-2014-6493.html https://www.redhat.com/security/data/cve/CVE-2014-6502.html https://www.redhat.com/security/data/cve/CVE-2014-6503.html https://www.redhat.com/security/data/cve/CVE-2014-6504.html https://www.redhat.com/security/data/cve/CVE-2014-6506.html https://www.redhat.com/security/data/cve/CVE-2014-6511.html https://www.redhat.com/security/data/cve/CVE-2014-6512.html https://www.redhat.com/security/data/cve/CVE-2014-6515.html https://www.redhat.com/security/data/cve/CVE-2014-6517.html https://www.redhat.com/security/data/cve/CVE-2014-6519.html https://www.redhat.com/security/data/cve/CVE-2014-6527.html https://www.redhat.com/security/data/cve/CVE-2014-6531.html https://www.redhat.com/security/data/cve/CVE-2014-6532.html https://www.redhat.com/security/data/cve/CVE-2014-6558.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUQFKyXlSAg2UNWIIRAn1gAJwMKQ8WBTM/P1VICU1CFD8ddDsRFwCcCcm1 n74fhQJSsxLuZKs5oER078E= =vzMp -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 16 23:21:35 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Oct 2014 23:21:35 +0000 Subject: [RHSA-2014:1658-01] Important: java-1.6.0-sun security update Message-ID: <201410162321.s9GNLZmY008395@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-sun security update Advisory ID: RHSA-2014:1658-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1658.html Issue date: 2014-10-16 CVE Names: CVE-2014-4288 CVE-2014-6457 CVE-2014-6458 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150182 - CVE-2014-6504 OpenJDK: incorrect optimization of range checks in C2 compiler (Hotspot, 8022783) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151364 - CVE-2014-6517 OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.3.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.3.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.6.0-sun-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.3.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.3.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.6.0-sun-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): Source: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.85-1jpp.2.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.85-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4288.html https://www.redhat.com/security/data/cve/CVE-2014-6457.html https://www.redhat.com/security/data/cve/CVE-2014-6458.html https://www.redhat.com/security/data/cve/CVE-2014-6492.html https://www.redhat.com/security/data/cve/CVE-2014-6493.html https://www.redhat.com/security/data/cve/CVE-2014-6502.html https://www.redhat.com/security/data/cve/CVE-2014-6503.html https://www.redhat.com/security/data/cve/CVE-2014-6504.html https://www.redhat.com/security/data/cve/CVE-2014-6506.html https://www.redhat.com/security/data/cve/CVE-2014-6511.html https://www.redhat.com/security/data/cve/CVE-2014-6512.html https://www.redhat.com/security/data/cve/CVE-2014-6515.html https://www.redhat.com/security/data/cve/CVE-2014-6517.html https://www.redhat.com/security/data/cve/CVE-2014-6531.html https://www.redhat.com/security/data/cve/CVE-2014-6532.html https://www.redhat.com/security/data/cve/CVE-2014-6558.html https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUQFLlXlSAg2UNWIIRAgbfAJ0YlM6cIh9SdTsEaH9xNPeU7BV/BACeMfhZ RAGugYnwrEpSdc7AkvB9UeI= =TI93 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 20 18:50:48 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Oct 2014 18:50:48 +0000 Subject: [RHSA-2014:1669-02] Low: qemu-kvm security and bug fix update Message-ID: <201410201850.s9KIom9V023310@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm security and bug fix update Advisory ID: RHSA-2014:1669-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1669.html Issue date: 2014-10-20 CVE Names: CVE-2014-3615 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bug: * This update fixes a regression in the scsi_block_new_request() function, which caused all read requests to through SG_IO if the host cache was not used. (BZ#1141189) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1139115 - CVE-2014-3615 Qemu: information leakage when guest sets high resolution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-60.el7_0.10.src.rpm x86_64: libcacard-1.5.3-60.el7_0.10.i686.rpm libcacard-1.5.3-60.el7_0.10.x86_64.rpm qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-img-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-common-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.i686.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-tools-1.5.3-60.el7_0.10.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-60.el7_0.10.i686.rpm libcacard-devel-1.5.3-60.el7_0.10.x86_64.rpm libcacard-tools-1.5.3-60.el7_0.10.x86_64.rpm qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.i686.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: qemu-kvm-1.5.3-60.el7_0.10.src.rpm x86_64: qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libcacard-1.5.3-60.el7_0.10.i686.rpm libcacard-1.5.3-60.el7_0.10.x86_64.rpm libcacard-devel-1.5.3-60.el7_0.10.i686.rpm libcacard-devel-1.5.3-60.el7_0.10.x86_64.rpm libcacard-tools-1.5.3-60.el7_0.10.x86_64.rpm qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-img-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-common-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.i686.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-tools-1.5.3-60.el7_0.10.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-60.el7_0.10.src.rpm x86_64: libcacard-1.5.3-60.el7_0.10.i686.rpm libcacard-1.5.3-60.el7_0.10.x86_64.rpm qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-img-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-common-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.i686.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-tools-1.5.3-60.el7_0.10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: libcacard-devel-1.5.3-60.el7_0.10.i686.rpm libcacard-devel-1.5.3-60.el7_0.10.x86_64.rpm libcacard-tools-1.5.3-60.el7_0.10.x86_64.rpm qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.i686.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-60.el7_0.10.src.rpm x86_64: libcacard-1.5.3-60.el7_0.10.i686.rpm libcacard-1.5.3-60.el7_0.10.x86_64.rpm qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-img-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-common-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.i686.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-tools-1.5.3-60.el7_0.10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-60.el7_0.10.i686.rpm libcacard-devel-1.5.3-60.el7_0.10.x86_64.rpm libcacard-tools-1.5.3-60.el7_0.10.x86_64.rpm qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.i686.rpm qemu-kvm-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3615.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFURVlsXlSAg2UNWIIRAoUfAKCxslbsjlnHCUOYuHD5IjkSzxS/MACgkFr9 hzcvoWbFZ/yCuBDN3ZmYjV8= =JMBH -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 20 18:54:57 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Oct 2014 18:54:57 +0000 Subject: [RHSA-2014:1671-01] Moderate: rsyslog5 and rsyslog security update Message-ID: <201410201854.s9KIsv9P015608@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rsyslog5 and rsyslog security update Advisory ID: RHSA-2014:1671-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1671.html Issue date: 2014-10-20 CVE Names: CVE-2014-3634 ===================================================================== 1. Summary: Updated rsyslog5 and rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog5 and rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1142373 - CVE-2014-3634 rsyslog: remote syslog PRI vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: rsyslog5-5.8.12-5.el5_11.src.rpm i386: rsyslog5-5.8.12-5.el5_11.i386.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.i386.rpm rsyslog5-gnutls-5.8.12-5.el5_11.i386.rpm rsyslog5-gssapi-5.8.12-5.el5_11.i386.rpm rsyslog5-mysql-5.8.12-5.el5_11.i386.rpm rsyslog5-pgsql-5.8.12-5.el5_11.i386.rpm rsyslog5-snmp-5.8.12-5.el5_11.i386.rpm x86_64: rsyslog5-5.8.12-5.el5_11.x86_64.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.x86_64.rpm rsyslog5-gnutls-5.8.12-5.el5_11.x86_64.rpm rsyslog5-gssapi-5.8.12-5.el5_11.x86_64.rpm rsyslog5-mysql-5.8.12-5.el5_11.x86_64.rpm rsyslog5-pgsql-5.8.12-5.el5_11.x86_64.rpm rsyslog5-snmp-5.8.12-5.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: rsyslog5-5.8.12-5.el5_11.src.rpm i386: rsyslog5-5.8.12-5.el5_11.i386.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.i386.rpm rsyslog5-gnutls-5.8.12-5.el5_11.i386.rpm rsyslog5-gssapi-5.8.12-5.el5_11.i386.rpm rsyslog5-mysql-5.8.12-5.el5_11.i386.rpm rsyslog5-pgsql-5.8.12-5.el5_11.i386.rpm rsyslog5-snmp-5.8.12-5.el5_11.i386.rpm ia64: rsyslog5-5.8.12-5.el5_11.ia64.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.ia64.rpm rsyslog5-gnutls-5.8.12-5.el5_11.ia64.rpm rsyslog5-gssapi-5.8.12-5.el5_11.ia64.rpm rsyslog5-mysql-5.8.12-5.el5_11.ia64.rpm rsyslog5-pgsql-5.8.12-5.el5_11.ia64.rpm rsyslog5-snmp-5.8.12-5.el5_11.ia64.rpm ppc: rsyslog5-5.8.12-5.el5_11.ppc.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.ppc.rpm rsyslog5-gnutls-5.8.12-5.el5_11.ppc.rpm rsyslog5-gssapi-5.8.12-5.el5_11.ppc.rpm rsyslog5-mysql-5.8.12-5.el5_11.ppc.rpm rsyslog5-pgsql-5.8.12-5.el5_11.ppc.rpm rsyslog5-snmp-5.8.12-5.el5_11.ppc.rpm s390x: rsyslog5-5.8.12-5.el5_11.s390x.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.s390x.rpm rsyslog5-gnutls-5.8.12-5.el5_11.s390x.rpm rsyslog5-gssapi-5.8.12-5.el5_11.s390x.rpm rsyslog5-mysql-5.8.12-5.el5_11.s390x.rpm rsyslog5-pgsql-5.8.12-5.el5_11.s390x.rpm rsyslog5-snmp-5.8.12-5.el5_11.s390x.rpm x86_64: rsyslog5-5.8.12-5.el5_11.x86_64.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.x86_64.rpm rsyslog5-gnutls-5.8.12-5.el5_11.x86_64.rpm rsyslog5-gssapi-5.8.12-5.el5_11.x86_64.rpm rsyslog5-mysql-5.8.12-5.el5_11.x86_64.rpm rsyslog5-pgsql-5.8.12-5.el5_11.x86_64.rpm rsyslog5-snmp-5.8.12-5.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm i386: rsyslog-5.8.10-9.el6_6.i686.rpm rsyslog-debuginfo-5.8.10-9.el6_6.i686.rpm rsyslog-gnutls-5.8.10-9.el6_6.i686.rpm rsyslog-gssapi-5.8.10-9.el6_6.i686.rpm rsyslog-relp-5.8.10-9.el6_6.i686.rpm x86_64: rsyslog-5.8.10-9.el6_6.x86_64.rpm rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-gnutls-5.8.10-9.el6_6.x86_64.rpm rsyslog-gssapi-5.8.10-9.el6_6.x86_64.rpm rsyslog-relp-5.8.10-9.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm i386: rsyslog-debuginfo-5.8.10-9.el6_6.i686.rpm rsyslog-mysql-5.8.10-9.el6_6.i686.rpm rsyslog-pgsql-5.8.10-9.el6_6.i686.rpm rsyslog-snmp-5.8.10-9.el6_6.i686.rpm x86_64: rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-mysql-5.8.10-9.el6_6.x86_64.rpm rsyslog-pgsql-5.8.10-9.el6_6.x86_64.rpm rsyslog-snmp-5.8.10-9.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm x86_64: rsyslog-5.8.10-9.el6_6.x86_64.rpm rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-gnutls-5.8.10-9.el6_6.x86_64.rpm rsyslog-gssapi-5.8.10-9.el6_6.x86_64.rpm rsyslog-relp-5.8.10-9.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm x86_64: rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-mysql-5.8.10-9.el6_6.x86_64.rpm rsyslog-pgsql-5.8.10-9.el6_6.x86_64.rpm rsyslog-snmp-5.8.10-9.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm i386: rsyslog-5.8.10-9.el6_6.i686.rpm rsyslog-debuginfo-5.8.10-9.el6_6.i686.rpm rsyslog-gnutls-5.8.10-9.el6_6.i686.rpm rsyslog-gssapi-5.8.10-9.el6_6.i686.rpm rsyslog-mysql-5.8.10-9.el6_6.i686.rpm rsyslog-pgsql-5.8.10-9.el6_6.i686.rpm rsyslog-relp-5.8.10-9.el6_6.i686.rpm ppc64: rsyslog-5.8.10-9.el6_6.ppc64.rpm rsyslog-debuginfo-5.8.10-9.el6_6.ppc64.rpm rsyslog-gnutls-5.8.10-9.el6_6.ppc64.rpm rsyslog-gssapi-5.8.10-9.el6_6.ppc64.rpm rsyslog-mysql-5.8.10-9.el6_6.ppc64.rpm rsyslog-pgsql-5.8.10-9.el6_6.ppc64.rpm rsyslog-relp-5.8.10-9.el6_6.ppc64.rpm s390x: rsyslog-5.8.10-9.el6_6.s390x.rpm rsyslog-debuginfo-5.8.10-9.el6_6.s390x.rpm rsyslog-gnutls-5.8.10-9.el6_6.s390x.rpm rsyslog-gssapi-5.8.10-9.el6_6.s390x.rpm rsyslog-mysql-5.8.10-9.el6_6.s390x.rpm rsyslog-pgsql-5.8.10-9.el6_6.s390x.rpm rsyslog-relp-5.8.10-9.el6_6.s390x.rpm x86_64: rsyslog-5.8.10-9.el6_6.x86_64.rpm rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-gnutls-5.8.10-9.el6_6.x86_64.rpm rsyslog-gssapi-5.8.10-9.el6_6.x86_64.rpm rsyslog-mysql-5.8.10-9.el6_6.x86_64.rpm rsyslog-pgsql-5.8.10-9.el6_6.x86_64.rpm rsyslog-relp-5.8.10-9.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm i386: rsyslog-debuginfo-5.8.10-9.el6_6.i686.rpm rsyslog-snmp-5.8.10-9.el6_6.i686.rpm ppc64: rsyslog-debuginfo-5.8.10-9.el6_6.ppc64.rpm rsyslog-snmp-5.8.10-9.el6_6.ppc64.rpm s390x: rsyslog-debuginfo-5.8.10-9.el6_6.s390x.rpm rsyslog-snmp-5.8.10-9.el6_6.s390x.rpm x86_64: rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-snmp-5.8.10-9.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm i386: rsyslog-5.8.10-9.el6_6.i686.rpm rsyslog-debuginfo-5.8.10-9.el6_6.i686.rpm rsyslog-gnutls-5.8.10-9.el6_6.i686.rpm rsyslog-gssapi-5.8.10-9.el6_6.i686.rpm rsyslog-mysql-5.8.10-9.el6_6.i686.rpm rsyslog-pgsql-5.8.10-9.el6_6.i686.rpm rsyslog-relp-5.8.10-9.el6_6.i686.rpm x86_64: rsyslog-5.8.10-9.el6_6.x86_64.rpm rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-gnutls-5.8.10-9.el6_6.x86_64.rpm rsyslog-gssapi-5.8.10-9.el6_6.x86_64.rpm rsyslog-mysql-5.8.10-9.el6_6.x86_64.rpm rsyslog-pgsql-5.8.10-9.el6_6.x86_64.rpm rsyslog-relp-5.8.10-9.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: rsyslog-5.8.10-9.el6_6.src.rpm i386: rsyslog-debuginfo-5.8.10-9.el6_6.i686.rpm rsyslog-snmp-5.8.10-9.el6_6.i686.rpm x86_64: rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-snmp-5.8.10-9.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3634.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFURVn4XlSAg2UNWIIRAuaWAJ91j9A3POMj8lpZorMqOCJtqkgPXwCfZ0Wg jJx6ffqrPFX7f0MzTeM52cY= =7irN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 21 20:25:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Oct 2014 20:25:07 +0000 Subject: [RHSA-2014:1676-01] Moderate: wireshark security update Message-ID: <201410212025.s9LKP8Z6011421@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2014:1676-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1676.html Issue date: 2014-10-21 CVE Names: CVE-2014-6421 CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 ===================================================================== 1. Summary: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1142602 - CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19) 1142603 - CVE-2014-6428 wireshark: SES dissector crash (wnpa-sec-2014-18) 1142604 - CVE-2014-6427 wireshark: RTSP dissector crash (wnpa-sec-2014-17) 1142606 - CVE-2014-6426 wireshark: HIP dissector infinite loop (wnpa-sec-2014-16) 1142608 - CVE-2014-6425 wireshark: CUPS dissector crash (wnpa-sec-2014-15) 1142609 - CVE-2014-6424 wireshark: Netflow dissector crash (wnpa-sec-2014-14) 1142610 - CVE-2014-6423 wireshark: MEGACO dissector infinite loop (wnpa-sec-2014-13) 1142611 - CVE-2014-6421 CVE-2014-6422 wireshark: RTP dissector crash (wnpa-sec-2014-12) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: wireshark-1.8.10-8.el6_6.src.rpm i386: wireshark-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-gnome-1.8.10-8.el6_6.i686.rpm x86_64: wireshark-1.8.10-8.el6_6.i686.rpm wireshark-1.8.10-8.el6_6.x86_64.rpm wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.x86_64.rpm wireshark-gnome-1.8.10-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: wireshark-1.8.10-8.el6_6.src.rpm i386: wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-devel-1.8.10-8.el6_6.i686.rpm x86_64: wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.x86_64.rpm wireshark-devel-1.8.10-8.el6_6.i686.rpm wireshark-devel-1.8.10-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: wireshark-1.8.10-8.el6_6.src.rpm i386: wireshark-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-gnome-1.8.10-8.el6_6.i686.rpm ppc64: wireshark-1.8.10-8.el6_6.ppc.rpm wireshark-1.8.10-8.el6_6.ppc64.rpm wireshark-debuginfo-1.8.10-8.el6_6.ppc.rpm wireshark-debuginfo-1.8.10-8.el6_6.ppc64.rpm wireshark-gnome-1.8.10-8.el6_6.ppc64.rpm s390x: wireshark-1.8.10-8.el6_6.s390.rpm wireshark-1.8.10-8.el6_6.s390x.rpm wireshark-debuginfo-1.8.10-8.el6_6.s390.rpm wireshark-debuginfo-1.8.10-8.el6_6.s390x.rpm wireshark-gnome-1.8.10-8.el6_6.s390x.rpm x86_64: wireshark-1.8.10-8.el6_6.i686.rpm wireshark-1.8.10-8.el6_6.x86_64.rpm wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.x86_64.rpm wireshark-gnome-1.8.10-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: wireshark-1.8.10-8.el6_6.src.rpm i386: wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-devel-1.8.10-8.el6_6.i686.rpm ppc64: wireshark-debuginfo-1.8.10-8.el6_6.ppc.rpm wireshark-debuginfo-1.8.10-8.el6_6.ppc64.rpm wireshark-devel-1.8.10-8.el6_6.ppc.rpm wireshark-devel-1.8.10-8.el6_6.ppc64.rpm s390x: wireshark-debuginfo-1.8.10-8.el6_6.s390.rpm wireshark-debuginfo-1.8.10-8.el6_6.s390x.rpm wireshark-devel-1.8.10-8.el6_6.s390.rpm wireshark-devel-1.8.10-8.el6_6.s390x.rpm x86_64: wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.x86_64.rpm wireshark-devel-1.8.10-8.el6_6.i686.rpm wireshark-devel-1.8.10-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: wireshark-1.8.10-8.el6_6.src.rpm i386: wireshark-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-gnome-1.8.10-8.el6_6.i686.rpm x86_64: wireshark-1.8.10-8.el6_6.i686.rpm wireshark-1.8.10-8.el6_6.x86_64.rpm wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.x86_64.rpm wireshark-gnome-1.8.10-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: wireshark-1.8.10-8.el6_6.src.rpm i386: wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-devel-1.8.10-8.el6_6.i686.rpm x86_64: wireshark-debuginfo-1.8.10-8.el6_6.i686.rpm wireshark-debuginfo-1.8.10-8.el6_6.x86_64.rpm wireshark-devel-1.8.10-8.el6_6.i686.rpm wireshark-devel-1.8.10-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: wireshark-1.10.3-12.el7_0.src.rpm x86_64: wireshark-1.10.3-12.el7_0.i686.rpm wireshark-1.10.3-12.el7_0.x86_64.rpm wireshark-debuginfo-1.10.3-12.el7_0.i686.rpm wireshark-debuginfo-1.10.3-12.el7_0.x86_64.rpm wireshark-gnome-1.10.3-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: wireshark-debuginfo-1.10.3-12.el7_0.i686.rpm wireshark-debuginfo-1.10.3-12.el7_0.x86_64.rpm wireshark-devel-1.10.3-12.el7_0.i686.rpm wireshark-devel-1.10.3-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wireshark-1.10.3-12.el7_0.src.rpm ppc64: wireshark-1.10.3-12.el7_0.ppc.rpm wireshark-1.10.3-12.el7_0.ppc64.rpm wireshark-debuginfo-1.10.3-12.el7_0.ppc.rpm wireshark-debuginfo-1.10.3-12.el7_0.ppc64.rpm wireshark-gnome-1.10.3-12.el7_0.ppc64.rpm s390x: wireshark-1.10.3-12.el7_0.s390.rpm wireshark-1.10.3-12.el7_0.s390x.rpm wireshark-debuginfo-1.10.3-12.el7_0.s390.rpm wireshark-debuginfo-1.10.3-12.el7_0.s390x.rpm wireshark-gnome-1.10.3-12.el7_0.s390x.rpm x86_64: wireshark-1.10.3-12.el7_0.i686.rpm wireshark-1.10.3-12.el7_0.x86_64.rpm wireshark-debuginfo-1.10.3-12.el7_0.i686.rpm wireshark-debuginfo-1.10.3-12.el7_0.x86_64.rpm wireshark-gnome-1.10.3-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: wireshark-debuginfo-1.10.3-12.el7_0.ppc.rpm wireshark-debuginfo-1.10.3-12.el7_0.ppc64.rpm wireshark-devel-1.10.3-12.el7_0.ppc.rpm wireshark-devel-1.10.3-12.el7_0.ppc64.rpm s390x: wireshark-debuginfo-1.10.3-12.el7_0.s390.rpm wireshark-debuginfo-1.10.3-12.el7_0.s390x.rpm wireshark-devel-1.10.3-12.el7_0.s390.rpm wireshark-devel-1.10.3-12.el7_0.s390x.rpm x86_64: wireshark-debuginfo-1.10.3-12.el7_0.i686.rpm wireshark-debuginfo-1.10.3-12.el7_0.x86_64.rpm wireshark-devel-1.10.3-12.el7_0.i686.rpm wireshark-devel-1.10.3-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wireshark-1.10.3-12.el7_0.src.rpm x86_64: wireshark-1.10.3-12.el7_0.i686.rpm wireshark-1.10.3-12.el7_0.x86_64.rpm wireshark-debuginfo-1.10.3-12.el7_0.i686.rpm wireshark-debuginfo-1.10.3-12.el7_0.x86_64.rpm wireshark-gnome-1.10.3-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: wireshark-debuginfo-1.10.3-12.el7_0.i686.rpm wireshark-debuginfo-1.10.3-12.el7_0.x86_64.rpm wireshark-devel-1.10.3-12.el7_0.i686.rpm wireshark-devel-1.10.3-12.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-6421.html https://www.redhat.com/security/data/cve/CVE-2014-6422.html https://www.redhat.com/security/data/cve/CVE-2014-6423.html https://www.redhat.com/security/data/cve/CVE-2014-6424.html https://www.redhat.com/security/data/cve/CVE-2014-6425.html https://www.redhat.com/security/data/cve/CVE-2014-6426.html https://www.redhat.com/security/data/cve/CVE-2014-6427.html https://www.redhat.com/security/data/cve/CVE-2014-6428.html https://www.redhat.com/security/data/cve/CVE-2014-6429.html https://www.redhat.com/security/data/cve/CVE-2014-6430.html https://www.redhat.com/security/data/cve/CVE-2014-6431.html https://www.redhat.com/security/data/cve/CVE-2014-6432.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFURsEEXlSAg2UNWIIRAo1kAJ9D8zdQmBQ3kwOc796qDWm5+58vHgCgrTmk O1lioLN2rEbmXX6HZmTJmUY= =6RXQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 21 20:25:46 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Oct 2014 20:25:46 +0000 Subject: [RHSA-2014:1677-01] Moderate: wireshark security update Message-ID: <201410212025.s9LKPko9003120@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2014:1677-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1677.html Issue date: 2014-10-21 CVE Names: CVE-2014-6421 CVE-2014-6422 CVE-2014-6423 CVE-2014-6425 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 ===================================================================== 1. Summary: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1142602 - CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19) 1142603 - CVE-2014-6428 wireshark: SES dissector crash (wnpa-sec-2014-18) 1142608 - CVE-2014-6425 wireshark: CUPS dissector crash (wnpa-sec-2014-15) 1142610 - CVE-2014-6423 wireshark: MEGACO dissector infinite loop (wnpa-sec-2014-13) 1142611 - CVE-2014-6421 CVE-2014-6422 wireshark: RTP dissector crash (wnpa-sec-2014-12) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: wireshark-1.0.15-7.el5_11.src.rpm i386: wireshark-1.0.15-7.el5_11.i386.rpm wireshark-debuginfo-1.0.15-7.el5_11.i386.rpm x86_64: wireshark-1.0.15-7.el5_11.x86_64.rpm wireshark-debuginfo-1.0.15-7.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: wireshark-1.0.15-7.el5_11.src.rpm i386: wireshark-debuginfo-1.0.15-7.el5_11.i386.rpm wireshark-gnome-1.0.15-7.el5_11.i386.rpm x86_64: wireshark-debuginfo-1.0.15-7.el5_11.x86_64.rpm wireshark-gnome-1.0.15-7.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: wireshark-1.0.15-7.el5_11.src.rpm i386: wireshark-1.0.15-7.el5_11.i386.rpm wireshark-debuginfo-1.0.15-7.el5_11.i386.rpm wireshark-gnome-1.0.15-7.el5_11.i386.rpm ia64: wireshark-1.0.15-7.el5_11.ia64.rpm wireshark-debuginfo-1.0.15-7.el5_11.ia64.rpm wireshark-gnome-1.0.15-7.el5_11.ia64.rpm ppc: wireshark-1.0.15-7.el5_11.ppc.rpm wireshark-debuginfo-1.0.15-7.el5_11.ppc.rpm wireshark-gnome-1.0.15-7.el5_11.ppc.rpm s390x: wireshark-1.0.15-7.el5_11.s390x.rpm wireshark-debuginfo-1.0.15-7.el5_11.s390x.rpm wireshark-gnome-1.0.15-7.el5_11.s390x.rpm x86_64: wireshark-1.0.15-7.el5_11.x86_64.rpm wireshark-debuginfo-1.0.15-7.el5_11.x86_64.rpm wireshark-gnome-1.0.15-7.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-6421.html https://www.redhat.com/security/data/cve/CVE-2014-6422.html https://www.redhat.com/security/data/cve/CVE-2014-6423.html https://www.redhat.com/security/data/cve/CVE-2014-6425.html https://www.redhat.com/security/data/cve/CVE-2014-6428.html https://www.redhat.com/security/data/cve/CVE-2014-6429.html https://www.redhat.com/security/data/cve/CVE-2014-6430.html https://www.redhat.com/security/data/cve/CVE-2014-6431.html https://www.redhat.com/security/data/cve/CVE-2014-6432.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFURsE5XlSAg2UNWIIRAh7BAJ9OnSiknP/Yh2wFPSrynYZ1SmpNYACgm6nO h/RnsZU7gWJGJMqppwdqVuU= =wkoL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 22 18:07:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Oct 2014 18:07:07 +0000 Subject: [RHSA-2014:1685-01] Moderate: openstack-glance security and bug fix update Message-ID: <201410221807.s9MI77aJ006398@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-glance security and bug fix update Advisory ID: RHSA-2014:1685-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1685.html Issue date: 2014-10-22 CVE Names: CVE-2014-5356 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that the image_size_cap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service. (CVE-2014-5356) The openstack-glance packages have been upgraded to upstream version 2013.2.4, which provides a number of bug fixes over the previous version. (BZ#1146089) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the running glance services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1131770 - CVE-2014-5356 openstack-glance: Glance store disk space exhaustion 1146089 - Rebase openstack-glance to 2013.2.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-glance-2013.2.4-1.el6ost.src.rpm noarch: openstack-glance-2013.2.4-1.el6ost.noarch.rpm openstack-glance-doc-2013.2.4-1.el6ost.noarch.rpm python-glance-2013.2.4-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-5356 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUR/HOXlSAg2UNWIIRAvljAJ0RjqMKQxWfLjjbYAQkUOP6er2TlgCZARkZ ihhxAgrc95Ntnqc8zvZ3U4s= =zpwA -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 22 18:07:50 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Oct 2014 18:07:50 +0000 Subject: [RHSA-2014:1686-01] Moderate: openstack-neutron security and bug fix update Message-ID: <201410221807.s9MI7ocj006667@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security and bug fix update Advisory ID: RHSA-2014:1686-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1686.html Issue date: 2014-10-22 CVE Names: CVE-2014-6414 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service. (CVE-2014-6414) These updated packages also fix various bugs. Documentation for these bug fixes is available in the Technical Notes document linked to in the References section. All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1090421 - neutron-agent-watch fails when deleting failed resource 1102910 - TTL never set on messages, causes messages to live forever 1113104 - Use simplejson instead of json to improve performance 1120146 - neutron-dhcp-agent and neutron-lbaas-agent fail to start 1128295 - Using soft or hard reboot can cause loss of network connectivity 1142012 - CVE-2014-6414 openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users 1146091 - Rebase openstack-neutron to 2013.2.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-neutron-2013.2.4-5.el6ost.src.rpm noarch: openstack-neutron-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-bigswitch-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-brocade-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-cisco-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-hyperv-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-linuxbridge-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-mellanox-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-metaplugin-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-metering-agent-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-midonet-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-ml2-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-nec-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-nicira-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-openvswitch-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-plumgrid-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-ryu-2013.2.4-5.el6ost.noarch.rpm openstack-neutron-vpn-agent-2013.2.4-5.el6ost.noarch.rpm python-neutron-2013.2.4-5.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6414 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.4 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUR/JmXlSAg2UNWIIRAmnIAJ49vBCqJ5oVyO56QtvwzW5HxI+GeACfTk5l 4MwWTH5EPDb4nM7lxRKq9Ls= =OzRV -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 22 18:08:23 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Oct 2014 18:08:23 +0000 Subject: [RHSA-2014:1687-02] Moderate: openstack-heat security, bug fix, and enhancement update Message-ID: <201410221808.s9MI8NRG032562@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-heat security, bug fix, and enhancement update Advisory ID: RHSA-2014:1687-02 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1687.html Issue date: 2014-10-22 CVE Names: CVE-2014-3801 ===================================================================== 1. Summary: Updated openstack-heat packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. It was discovered that a user could temporarily be able to see the URL of a provider template used in another tenant. If the template itself could be accessed, then additional information could be leaked that would otherwise not be visible. (CVE-2014-3801) The openstack-heat packages have been upgraded to upstream version 2013.2.4, which provides a number of bug fixes and enhancements over the previous version. The most notable enhancements are: * Added OS profiler support into Orchestration (heat). * Multiple environment files can now be specified on the command line. * The command 'resource-list' now displays 'physical_resource_id'. (BZ#1146092) This update also fixes the following bugs: * Prior to this update, Qpid would attempt to reconnect to a broken message broker, even though multiple hosts were configured. With this update, reconnect() selects the next broker in the list for each connection attempt. (BZ#1082672) * Prior to this update, certain Qpid exceptions were not properly handled by the Qpid driver. As a result, the Qpid connection would fail and stop processing subsequent messages. With this update, all possible exceptions are handled to ensure the Qpid driver does not enter an unrecoverable failure loop. Consequently, Orchestration (heat) will continue to process Qpid messages, even after a major exception occur. (BZ#1085996) * The Qpid driver's v2 topology has been introduced to specifically address the slow growth of orphaned direct exchanges over time. By default, however, services still used the original v1 topology of the Qpid driver. The v2 topology had to be explicitly configured via the 'qpid_topology_version = 2' parameter. With this fix, the Orchestration service's distribution configuration file (/usr/share/heat/heat-dist.conf) now contains the 'qpid_topology_version = 2' parameter. This effectively sets the Qpid driver's v2 topology as the default. In addition, the default value in the Qpid implementation has been changed to 2 as well. (BZ#1124137) * Previously, the version of Orchestration (heat) in Red Hat Enterprise Linux OpenStack Platform 4 did not include the "host_routes" property of the OS::Neutron::Subnet resource that was added in later releases of Orchestration. This change adds support for this property, which allows host routes to be specified for a subnet. (BZ#1095752) All openstack-heat users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1082672 - connection to multiple qpidd instances is broken 1085996 - Internal Error from python-qpid can cause qpid connection to never recover 1099748 - CVE-2014-3801 openstack-heat: authenticated information leak in Heat 1124137 - Heat messaging failure using default qpid_topology_version=1 1146092 - Rebase openstack-heat to 2013.2.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-heat-2013.2.4-1.el6ost.src.rpm noarch: openstack-heat-api-2013.2.4-1.el6ost.noarch.rpm openstack-heat-api-cfn-2013.2.4-1.el6ost.noarch.rpm openstack-heat-api-cloudwatch-2013.2.4-1.el6ost.noarch.rpm openstack-heat-common-2013.2.4-1.el6ost.noarch.rpm openstack-heat-engine-2013.2.4-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3801 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUR/KHXlSAg2UNWIIRAqHWAKCQkMssirciaTSHA5ryYA1pYtElYgCgwm/Y 2vMufQJe36C+zJ9gc+MO9AA= =E6Id -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 22 18:08:52 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Oct 2014 18:08:52 +0000 Subject: [RHSA-2014:1688-01] Important: openstack-keystone security and bug fix update Message-ID: <201410221808.s9MI8q03027578@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-keystone security and bug fix update Advisory ID: RHSA-2014:1688-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1688.html Issue date: 2014-10-22 CVE Names: CVE-2014-2828 CVE-2014-3621 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in the keystone V3 API. An attacker could send a single request with the same authentication method multiple times, possibly leading to a denial of service due to generating excessive load with minimal requests. Only keystone setups with the V3 API enabled were affected by this issue. (CVE-2014-2828) A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admin_token. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue. (CVE-2014-3621) Red Hat would like to thank the OpenStack project for reporting CVE-2014-3621. Upstream acknowledges Brant Knudson from IBM as the original reporter of this issue. The openstack-keystone packages have been upgraded to upstream version 2013.2.4, which provides a number of bug fixes over the previous version. (BZ#1146083) This update fixes the following bugs: * When using an LDAP back end, the Identity service failed with a 'Bad search filter' error whenever a token request was made for a user whose ID contained a comma (for example, 'Doe, John'). However, if the user's ID contained no comma ('John Doe'), the Identity service grants token requests as expected. This was because the LDAP back end code of the Identity server did not properly escape special characters when creating search filters. This update adds the necessary escaping, thereby allowing the Identity server to perform LDAP search operations correctly. (BZ#1099628) * Previously, if the Identity service encountered a failed connection to a message broker, re-connection attempts kept failing as well. This was because the Identity service tried to reconnect to the same failing message broker, even if there were multiple hosts configured. This has been fixed by making the reconnect() implementation select the next broker in the list. As a result, when multiple broker hosts are provided, the Identity service will try the next one in the list at every connection attempt. This means that non-failure reconnect attempts will also switch from the current broker to the next in the list. Hence, users should not rely on any particular order when using brokers from the list. (BZ#1082669) * The Identity service now logs successful authentications of users. In previous releases, only authentication failures were logged. (BZ#1098635) * When using the LDAP back end and connecting to Active Directory anonymously, trying to use the top-level suffix as the user_tree_dn (or tenant/role_tree_dn) failed with a communication error. This is because the Identity service attempted to chase returned referrals, which is not allowed by default in Active Directory for security reasons. This update adds a new configuration option to disable referral chasing for LDAP search operations, namely chase_referrals. When this option is disabled, the Identity service will skip over any returned referrals without chasing them. (BZ#1093833) All openstack-keystone users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1082669 - connection to multiple qpidd instances is broken 1086211 - CVE-2014-2828 openstack-keystone: denial of service via V3 API authentication chaining 1099628 - LDAP non-URL safe characters cause auth failure 1139937 - CVE-2014-3621 openstack-keystone: configuration data information leak through Keystone catalog 1146083 - Rebase openstack-keystone to 2013.2.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-keystone-2013.2.4-1.el6ost.src.rpm noarch: openstack-keystone-2013.2.4-1.el6ost.noarch.rpm openstack-keystone-doc-2013.2.4-1.el6ost.noarch.rpm python-keystone-2013.2.4-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2828 https://access.redhat.com/security/cve/CVE-2014-3621 https://access.redhat.com/security/updates/classification/#important https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUR/KjXlSAg2UNWIIRApdmAJ9cJgU0+MsFYdzDXYObvNoojs/NJQCfYHPc JPFf+mM6Y4qSxhjHOdLMSzc= =sQ6V -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 22 18:09:29 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Oct 2014 18:09:29 +0000 Subject: [RHSA-2014:1689-01] Important: openstack-nova security, bug fix, and enhancement update Message-ID: <201410221809.s9MI9TDD027700@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2014:1689-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1689.html Issue date: 2014-10-22 CVE Names: CVE-2014-8750 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected. (CVE-2014-8750) The openstack-nova packages have been upgraded to upstream version 2013.2.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#1146086) This update also fixes the following bug: * Prior to this update, certain RPC messages were not sending the correct data format when the version cap was set. During a live upgrade from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform 5.0, when there were Compute nodes running different versions of the code, some operations would fail on the Compute hosts that were not upgraded. With this update, proper version of the data is sent in all cases, and all RPC calls succeed during the live migration. (BZ#1083625) All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1083625 - Some operations broken during live upgrade from Havana to Icehouse 1098312 - FC cinder volumes still show mpath device on nova host after volumes are detached from instance. 1146086 - Rebase openstack-nova to 2013.2.4 1152346 - CVE-2014-8750 openstack-nova: Nova VMware driver may connect VNC to another tenant's console 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-nova-2013.2.4-2.el6ost.src.rpm noarch: openstack-nova-2013.2.4-2.el6ost.noarch.rpm openstack-nova-api-2013.2.4-2.el6ost.noarch.rpm openstack-nova-cells-2013.2.4-2.el6ost.noarch.rpm openstack-nova-cert-2013.2.4-2.el6ost.noarch.rpm openstack-nova-common-2013.2.4-2.el6ost.noarch.rpm openstack-nova-compute-2013.2.4-2.el6ost.noarch.rpm openstack-nova-conductor-2013.2.4-2.el6ost.noarch.rpm openstack-nova-console-2013.2.4-2.el6ost.noarch.rpm openstack-nova-doc-2013.2.4-2.el6ost.noarch.rpm openstack-nova-network-2013.2.4-2.el6ost.noarch.rpm openstack-nova-novncproxy-2013.2.4-2.el6ost.noarch.rpm openstack-nova-objectstore-2013.2.4-2.el6ost.noarch.rpm openstack-nova-scheduler-2013.2.4-2.el6ost.noarch.rpm python-nova-2013.2.4-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8750 https://access.redhat.com/security/updates/classification/#important https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUR/LCXlSAg2UNWIIRAqH0AJ91Io2Upu0x5sfHBx6h9MQ84CyHBgCfbfBx kvsI+hqyClCE2HJBq62/xhI= =95rS -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 22 18:10:25 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Oct 2014 18:10:25 +0000 Subject: [RHSA-2014:1690-01] Low: python-backports-ssl_match_hostname security update Message-ID: <201410221810.s9MIAQJ1008004@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: python-backports-ssl_match_hostname security update Advisory ID: RHSA-2014:1690-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1690.html Issue date: 2014-10-22 CVE Names: CVE-2013-2099 ===================================================================== 1. Summary: An updated python-backports-ssl_match_hostname package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The python-backports-ssl_match_hostname package provides RFC 6125 compliant wildcard matching. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. (CVE-2013-2099) This issue was discovered by Florian Weimer of Red Hat Product Security. All python-backports-ssl_match_hostname users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 963260 - CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: python-backports-ssl_match_hostname-3.4.0.2-1.el6.src.rpm noarch: python-backports-ssl_match_hostname-3.4.0.2-1.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2099 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUR/LsXlSAg2UNWIIRArGlAJ9u33gOJeoZnQQx6fC9wjjUDvBLjQCbBnZs A0PBkQuAQwaa7nEsY/rV0Pk= =Ny+h -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 22 18:11:10 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Oct 2014 18:11:10 +0000 Subject: [RHSA-2014:1691-01] Important: openstack-packstack security, bug fix, and enhancement update Message-ID: <201410221811.s9MIBAur029161@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-packstack security, bug fix, and enhancement update Advisory ID: RHSA-2014:1691-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1691.html Issue date: 2014-10-22 CVE Names: CVE-2014-3703 ===================================================================== 1. Summary: Updated openstack-packstack packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof-of-concept installations and more complex multi-node installations. It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirt_vif_driver configuration option if the Open vSwitch (OVS) monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after PackStack was started. (CVE-2014-3703) This issue was discovered by Yair Fried of Red Hat. This update also fixes the following bug: * This update fixes a dependency issue between the openstack-cinder-api and openstack-cinder-backup services. The openstack-cinder-backup service is now guaranteed to be started during PackStack installation. (BZ#1075609) In addition, this update adds the following enhancements: * This update enables mysqld performance improvement if users add the following configuration options to the /etc/my.cnf file: innodb_buffer_pool_size = (10-20% of available memory) innodb_flush_method = O_DIRECT innodb_file_per_table These improvements are expected to be the default settings in the next release. (BZ#1078999) * With this update, PackStack now consistently performs the installation of the sos, sos-plugins-openstack, and rhos-collector packages on all hosts. (BZ#1131619) All openstack-packstack users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1075609 - openstack-cinder-backup service is not running after install 1092008 - VMware: iscsi target discovery fails while attaching volumes 1111640 - packstack should open Tunnel ports VXLAN and GRE 1131619 - RFE: packstack and foreman should install the rhos sos plugins on all nodes 1143906 - Errors when setting CONFIG_NEUTRON_OVS_TUNNEL_IF to a VLAN interface in RHEL OSP 4 1146077 - Errors when setting CONFIG_NEUTRON_OVS_TUNNEL_IF to a VLAN interface in RHEL OSP 4 1150104 - Packstack fails on mysql installation "Could not open required defaults file: /root/.my.cnf" 1152702 - CVE-2014-3703 Red Hat Openstack 4 Neutron: security groups fail to block traffic properly due to packstack configuration 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-packstack-2013.2.1-0.33.dev1048.el6ost.src.rpm noarch: openstack-packstack-2013.2.1-0.33.dev1048.el6ost.noarch.rpm openstack-packstack-doc-2013.2.1-0.33.dev1048.el6ost.noarch.rpm openstack-packstack-puppet-2013.2.1-0.33.dev1048.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3703 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUR/MhXlSAg2UNWIIRAkEGAKCrI/aFxOZ/kwvR9ShzWUj452wCUACfcapF bSrp+Fu5XIqDkkopmcI0dek= =s86n -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 23 17:04:31 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Oct 2014 17:04:31 +0000 Subject: [RHSA-2014:1668-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201410231704.s9NH4Vff003091@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2014:1668-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1668.html Issue date: 2014-10-23 CVE Names: CVE-2014-5077 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) This update also fixes several bugs and adds one enhancement. Documentation for these changes is available from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: kernel-2.6.32-431.37.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.37.1.el6.noarch.rpm kernel-doc-2.6.32-431.37.1.el6.noarch.rpm kernel-firmware-2.6.32-431.37.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.37.1.el6.x86_64.rpm kernel-debug-2.6.32-431.37.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.37.1.el6.x86_64.rpm kernel-devel-2.6.32-431.37.1.el6.x86_64.rpm kernel-headers-2.6.32-431.37.1.el6.x86_64.rpm perf-2.6.32-431.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: kernel-2.6.32-431.37.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm python-perf-2.6.32-431.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: kernel-2.6.32-431.37.1.el6.src.rpm i386: kernel-2.6.32-431.37.1.el6.i686.rpm kernel-debug-2.6.32-431.37.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.37.1.el6.i686.rpm kernel-debug-devel-2.6.32-431.37.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.37.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.37.1.el6.i686.rpm kernel-devel-2.6.32-431.37.1.el6.i686.rpm kernel-headers-2.6.32-431.37.1.el6.i686.rpm perf-2.6.32-431.37.1.el6.i686.rpm perf-debuginfo-2.6.32-431.37.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.37.1.el6.noarch.rpm kernel-doc-2.6.32-431.37.1.el6.noarch.rpm kernel-firmware-2.6.32-431.37.1.el6.noarch.rpm ppc64: kernel-2.6.32-431.37.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.37.1.el6.ppc64.rpm kernel-debug-2.6.32-431.37.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.37.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.37.1.el6.ppc64.rpm kernel-devel-2.6.32-431.37.1.el6.ppc64.rpm kernel-headers-2.6.32-431.37.1.el6.ppc64.rpm perf-2.6.32-431.37.1.el6.ppc64.rpm perf-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm s390x: kernel-2.6.32-431.37.1.el6.s390x.rpm kernel-debug-2.6.32-431.37.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.37.1.el6.s390x.rpm kernel-debug-devel-2.6.32-431.37.1.el6.s390x.rpm kernel-debuginfo-2.6.32-431.37.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.37.1.el6.s390x.rpm kernel-devel-2.6.32-431.37.1.el6.s390x.rpm kernel-headers-2.6.32-431.37.1.el6.s390x.rpm kernel-kdump-2.6.32-431.37.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.37.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.37.1.el6.s390x.rpm perf-2.6.32-431.37.1.el6.s390x.rpm perf-debuginfo-2.6.32-431.37.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.s390x.rpm x86_64: kernel-2.6.32-431.37.1.el6.x86_64.rpm kernel-debug-2.6.32-431.37.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.37.1.el6.x86_64.rpm kernel-devel-2.6.32-431.37.1.el6.x86_64.rpm kernel-headers-2.6.32-431.37.1.el6.x86_64.rpm perf-2.6.32-431.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: kernel-2.6.32-431.37.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.37.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.37.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.37.1.el6.i686.rpm perf-debuginfo-2.6.32-431.37.1.el6.i686.rpm python-perf-2.6.32-431.37.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.37.1.el6.ppc64.rpm perf-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm python-perf-2.6.32-431.37.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.37.1.el6.s390x.rpm kernel-debuginfo-2.6.32-431.37.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.37.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.37.1.el6.s390x.rpm perf-debuginfo-2.6.32-431.37.1.el6.s390x.rpm python-perf-2.6.32-431.37.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm python-perf-2.6.32-431.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.37.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-5077 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/kernel.html#RHSA-2014-1668 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUSTTjXlSAg2UNWIIRAkYgAJ0YhWGJJztYSnhNh4VcuQ/a2pAXOwCglul0 Y5LDtuYzCh+GaruJ0q6Dl9o= =8kxd -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 28 21:42:03 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Oct 2014 21:42:03 +0000 Subject: [RHSA-2014:1724-01] Important: kernel security and bug fix update Message-ID: <201410282142.s9SLg3Uo010711@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1724-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1724.html Issue date: 2014-10-28 CVE Names: CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2014-4653 CVE-2014-5077 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. Bug fixes: * A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548) * When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. (BZ#1134715) * The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. (BZ#1134716) * Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. (BZ#1134717) * The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. (BZ#1138733) * A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. (BZ#1139126) * Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. (BZ#1140300) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1113409 - CVE-2014-4653 Kernel: ALSA: control: do not access controls outside of protected regions 1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions 1144825 - CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled 1144835 - CVE-2014-3645 kernel: kvm: vmx: invept vm exit not handled 1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-123.9.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.9.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-headers-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.9.2.el7.x86_64.rpm perf-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kernel-doc-3.10.0-123.9.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-123.9.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.9.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-headers-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.9.2.el7.x86_64.rpm perf-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: kernel-doc-3.10.0-123.9.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-123.9.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.9.2.el7.noarch.rpm ppc64: kernel-3.10.0-123.9.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-123.9.2.el7.ppc64.rpm kernel-debug-3.10.0-123.9.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-123.9.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.9.2.el7.ppc64.rpm kernel-devel-3.10.0-123.9.2.el7.ppc64.rpm kernel-headers-3.10.0-123.9.2.el7.ppc64.rpm kernel-tools-3.10.0-123.9.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-123.9.2.el7.ppc64.rpm perf-3.10.0-123.9.2.el7.ppc64.rpm perf-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm s390x: kernel-3.10.0-123.9.2.el7.s390x.rpm kernel-debug-3.10.0-123.9.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-123.9.2.el7.s390x.rpm kernel-debug-devel-3.10.0-123.9.2.el7.s390x.rpm kernel-debuginfo-3.10.0-123.9.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.9.2.el7.s390x.rpm kernel-devel-3.10.0-123.9.2.el7.s390x.rpm kernel-headers-3.10.0-123.9.2.el7.s390x.rpm kernel-kdump-3.10.0-123.9.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.9.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-123.9.2.el7.s390x.rpm perf-3.10.0-123.9.2.el7.s390x.rpm perf-debuginfo-3.10.0-123.9.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.s390x.rpm x86_64: kernel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-headers-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.9.2.el7.x86_64.rpm perf-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: kernel-doc-3.10.0-123.9.2.el7.noarch.rpm ppc64: kernel-debug-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.9.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-123.9.2.el7.ppc64.rpm perf-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm python-perf-3.10.0-123.9.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-123.9.2.el7.s390x.rpm kernel-debuginfo-3.10.0-123.9.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.9.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.9.2.el7.s390x.rpm perf-debuginfo-3.10.0-123.9.2.el7.s390x.rpm python-perf-3.10.0-123.9.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-123.9.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.9.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-devel-3.10.0-123.9.2.el7.x86_64.rpm kernel-headers-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.9.2.el7.x86_64.rpm perf-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: kernel-doc-3.10.0-123.9.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.9.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm python-perf-3.10.0-123.9.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.9.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3611 https://access.redhat.com/security/cve/CVE-2014-3645 https://access.redhat.com/security/cve/CVE-2014-3646 https://access.redhat.com/security/cve/CVE-2014-4653 https://access.redhat.com/security/cve/CVE-2014-5077 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUA2VXlSAg2UNWIIRAhAGAJ9k4zhapyD6Ua0e7Rulcq5+xLY+pQCglQr+ cOM9g0PuzdSI9sOW3Gn3kjg= =Mi35 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 30 12:50:46 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Oct 2014 12:50:46 +0000 Subject: [RHSA-2014:1744-01] Moderate: v8314-v8 security update Message-ID: <201410301250.s9UCogrr001528@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: v8314-v8 security update Advisory ID: RHSA-2014:1744-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1744.html Issue date: 2014-10-30 CVE Names: CVE-2013-6639 CVE-2013-6640 CVE-2013-6650 CVE-2013-6668 CVE-2014-1704 CVE-2014-5256 ===================================================================== 1. Summary: Updated v8314-v8 packages that fix multiple security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. (CVE-2014-5256) Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8. (CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704) All v8314-v8 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using V8 must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1039888 - CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc 1039889 - CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc 1059070 - CVE-2013-6650 v8: incorrect handling of popular pages 1074737 - CVE-2013-6668 v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.146 1077136 - CVE-2014-1704 v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.149 1125464 - CVE-2014-5256 V8 Memory Corruption and Stack Overflow 1149781 - Several performance and security bug fixes from Fedora 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: v8314-v8-3.14.5.10-6.el7.src.rpm x86_64: v8314-v8-3.14.5.10-6.el7.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el7.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: v8314-v8-3.14.5.10-6.el7.src.rpm x86_64: v8314-v8-3.14.5.10-6.el7.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el7.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-6639 https://access.redhat.com/security/cve/CVE-2013-6640 https://access.redhat.com/security/cve/CVE-2013-6650 https://access.redhat.com/security/cve/CVE-2013-6668 https://access.redhat.com/security/cve/CVE-2014-1704 https://access.redhat.com/security/cve/CVE-2014-5256 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUjMtXlSAg2UNWIIRAoeGAJ0fP251E692cpwvk3D3KlOzu9Wk7QCcDWY7 WKdpvCmPusTh1N++FryNcSU= =W37D -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 30 20:50:04 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Oct 2014 20:50:04 +0000 Subject: [RHSA-2014:1763-01] Important: kernel security update Message-ID: <201410302050.s9UKo4fq018299@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:1763-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1763.html Issue date: 2014-10-30 CVE Names: CVE-2014-0205 CVE-2014-5077 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. (CVE-2014-0205) * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077) The security impact of the CVE-2014-0205 issue was discovered by Mateusz Guzik of Red Hat. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1094455 - CVE-2014-0205 kernel: futex: refcount issue in case of requeue 1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions 6. Package List: Red Hat Enterprise Linux AUS (v. 6.2 server): Source: kernel-2.6.32-220.56.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.56.1.el6.noarch.rpm kernel-firmware-2.6.32-220.56.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.56.1.el6.x86_64.rpm kernel-debug-2.6.32-220.56.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.56.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.56.1.el6.x86_64.rpm kernel-devel-2.6.32-220.56.1.el6.x86_64.rpm kernel-headers-2.6.32-220.56.1.el6.x86_64.rpm perf-2.6.32-220.56.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.56.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.56.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm python-perf-2.6.32-220.56.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.56.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0205 https://access.redhat.com/security/cve/CVE-2014-5077 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUqRFXlSAg2UNWIIRAgn2AKCZSXtX4Ge0vmX8NC1KAqBb7vxubACeNkrx GvWby1n+C39fyy7f9DkF4xg= =ZZde -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 30 20:51:54 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Oct 2014 20:51:54 +0000 Subject: [RHSA-2014:1764-01] Moderate: wget security update Message-ID: <201410302051.s9UKptV0023424@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wget security update Advisory ID: RHSA-2014:1764-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1764.html Issue date: 2014-10-30 CVE Names: CVE-2014-4877 ===================================================================== 1. Summary: An updated wget package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. (CVE-2014-4877) Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally. Red Hat would like to thank the GNU Wget project for reporting this issue. Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter. All users of wget are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: wget-1.12-5.el6_6.1.src.rpm i386: wget-1.12-5.el6_6.1.i686.rpm wget-debuginfo-1.12-5.el6_6.1.i686.rpm x86_64: wget-1.12-5.el6_6.1.x86_64.rpm wget-debuginfo-1.12-5.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: wget-1.12-5.el6_6.1.src.rpm x86_64: wget-1.12-5.el6_6.1.x86_64.rpm wget-debuginfo-1.12-5.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: wget-1.12-5.el6_6.1.src.rpm i386: wget-1.12-5.el6_6.1.i686.rpm wget-debuginfo-1.12-5.el6_6.1.i686.rpm ppc64: wget-1.12-5.el6_6.1.ppc64.rpm wget-debuginfo-1.12-5.el6_6.1.ppc64.rpm s390x: wget-1.12-5.el6_6.1.s390x.rpm wget-debuginfo-1.12-5.el6_6.1.s390x.rpm x86_64: wget-1.12-5.el6_6.1.x86_64.rpm wget-debuginfo-1.12-5.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: wget-1.12-5.el6_6.1.src.rpm i386: wget-1.12-5.el6_6.1.i686.rpm wget-debuginfo-1.12-5.el6_6.1.i686.rpm x86_64: wget-1.12-5.el6_6.1.x86_64.rpm wget-debuginfo-1.12-5.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: wget-1.14-10.el7_0.1.src.rpm x86_64: wget-1.14-10.el7_0.1.x86_64.rpm wget-debuginfo-1.14-10.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: wget-1.14-10.el7_0.1.src.rpm x86_64: wget-1.14-10.el7_0.1.x86_64.rpm wget-debuginfo-1.14-10.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wget-1.14-10.el7_0.1.src.rpm ppc64: wget-1.14-10.el7_0.1.ppc64.rpm wget-debuginfo-1.14-10.el7_0.1.ppc64.rpm s390x: wget-1.14-10.el7_0.1.s390x.rpm wget-debuginfo-1.14-10.el7_0.1.s390x.rpm x86_64: wget-1.14-10.el7_0.1.x86_64.rpm wget-debuginfo-1.14-10.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wget-1.14-10.el7_0.1.src.rpm x86_64: wget-1.14-10.el7_0.1.x86_64.rpm wget-debuginfo-1.14-10.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4877 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUqSeXlSAg2UNWIIRAuU7AJoCLEJS9Yc2BSgaydsj0aJzd2NgUgCeOe4i TBXdKQPWlLXpJnmCyFRV4Ls= =iPXC -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 30 20:52:56 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Oct 2014 20:52:56 +0000 Subject: [RHSA-2014:1765-01] Important: php54-php security update Message-ID: <201410302052.s9UKqvQ5013119@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: php54-php security update Advisory ID: RHSA-2014:1765-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1765.html Issue date: 2014-10-30 CVE Names: CVE-2013-6712 CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5120 ===================================================================== 1. Summary: Updated php54-php packages that fix multiple security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. (CVE-2014-3670) Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function. (CVE-2014-4049, CVE-2014-3597) Multiple denial of service flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU and possibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-3538) Multiple boundary check flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587, CVE-2014-3710) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kalu?a of the Red Hat Web Stack Team; the CVE-2014-3597 issue was discovered by David Kut?lek of Red Hat BaseOS QE. All php54-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval 1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules 1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file 1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() 1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression 1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting 1120266 - CVE-2014-4670 php: SPL Iterators use-after-free 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr 1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: php54-php-5.4.16-22.el7.src.rpm x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: php54-php-5.4.16-22.el7.src.rpm x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-6712 https://access.redhat.com/security/cve/CVE-2013-7345 https://access.redhat.com/security/cve/CVE-2014-0207 https://access.redhat.com/security/cve/CVE-2014-0237 https://access.redhat.com/security/cve/CVE-2014-0238 https://access.redhat.com/security/cve/CVE-2014-1943 https://access.redhat.com/security/cve/CVE-2014-2270 https://access.redhat.com/security/cve/CVE-2014-2497 https://access.redhat.com/security/cve/CVE-2014-3478 https://access.redhat.com/security/cve/CVE-2014-3479 https://access.redhat.com/security/cve/CVE-2014-3480 https://access.redhat.com/security/cve/CVE-2014-3487 https://access.redhat.com/security/cve/CVE-2014-3515 https://access.redhat.com/security/cve/CVE-2014-3538 https://access.redhat.com/security/cve/CVE-2014-3587 https://access.redhat.com/security/cve/CVE-2014-3597 https://access.redhat.com/security/cve/CVE-2014-3668 https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/cve/CVE-2014-4049 https://access.redhat.com/security/cve/CVE-2014-4670 https://access.redhat.com/security/cve/CVE-2014-4698 https://access.redhat.com/security/cve/CVE-2014-4721 https://access.redhat.com/security/cve/CVE-2014-5120 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUqUKXlSAg2UNWIIRAjOVAKCpGLdlKkkekepN6kcFJZMPAAABIQCeOxaS CZNh+ke6Be93ZKCSwqWDm+c= =YZgO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 30 20:53:42 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Oct 2014 20:53:42 +0000 Subject: [RHSA-2014:1766-01] Important: php55-php security update Message-ID: <201410302053.s9UKrg6E024156@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: php55-php security update Advisory ID: RHSA-2014:1766-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1766.html Issue date: 2014-10-30 CVE Names: CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5120 ===================================================================== 1. Summary: Updated php55-php packages that fix multiple security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. (CVE-2014-3670) Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function. (CVE-2014-4049, CVE-2014-3597) Multiple denial of service flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU and possibly crash. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3538) Multiple boundary check flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587, CVE-2014-3710) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kalu?a of the Red Hat Web Stack Team; the CVE-2014-3597 issue was discovered by David Kut?lek of Red Hat BaseOS QE. All php55-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() 1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting 1120266 - CVE-2014-4670 php: SPL Iterators use-after-free 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr 1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: php55-php-5.5.6-13.el6.src.rpm x86_64: php55-php-5.5.6-13.el6.x86_64.rpm php55-php-bcmath-5.5.6-13.el6.x86_64.rpm php55-php-cli-5.5.6-13.el6.x86_64.rpm php55-php-common-5.5.6-13.el6.x86_64.rpm php55-php-dba-5.5.6-13.el6.x86_64.rpm php55-php-debuginfo-5.5.6-13.el6.x86_64.rpm php55-php-devel-5.5.6-13.el6.x86_64.rpm php55-php-enchant-5.5.6-13.el6.x86_64.rpm php55-php-fpm-5.5.6-13.el6.x86_64.rpm php55-php-gd-5.5.6-13.el6.x86_64.rpm php55-php-gmp-5.5.6-13.el6.x86_64.rpm php55-php-imap-5.5.6-13.el6.x86_64.rpm php55-php-intl-5.5.6-13.el6.x86_64.rpm php55-php-ldap-5.5.6-13.el6.x86_64.rpm php55-php-mbstring-5.5.6-13.el6.x86_64.rpm php55-php-mysqlnd-5.5.6-13.el6.x86_64.rpm php55-php-odbc-5.5.6-13.el6.x86_64.rpm php55-php-opcache-5.5.6-13.el6.x86_64.rpm php55-php-pdo-5.5.6-13.el6.x86_64.rpm php55-php-pgsql-5.5.6-13.el6.x86_64.rpm php55-php-process-5.5.6-13.el6.x86_64.rpm php55-php-pspell-5.5.6-13.el6.x86_64.rpm php55-php-recode-5.5.6-13.el6.x86_64.rpm php55-php-snmp-5.5.6-13.el6.x86_64.rpm php55-php-soap-5.5.6-13.el6.x86_64.rpm php55-php-tidy-5.5.6-13.el6.x86_64.rpm php55-php-xml-5.5.6-13.el6.x86_64.rpm php55-php-xmlrpc-5.5.6-13.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: php55-php-5.5.6-13.el6.src.rpm x86_64: php55-php-5.5.6-13.el6.x86_64.rpm php55-php-bcmath-5.5.6-13.el6.x86_64.rpm php55-php-cli-5.5.6-13.el6.x86_64.rpm php55-php-common-5.5.6-13.el6.x86_64.rpm php55-php-dba-5.5.6-13.el6.x86_64.rpm php55-php-debuginfo-5.5.6-13.el6.x86_64.rpm php55-php-devel-5.5.6-13.el6.x86_64.rpm php55-php-enchant-5.5.6-13.el6.x86_64.rpm php55-php-fpm-5.5.6-13.el6.x86_64.rpm php55-php-gd-5.5.6-13.el6.x86_64.rpm php55-php-gmp-5.5.6-13.el6.x86_64.rpm php55-php-imap-5.5.6-13.el6.x86_64.rpm php55-php-intl-5.5.6-13.el6.x86_64.rpm php55-php-ldap-5.5.6-13.el6.x86_64.rpm php55-php-mbstring-5.5.6-13.el6.x86_64.rpm php55-php-mysqlnd-5.5.6-13.el6.x86_64.rpm php55-php-odbc-5.5.6-13.el6.x86_64.rpm php55-php-opcache-5.5.6-13.el6.x86_64.rpm php55-php-pdo-5.5.6-13.el6.x86_64.rpm php55-php-pgsql-5.5.6-13.el6.x86_64.rpm php55-php-process-5.5.6-13.el6.x86_64.rpm php55-php-pspell-5.5.6-13.el6.x86_64.rpm php55-php-recode-5.5.6-13.el6.x86_64.rpm php55-php-snmp-5.5.6-13.el6.x86_64.rpm php55-php-soap-5.5.6-13.el6.x86_64.rpm php55-php-tidy-5.5.6-13.el6.x86_64.rpm php55-php-xml-5.5.6-13.el6.x86_64.rpm php55-php-xmlrpc-5.5.6-13.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: php55-php-5.5.6-13.el6.src.rpm x86_64: php55-php-5.5.6-13.el6.x86_64.rpm php55-php-bcmath-5.5.6-13.el6.x86_64.rpm php55-php-cli-5.5.6-13.el6.x86_64.rpm php55-php-common-5.5.6-13.el6.x86_64.rpm php55-php-dba-5.5.6-13.el6.x86_64.rpm php55-php-debuginfo-5.5.6-13.el6.x86_64.rpm php55-php-devel-5.5.6-13.el6.x86_64.rpm php55-php-enchant-5.5.6-13.el6.x86_64.rpm php55-php-fpm-5.5.6-13.el6.x86_64.rpm php55-php-gd-5.5.6-13.el6.x86_64.rpm php55-php-gmp-5.5.6-13.el6.x86_64.rpm php55-php-imap-5.5.6-13.el6.x86_64.rpm php55-php-intl-5.5.6-13.el6.x86_64.rpm php55-php-ldap-5.5.6-13.el6.x86_64.rpm php55-php-mbstring-5.5.6-13.el6.x86_64.rpm php55-php-mysqlnd-5.5.6-13.el6.x86_64.rpm php55-php-odbc-5.5.6-13.el6.x86_64.rpm php55-php-opcache-5.5.6-13.el6.x86_64.rpm php55-php-pdo-5.5.6-13.el6.x86_64.rpm php55-php-pgsql-5.5.6-13.el6.x86_64.rpm php55-php-process-5.5.6-13.el6.x86_64.rpm php55-php-pspell-5.5.6-13.el6.x86_64.rpm php55-php-recode-5.5.6-13.el6.x86_64.rpm php55-php-snmp-5.5.6-13.el6.x86_64.rpm php55-php-soap-5.5.6-13.el6.x86_64.rpm php55-php-tidy-5.5.6-13.el6.x86_64.rpm php55-php-xml-5.5.6-13.el6.x86_64.rpm php55-php-xmlrpc-5.5.6-13.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php55-php-5.5.6-13.el6.src.rpm x86_64: php55-php-5.5.6-13.el6.x86_64.rpm php55-php-bcmath-5.5.6-13.el6.x86_64.rpm php55-php-cli-5.5.6-13.el6.x86_64.rpm php55-php-common-5.5.6-13.el6.x86_64.rpm php55-php-dba-5.5.6-13.el6.x86_64.rpm php55-php-debuginfo-5.5.6-13.el6.x86_64.rpm php55-php-devel-5.5.6-13.el6.x86_64.rpm php55-php-enchant-5.5.6-13.el6.x86_64.rpm php55-php-fpm-5.5.6-13.el6.x86_64.rpm php55-php-gd-5.5.6-13.el6.x86_64.rpm php55-php-gmp-5.5.6-13.el6.x86_64.rpm php55-php-imap-5.5.6-13.el6.x86_64.rpm php55-php-intl-5.5.6-13.el6.x86_64.rpm php55-php-ldap-5.5.6-13.el6.x86_64.rpm php55-php-mbstring-5.5.6-13.el6.x86_64.rpm php55-php-mysqlnd-5.5.6-13.el6.x86_64.rpm php55-php-odbc-5.5.6-13.el6.x86_64.rpm php55-php-opcache-5.5.6-13.el6.x86_64.rpm php55-php-pdo-5.5.6-13.el6.x86_64.rpm php55-php-pgsql-5.5.6-13.el6.x86_64.rpm php55-php-process-5.5.6-13.el6.x86_64.rpm php55-php-pspell-5.5.6-13.el6.x86_64.rpm php55-php-recode-5.5.6-13.el6.x86_64.rpm php55-php-snmp-5.5.6-13.el6.x86_64.rpm php55-php-soap-5.5.6-13.el6.x86_64.rpm php55-php-tidy-5.5.6-13.el6.x86_64.rpm php55-php-xml-5.5.6-13.el6.x86_64.rpm php55-php-xmlrpc-5.5.6-13.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: php55-php-5.5.6-13.el6.src.rpm x86_64: php55-php-5.5.6-13.el6.x86_64.rpm php55-php-bcmath-5.5.6-13.el6.x86_64.rpm php55-php-cli-5.5.6-13.el6.x86_64.rpm php55-php-common-5.5.6-13.el6.x86_64.rpm php55-php-dba-5.5.6-13.el6.x86_64.rpm php55-php-debuginfo-5.5.6-13.el6.x86_64.rpm php55-php-devel-5.5.6-13.el6.x86_64.rpm php55-php-enchant-5.5.6-13.el6.x86_64.rpm php55-php-fpm-5.5.6-13.el6.x86_64.rpm php55-php-gd-5.5.6-13.el6.x86_64.rpm php55-php-gmp-5.5.6-13.el6.x86_64.rpm php55-php-imap-5.5.6-13.el6.x86_64.rpm php55-php-intl-5.5.6-13.el6.x86_64.rpm php55-php-ldap-5.5.6-13.el6.x86_64.rpm php55-php-mbstring-5.5.6-13.el6.x86_64.rpm php55-php-mysqlnd-5.5.6-13.el6.x86_64.rpm php55-php-odbc-5.5.6-13.el6.x86_64.rpm php55-php-opcache-5.5.6-13.el6.x86_64.rpm php55-php-pdo-5.5.6-13.el6.x86_64.rpm php55-php-pgsql-5.5.6-13.el6.x86_64.rpm php55-php-process-5.5.6-13.el6.x86_64.rpm php55-php-pspell-5.5.6-13.el6.x86_64.rpm php55-php-recode-5.5.6-13.el6.x86_64.rpm php55-php-snmp-5.5.6-13.el6.x86_64.rpm php55-php-soap-5.5.6-13.el6.x86_64.rpm php55-php-tidy-5.5.6-13.el6.x86_64.rpm php55-php-xml-5.5.6-13.el6.x86_64.rpm php55-php-xmlrpc-5.5.6-13.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: php55-php-5.5.6-13.el7.src.rpm x86_64: php55-php-5.5.6-13.el7.x86_64.rpm php55-php-bcmath-5.5.6-13.el7.x86_64.rpm php55-php-cli-5.5.6-13.el7.x86_64.rpm php55-php-common-5.5.6-13.el7.x86_64.rpm php55-php-dba-5.5.6-13.el7.x86_64.rpm php55-php-debuginfo-5.5.6-13.el7.x86_64.rpm php55-php-devel-5.5.6-13.el7.x86_64.rpm php55-php-enchant-5.5.6-13.el7.x86_64.rpm php55-php-fpm-5.5.6-13.el7.x86_64.rpm php55-php-gd-5.5.6-13.el7.x86_64.rpm php55-php-gmp-5.5.6-13.el7.x86_64.rpm php55-php-intl-5.5.6-13.el7.x86_64.rpm php55-php-ldap-5.5.6-13.el7.x86_64.rpm php55-php-mbstring-5.5.6-13.el7.x86_64.rpm php55-php-mysqlnd-5.5.6-13.el7.x86_64.rpm php55-php-odbc-5.5.6-13.el7.x86_64.rpm php55-php-opcache-5.5.6-13.el7.x86_64.rpm php55-php-pdo-5.5.6-13.el7.x86_64.rpm php55-php-pgsql-5.5.6-13.el7.x86_64.rpm php55-php-process-5.5.6-13.el7.x86_64.rpm php55-php-pspell-5.5.6-13.el7.x86_64.rpm php55-php-recode-5.5.6-13.el7.x86_64.rpm php55-php-snmp-5.5.6-13.el7.x86_64.rpm php55-php-soap-5.5.6-13.el7.x86_64.rpm php55-php-xml-5.5.6-13.el7.x86_64.rpm php55-php-xmlrpc-5.5.6-13.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: php55-php-5.5.6-13.el7.src.rpm x86_64: php55-php-5.5.6-13.el7.x86_64.rpm php55-php-bcmath-5.5.6-13.el7.x86_64.rpm php55-php-cli-5.5.6-13.el7.x86_64.rpm php55-php-common-5.5.6-13.el7.x86_64.rpm php55-php-dba-5.5.6-13.el7.x86_64.rpm php55-php-debuginfo-5.5.6-13.el7.x86_64.rpm php55-php-devel-5.5.6-13.el7.x86_64.rpm php55-php-enchant-5.5.6-13.el7.x86_64.rpm php55-php-fpm-5.5.6-13.el7.x86_64.rpm php55-php-gd-5.5.6-13.el7.x86_64.rpm php55-php-gmp-5.5.6-13.el7.x86_64.rpm php55-php-intl-5.5.6-13.el7.x86_64.rpm php55-php-ldap-5.5.6-13.el7.x86_64.rpm php55-php-mbstring-5.5.6-13.el7.x86_64.rpm php55-php-mysqlnd-5.5.6-13.el7.x86_64.rpm php55-php-odbc-5.5.6-13.el7.x86_64.rpm php55-php-opcache-5.5.6-13.el7.x86_64.rpm php55-php-pdo-5.5.6-13.el7.x86_64.rpm php55-php-pgsql-5.5.6-13.el7.x86_64.rpm php55-php-process-5.5.6-13.el7.x86_64.rpm php55-php-pspell-5.5.6-13.el7.x86_64.rpm php55-php-recode-5.5.6-13.el7.x86_64.rpm php55-php-snmp-5.5.6-13.el7.x86_64.rpm php55-php-soap-5.5.6-13.el7.x86_64.rpm php55-php-xml-5.5.6-13.el7.x86_64.rpm php55-php-xmlrpc-5.5.6-13.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0207 https://access.redhat.com/security/cve/CVE-2014-0237 https://access.redhat.com/security/cve/CVE-2014-0238 https://access.redhat.com/security/cve/CVE-2014-2497 https://access.redhat.com/security/cve/CVE-2014-3478 https://access.redhat.com/security/cve/CVE-2014-3479 https://access.redhat.com/security/cve/CVE-2014-3480 https://access.redhat.com/security/cve/CVE-2014-3487 https://access.redhat.com/security/cve/CVE-2014-3515 https://access.redhat.com/security/cve/CVE-2014-3538 https://access.redhat.com/security/cve/CVE-2014-3587 https://access.redhat.com/security/cve/CVE-2014-3597 https://access.redhat.com/security/cve/CVE-2014-3668 https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/cve/CVE-2014-4049 https://access.redhat.com/security/cve/CVE-2014-4670 https://access.redhat.com/security/cve/CVE-2014-4698 https://access.redhat.com/security/cve/CVE-2014-4721 https://access.redhat.com/security/cve/CVE-2014-5120 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUqVCXlSAg2UNWIIRApPAAJ9lYPqCBxe5DzbqE/+++66STglVQwCgqVdv ch8sZgKxc2eDQojqtR6JcyI= =ckTx -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 30 20:56:27 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Oct 2014 20:56:27 +0000 Subject: [RHSA-2014:1767-01] Important: php security update Message-ID: <201410302056.s9UKuS4Q025542@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2014:1767-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1767.html Issue date: 2014-10-30 CVE Names: CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: php-5.3.3-40.el6_6.src.rpm i386: php-5.3.3-40.el6_6.i686.rpm php-bcmath-5.3.3-40.el6_6.i686.rpm php-cli-5.3.3-40.el6_6.i686.rpm php-common-5.3.3-40.el6_6.i686.rpm php-dba-5.3.3-40.el6_6.i686.rpm php-debuginfo-5.3.3-40.el6_6.i686.rpm php-devel-5.3.3-40.el6_6.i686.rpm php-embedded-5.3.3-40.el6_6.i686.rpm php-enchant-5.3.3-40.el6_6.i686.rpm php-fpm-5.3.3-40.el6_6.i686.rpm php-gd-5.3.3-40.el6_6.i686.rpm php-imap-5.3.3-40.el6_6.i686.rpm php-intl-5.3.3-40.el6_6.i686.rpm php-ldap-5.3.3-40.el6_6.i686.rpm php-mbstring-5.3.3-40.el6_6.i686.rpm php-mysql-5.3.3-40.el6_6.i686.rpm php-odbc-5.3.3-40.el6_6.i686.rpm php-pdo-5.3.3-40.el6_6.i686.rpm php-pgsql-5.3.3-40.el6_6.i686.rpm php-process-5.3.3-40.el6_6.i686.rpm php-pspell-5.3.3-40.el6_6.i686.rpm php-recode-5.3.3-40.el6_6.i686.rpm php-snmp-5.3.3-40.el6_6.i686.rpm php-soap-5.3.3-40.el6_6.i686.rpm php-tidy-5.3.3-40.el6_6.i686.rpm php-xml-5.3.3-40.el6_6.i686.rpm php-xmlrpc-5.3.3-40.el6_6.i686.rpm php-zts-5.3.3-40.el6_6.i686.rpm x86_64: php-5.3.3-40.el6_6.x86_64.rpm php-bcmath-5.3.3-40.el6_6.x86_64.rpm php-cli-5.3.3-40.el6_6.x86_64.rpm php-common-5.3.3-40.el6_6.x86_64.rpm php-dba-5.3.3-40.el6_6.x86_64.rpm php-debuginfo-5.3.3-40.el6_6.x86_64.rpm php-devel-5.3.3-40.el6_6.x86_64.rpm php-embedded-5.3.3-40.el6_6.x86_64.rpm php-enchant-5.3.3-40.el6_6.x86_64.rpm php-fpm-5.3.3-40.el6_6.x86_64.rpm php-gd-5.3.3-40.el6_6.x86_64.rpm php-imap-5.3.3-40.el6_6.x86_64.rpm php-intl-5.3.3-40.el6_6.x86_64.rpm php-ldap-5.3.3-40.el6_6.x86_64.rpm php-mbstring-5.3.3-40.el6_6.x86_64.rpm php-mysql-5.3.3-40.el6_6.x86_64.rpm php-odbc-5.3.3-40.el6_6.x86_64.rpm php-pdo-5.3.3-40.el6_6.x86_64.rpm php-pgsql-5.3.3-40.el6_6.x86_64.rpm php-process-5.3.3-40.el6_6.x86_64.rpm php-pspell-5.3.3-40.el6_6.x86_64.rpm php-recode-5.3.3-40.el6_6.x86_64.rpm php-snmp-5.3.3-40.el6_6.x86_64.rpm php-soap-5.3.3-40.el6_6.x86_64.rpm php-tidy-5.3.3-40.el6_6.x86_64.rpm php-xml-5.3.3-40.el6_6.x86_64.rpm php-xmlrpc-5.3.3-40.el6_6.x86_64.rpm php-zts-5.3.3-40.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: php-5.3.3-40.el6_6.src.rpm x86_64: php-cli-5.3.3-40.el6_6.x86_64.rpm php-common-5.3.3-40.el6_6.x86_64.rpm php-debuginfo-5.3.3-40.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: php-5.3.3-40.el6_6.x86_64.rpm php-bcmath-5.3.3-40.el6_6.x86_64.rpm php-dba-5.3.3-40.el6_6.x86_64.rpm php-debuginfo-5.3.3-40.el6_6.x86_64.rpm php-devel-5.3.3-40.el6_6.x86_64.rpm php-embedded-5.3.3-40.el6_6.x86_64.rpm php-enchant-5.3.3-40.el6_6.x86_64.rpm php-fpm-5.3.3-40.el6_6.x86_64.rpm php-gd-5.3.3-40.el6_6.x86_64.rpm php-imap-5.3.3-40.el6_6.x86_64.rpm php-intl-5.3.3-40.el6_6.x86_64.rpm php-ldap-5.3.3-40.el6_6.x86_64.rpm php-mbstring-5.3.3-40.el6_6.x86_64.rpm php-mysql-5.3.3-40.el6_6.x86_64.rpm php-odbc-5.3.3-40.el6_6.x86_64.rpm php-pdo-5.3.3-40.el6_6.x86_64.rpm php-pgsql-5.3.3-40.el6_6.x86_64.rpm php-process-5.3.3-40.el6_6.x86_64.rpm php-pspell-5.3.3-40.el6_6.x86_64.rpm php-recode-5.3.3-40.el6_6.x86_64.rpm php-snmp-5.3.3-40.el6_6.x86_64.rpm php-soap-5.3.3-40.el6_6.x86_64.rpm php-tidy-5.3.3-40.el6_6.x86_64.rpm php-xml-5.3.3-40.el6_6.x86_64.rpm php-xmlrpc-5.3.3-40.el6_6.x86_64.rpm php-zts-5.3.3-40.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: php-5.3.3-40.el6_6.src.rpm i386: php-5.3.3-40.el6_6.i686.rpm php-cli-5.3.3-40.el6_6.i686.rpm php-common-5.3.3-40.el6_6.i686.rpm php-debuginfo-5.3.3-40.el6_6.i686.rpm php-gd-5.3.3-40.el6_6.i686.rpm php-ldap-5.3.3-40.el6_6.i686.rpm php-mysql-5.3.3-40.el6_6.i686.rpm php-odbc-5.3.3-40.el6_6.i686.rpm php-pdo-5.3.3-40.el6_6.i686.rpm php-pgsql-5.3.3-40.el6_6.i686.rpm php-soap-5.3.3-40.el6_6.i686.rpm php-xml-5.3.3-40.el6_6.i686.rpm php-xmlrpc-5.3.3-40.el6_6.i686.rpm ppc64: php-5.3.3-40.el6_6.ppc64.rpm php-cli-5.3.3-40.el6_6.ppc64.rpm php-common-5.3.3-40.el6_6.ppc64.rpm php-debuginfo-5.3.3-40.el6_6.ppc64.rpm php-gd-5.3.3-40.el6_6.ppc64.rpm php-ldap-5.3.3-40.el6_6.ppc64.rpm php-mysql-5.3.3-40.el6_6.ppc64.rpm php-odbc-5.3.3-40.el6_6.ppc64.rpm php-pdo-5.3.3-40.el6_6.ppc64.rpm php-pgsql-5.3.3-40.el6_6.ppc64.rpm php-soap-5.3.3-40.el6_6.ppc64.rpm php-xml-5.3.3-40.el6_6.ppc64.rpm php-xmlrpc-5.3.3-40.el6_6.ppc64.rpm s390x: php-5.3.3-40.el6_6.s390x.rpm php-cli-5.3.3-40.el6_6.s390x.rpm php-common-5.3.3-40.el6_6.s390x.rpm php-debuginfo-5.3.3-40.el6_6.s390x.rpm php-gd-5.3.3-40.el6_6.s390x.rpm php-ldap-5.3.3-40.el6_6.s390x.rpm php-mysql-5.3.3-40.el6_6.s390x.rpm php-odbc-5.3.3-40.el6_6.s390x.rpm php-pdo-5.3.3-40.el6_6.s390x.rpm php-pgsql-5.3.3-40.el6_6.s390x.rpm php-soap-5.3.3-40.el6_6.s390x.rpm php-xml-5.3.3-40.el6_6.s390x.rpm php-xmlrpc-5.3.3-40.el6_6.s390x.rpm x86_64: php-5.3.3-40.el6_6.x86_64.rpm php-cli-5.3.3-40.el6_6.x86_64.rpm php-common-5.3.3-40.el6_6.x86_64.rpm php-debuginfo-5.3.3-40.el6_6.x86_64.rpm php-gd-5.3.3-40.el6_6.x86_64.rpm php-ldap-5.3.3-40.el6_6.x86_64.rpm php-mysql-5.3.3-40.el6_6.x86_64.rpm php-odbc-5.3.3-40.el6_6.x86_64.rpm php-pdo-5.3.3-40.el6_6.x86_64.rpm php-pgsql-5.3.3-40.el6_6.x86_64.rpm php-soap-5.3.3-40.el6_6.x86_64.rpm php-xml-5.3.3-40.el6_6.x86_64.rpm php-xmlrpc-5.3.3-40.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: php-bcmath-5.3.3-40.el6_6.i686.rpm php-dba-5.3.3-40.el6_6.i686.rpm php-debuginfo-5.3.3-40.el6_6.i686.rpm php-devel-5.3.3-40.el6_6.i686.rpm php-embedded-5.3.3-40.el6_6.i686.rpm php-enchant-5.3.3-40.el6_6.i686.rpm php-fpm-5.3.3-40.el6_6.i686.rpm php-imap-5.3.3-40.el6_6.i686.rpm php-intl-5.3.3-40.el6_6.i686.rpm php-mbstring-5.3.3-40.el6_6.i686.rpm php-process-5.3.3-40.el6_6.i686.rpm php-pspell-5.3.3-40.el6_6.i686.rpm php-recode-5.3.3-40.el6_6.i686.rpm php-snmp-5.3.3-40.el6_6.i686.rpm php-tidy-5.3.3-40.el6_6.i686.rpm php-zts-5.3.3-40.el6_6.i686.rpm ppc64: php-bcmath-5.3.3-40.el6_6.ppc64.rpm php-dba-5.3.3-40.el6_6.ppc64.rpm php-debuginfo-5.3.3-40.el6_6.ppc64.rpm php-devel-5.3.3-40.el6_6.ppc64.rpm php-embedded-5.3.3-40.el6_6.ppc64.rpm php-enchant-5.3.3-40.el6_6.ppc64.rpm php-fpm-5.3.3-40.el6_6.ppc64.rpm php-imap-5.3.3-40.el6_6.ppc64.rpm php-intl-5.3.3-40.el6_6.ppc64.rpm php-mbstring-5.3.3-40.el6_6.ppc64.rpm php-process-5.3.3-40.el6_6.ppc64.rpm php-pspell-5.3.3-40.el6_6.ppc64.rpm php-recode-5.3.3-40.el6_6.ppc64.rpm php-snmp-5.3.3-40.el6_6.ppc64.rpm php-tidy-5.3.3-40.el6_6.ppc64.rpm php-zts-5.3.3-40.el6_6.ppc64.rpm s390x: php-bcmath-5.3.3-40.el6_6.s390x.rpm php-dba-5.3.3-40.el6_6.s390x.rpm php-debuginfo-5.3.3-40.el6_6.s390x.rpm php-devel-5.3.3-40.el6_6.s390x.rpm php-embedded-5.3.3-40.el6_6.s390x.rpm php-enchant-5.3.3-40.el6_6.s390x.rpm php-fpm-5.3.3-40.el6_6.s390x.rpm php-imap-5.3.3-40.el6_6.s390x.rpm php-intl-5.3.3-40.el6_6.s390x.rpm php-mbstring-5.3.3-40.el6_6.s390x.rpm php-process-5.3.3-40.el6_6.s390x.rpm php-pspell-5.3.3-40.el6_6.s390x.rpm php-recode-5.3.3-40.el6_6.s390x.rpm php-snmp-5.3.3-40.el6_6.s390x.rpm php-tidy-5.3.3-40.el6_6.s390x.rpm php-zts-5.3.3-40.el6_6.s390x.rpm x86_64: php-bcmath-5.3.3-40.el6_6.x86_64.rpm php-dba-5.3.3-40.el6_6.x86_64.rpm php-debuginfo-5.3.3-40.el6_6.x86_64.rpm php-devel-5.3.3-40.el6_6.x86_64.rpm php-embedded-5.3.3-40.el6_6.x86_64.rpm php-enchant-5.3.3-40.el6_6.x86_64.rpm php-fpm-5.3.3-40.el6_6.x86_64.rpm php-imap-5.3.3-40.el6_6.x86_64.rpm php-intl-5.3.3-40.el6_6.x86_64.rpm php-mbstring-5.3.3-40.el6_6.x86_64.rpm php-process-5.3.3-40.el6_6.x86_64.rpm php-pspell-5.3.3-40.el6_6.x86_64.rpm php-recode-5.3.3-40.el6_6.x86_64.rpm php-snmp-5.3.3-40.el6_6.x86_64.rpm php-tidy-5.3.3-40.el6_6.x86_64.rpm php-zts-5.3.3-40.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: php-5.3.3-40.el6_6.src.rpm i386: php-5.3.3-40.el6_6.i686.rpm php-cli-5.3.3-40.el6_6.i686.rpm php-common-5.3.3-40.el6_6.i686.rpm php-debuginfo-5.3.3-40.el6_6.i686.rpm php-gd-5.3.3-40.el6_6.i686.rpm php-ldap-5.3.3-40.el6_6.i686.rpm php-mysql-5.3.3-40.el6_6.i686.rpm php-odbc-5.3.3-40.el6_6.i686.rpm php-pdo-5.3.3-40.el6_6.i686.rpm php-pgsql-5.3.3-40.el6_6.i686.rpm php-soap-5.3.3-40.el6_6.i686.rpm php-xml-5.3.3-40.el6_6.i686.rpm php-xmlrpc-5.3.3-40.el6_6.i686.rpm x86_64: php-5.3.3-40.el6_6.x86_64.rpm php-cli-5.3.3-40.el6_6.x86_64.rpm php-common-5.3.3-40.el6_6.x86_64.rpm php-debuginfo-5.3.3-40.el6_6.x86_64.rpm php-gd-5.3.3-40.el6_6.x86_64.rpm php-ldap-5.3.3-40.el6_6.x86_64.rpm php-mysql-5.3.3-40.el6_6.x86_64.rpm php-odbc-5.3.3-40.el6_6.x86_64.rpm php-pdo-5.3.3-40.el6_6.x86_64.rpm php-pgsql-5.3.3-40.el6_6.x86_64.rpm php-soap-5.3.3-40.el6_6.x86_64.rpm php-xml-5.3.3-40.el6_6.x86_64.rpm php-xmlrpc-5.3.3-40.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: php-bcmath-5.3.3-40.el6_6.i686.rpm php-dba-5.3.3-40.el6_6.i686.rpm php-debuginfo-5.3.3-40.el6_6.i686.rpm php-devel-5.3.3-40.el6_6.i686.rpm php-embedded-5.3.3-40.el6_6.i686.rpm php-enchant-5.3.3-40.el6_6.i686.rpm php-fpm-5.3.3-40.el6_6.i686.rpm php-imap-5.3.3-40.el6_6.i686.rpm php-intl-5.3.3-40.el6_6.i686.rpm php-mbstring-5.3.3-40.el6_6.i686.rpm php-process-5.3.3-40.el6_6.i686.rpm php-pspell-5.3.3-40.el6_6.i686.rpm php-recode-5.3.3-40.el6_6.i686.rpm php-snmp-5.3.3-40.el6_6.i686.rpm php-tidy-5.3.3-40.el6_6.i686.rpm php-zts-5.3.3-40.el6_6.i686.rpm x86_64: php-bcmath-5.3.3-40.el6_6.x86_64.rpm php-dba-5.3.3-40.el6_6.x86_64.rpm php-debuginfo-5.3.3-40.el6_6.x86_64.rpm php-devel-5.3.3-40.el6_6.x86_64.rpm php-embedded-5.3.3-40.el6_6.x86_64.rpm php-enchant-5.3.3-40.el6_6.x86_64.rpm php-fpm-5.3.3-40.el6_6.x86_64.rpm php-imap-5.3.3-40.el6_6.x86_64.rpm php-intl-5.3.3-40.el6_6.x86_64.rpm php-mbstring-5.3.3-40.el6_6.x86_64.rpm php-process-5.3.3-40.el6_6.x86_64.rpm php-pspell-5.3.3-40.el6_6.x86_64.rpm php-recode-5.3.3-40.el6_6.x86_64.rpm php-snmp-5.3.3-40.el6_6.x86_64.rpm php-tidy-5.3.3-40.el6_6.x86_64.rpm php-zts-5.3.3-40.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: php-5.4.16-23.el7_0.3.src.rpm x86_64: php-5.4.16-23.el7_0.3.x86_64.rpm php-bcmath-5.4.16-23.el7_0.3.x86_64.rpm php-cli-5.4.16-23.el7_0.3.x86_64.rpm php-common-5.4.16-23.el7_0.3.x86_64.rpm php-dba-5.4.16-23.el7_0.3.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.3.x86_64.rpm php-devel-5.4.16-23.el7_0.3.x86_64.rpm php-embedded-5.4.16-23.el7_0.3.x86_64.rpm php-enchant-5.4.16-23.el7_0.3.x86_64.rpm php-fpm-5.4.16-23.el7_0.3.x86_64.rpm php-gd-5.4.16-23.el7_0.3.x86_64.rpm php-intl-5.4.16-23.el7_0.3.x86_64.rpm php-ldap-5.4.16-23.el7_0.3.x86_64.rpm php-mbstring-5.4.16-23.el7_0.3.x86_64.rpm php-mysql-5.4.16-23.el7_0.3.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.3.x86_64.rpm php-odbc-5.4.16-23.el7_0.3.x86_64.rpm php-pdo-5.4.16-23.el7_0.3.x86_64.rpm php-pgsql-5.4.16-23.el7_0.3.x86_64.rpm php-process-5.4.16-23.el7_0.3.x86_64.rpm php-pspell-5.4.16-23.el7_0.3.x86_64.rpm php-recode-5.4.16-23.el7_0.3.x86_64.rpm php-snmp-5.4.16-23.el7_0.3.x86_64.rpm php-soap-5.4.16-23.el7_0.3.x86_64.rpm php-xml-5.4.16-23.el7_0.3.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: php-5.4.16-23.el7_0.3.src.rpm x86_64: php-5.4.16-23.el7_0.3.x86_64.rpm php-bcmath-5.4.16-23.el7_0.3.x86_64.rpm php-cli-5.4.16-23.el7_0.3.x86_64.rpm php-common-5.4.16-23.el7_0.3.x86_64.rpm php-dba-5.4.16-23.el7_0.3.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.3.x86_64.rpm php-devel-5.4.16-23.el7_0.3.x86_64.rpm php-embedded-5.4.16-23.el7_0.3.x86_64.rpm php-enchant-5.4.16-23.el7_0.3.x86_64.rpm php-fpm-5.4.16-23.el7_0.3.x86_64.rpm php-gd-5.4.16-23.el7_0.3.x86_64.rpm php-intl-5.4.16-23.el7_0.3.x86_64.rpm php-ldap-5.4.16-23.el7_0.3.x86_64.rpm php-mbstring-5.4.16-23.el7_0.3.x86_64.rpm php-mysql-5.4.16-23.el7_0.3.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.3.x86_64.rpm php-odbc-5.4.16-23.el7_0.3.x86_64.rpm php-pdo-5.4.16-23.el7_0.3.x86_64.rpm php-pgsql-5.4.16-23.el7_0.3.x86_64.rpm php-process-5.4.16-23.el7_0.3.x86_64.rpm php-pspell-5.4.16-23.el7_0.3.x86_64.rpm php-recode-5.4.16-23.el7_0.3.x86_64.rpm php-snmp-5.4.16-23.el7_0.3.x86_64.rpm php-soap-5.4.16-23.el7_0.3.x86_64.rpm php-xml-5.4.16-23.el7_0.3.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: php-5.4.16-23.el7_0.3.src.rpm ppc64: php-5.4.16-23.el7_0.3.ppc64.rpm php-cli-5.4.16-23.el7_0.3.ppc64.rpm php-common-5.4.16-23.el7_0.3.ppc64.rpm php-debuginfo-5.4.16-23.el7_0.3.ppc64.rpm php-gd-5.4.16-23.el7_0.3.ppc64.rpm php-ldap-5.4.16-23.el7_0.3.ppc64.rpm php-mysql-5.4.16-23.el7_0.3.ppc64.rpm php-odbc-5.4.16-23.el7_0.3.ppc64.rpm php-pdo-5.4.16-23.el7_0.3.ppc64.rpm php-pgsql-5.4.16-23.el7_0.3.ppc64.rpm php-process-5.4.16-23.el7_0.3.ppc64.rpm php-recode-5.4.16-23.el7_0.3.ppc64.rpm php-soap-5.4.16-23.el7_0.3.ppc64.rpm php-xml-5.4.16-23.el7_0.3.ppc64.rpm php-xmlrpc-5.4.16-23.el7_0.3.ppc64.rpm s390x: php-5.4.16-23.el7_0.3.s390x.rpm php-cli-5.4.16-23.el7_0.3.s390x.rpm php-common-5.4.16-23.el7_0.3.s390x.rpm php-debuginfo-5.4.16-23.el7_0.3.s390x.rpm php-gd-5.4.16-23.el7_0.3.s390x.rpm php-ldap-5.4.16-23.el7_0.3.s390x.rpm php-mysql-5.4.16-23.el7_0.3.s390x.rpm php-odbc-5.4.16-23.el7_0.3.s390x.rpm php-pdo-5.4.16-23.el7_0.3.s390x.rpm php-pgsql-5.4.16-23.el7_0.3.s390x.rpm php-process-5.4.16-23.el7_0.3.s390x.rpm php-recode-5.4.16-23.el7_0.3.s390x.rpm php-soap-5.4.16-23.el7_0.3.s390x.rpm php-xml-5.4.16-23.el7_0.3.s390x.rpm php-xmlrpc-5.4.16-23.el7_0.3.s390x.rpm x86_64: php-5.4.16-23.el7_0.3.x86_64.rpm php-cli-5.4.16-23.el7_0.3.x86_64.rpm php-common-5.4.16-23.el7_0.3.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.3.x86_64.rpm php-gd-5.4.16-23.el7_0.3.x86_64.rpm php-ldap-5.4.16-23.el7_0.3.x86_64.rpm php-mysql-5.4.16-23.el7_0.3.x86_64.rpm php-odbc-5.4.16-23.el7_0.3.x86_64.rpm php-pdo-5.4.16-23.el7_0.3.x86_64.rpm php-pgsql-5.4.16-23.el7_0.3.x86_64.rpm php-process-5.4.16-23.el7_0.3.x86_64.rpm php-recode-5.4.16-23.el7_0.3.x86_64.rpm php-soap-5.4.16-23.el7_0.3.x86_64.rpm php-xml-5.4.16-23.el7_0.3.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: php-bcmath-5.4.16-23.el7_0.3.ppc64.rpm php-dba-5.4.16-23.el7_0.3.ppc64.rpm php-debuginfo-5.4.16-23.el7_0.3.ppc64.rpm php-devel-5.4.16-23.el7_0.3.ppc64.rpm php-embedded-5.4.16-23.el7_0.3.ppc64.rpm php-enchant-5.4.16-23.el7_0.3.ppc64.rpm php-fpm-5.4.16-23.el7_0.3.ppc64.rpm php-intl-5.4.16-23.el7_0.3.ppc64.rpm php-mbstring-5.4.16-23.el7_0.3.ppc64.rpm php-mysqlnd-5.4.16-23.el7_0.3.ppc64.rpm php-pspell-5.4.16-23.el7_0.3.ppc64.rpm php-snmp-5.4.16-23.el7_0.3.ppc64.rpm s390x: php-bcmath-5.4.16-23.el7_0.3.s390x.rpm php-dba-5.4.16-23.el7_0.3.s390x.rpm php-debuginfo-5.4.16-23.el7_0.3.s390x.rpm php-devel-5.4.16-23.el7_0.3.s390x.rpm php-embedded-5.4.16-23.el7_0.3.s390x.rpm php-enchant-5.4.16-23.el7_0.3.s390x.rpm php-fpm-5.4.16-23.el7_0.3.s390x.rpm php-intl-5.4.16-23.el7_0.3.s390x.rpm php-mbstring-5.4.16-23.el7_0.3.s390x.rpm php-mysqlnd-5.4.16-23.el7_0.3.s390x.rpm php-pspell-5.4.16-23.el7_0.3.s390x.rpm php-snmp-5.4.16-23.el7_0.3.s390x.rpm x86_64: php-bcmath-5.4.16-23.el7_0.3.x86_64.rpm php-dba-5.4.16-23.el7_0.3.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.3.x86_64.rpm php-devel-5.4.16-23.el7_0.3.x86_64.rpm php-embedded-5.4.16-23.el7_0.3.x86_64.rpm php-enchant-5.4.16-23.el7_0.3.x86_64.rpm php-fpm-5.4.16-23.el7_0.3.x86_64.rpm php-intl-5.4.16-23.el7_0.3.x86_64.rpm php-mbstring-5.4.16-23.el7_0.3.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.3.x86_64.rpm php-pspell-5.4.16-23.el7_0.3.x86_64.rpm php-snmp-5.4.16-23.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: php-5.4.16-23.el7_0.3.src.rpm x86_64: php-5.4.16-23.el7_0.3.x86_64.rpm php-cli-5.4.16-23.el7_0.3.x86_64.rpm php-common-5.4.16-23.el7_0.3.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.3.x86_64.rpm php-gd-5.4.16-23.el7_0.3.x86_64.rpm php-ldap-5.4.16-23.el7_0.3.x86_64.rpm php-mysql-5.4.16-23.el7_0.3.x86_64.rpm php-odbc-5.4.16-23.el7_0.3.x86_64.rpm php-pdo-5.4.16-23.el7_0.3.x86_64.rpm php-pgsql-5.4.16-23.el7_0.3.x86_64.rpm php-process-5.4.16-23.el7_0.3.x86_64.rpm php-recode-5.4.16-23.el7_0.3.x86_64.rpm php-soap-5.4.16-23.el7_0.3.x86_64.rpm php-xml-5.4.16-23.el7_0.3.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: php-bcmath-5.4.16-23.el7_0.3.x86_64.rpm php-dba-5.4.16-23.el7_0.3.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.3.x86_64.rpm php-devel-5.4.16-23.el7_0.3.x86_64.rpm php-embedded-5.4.16-23.el7_0.3.x86_64.rpm php-enchant-5.4.16-23.el7_0.3.x86_64.rpm php-fpm-5.4.16-23.el7_0.3.x86_64.rpm php-intl-5.4.16-23.el7_0.3.x86_64.rpm php-mbstring-5.4.16-23.el7_0.3.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.3.x86_64.rpm php-pspell-5.4.16-23.el7_0.3.x86_64.rpm php-snmp-5.4.16-23.el7_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3668 https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUqXLXlSAg2UNWIIRArMhAJ9Ov3Q5W/uB3IphUA4NGVwiPVlLaQCeMrx9 swi9y8yPiOr52b6Lbq1+ym4= =gO0B -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 30 20:58:16 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Oct 2014 20:58:16 +0000 Subject: [RHSA-2014:1768-01] Important: php53 security update Message-ID: <201410302058.s9UKwH8u001700@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: php53 security update Advisory ID: RHSA-2014:1768-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1768.html Issue date: 2014-10-30 CVE Names: CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 ===================================================================== 1. Summary: Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: php53-5.3.3-26.el5_11.src.rpm i386: php53-5.3.3-26.el5_11.i386.rpm php53-bcmath-5.3.3-26.el5_11.i386.rpm php53-cli-5.3.3-26.el5_11.i386.rpm php53-common-5.3.3-26.el5_11.i386.rpm php53-dba-5.3.3-26.el5_11.i386.rpm php53-debuginfo-5.3.3-26.el5_11.i386.rpm php53-devel-5.3.3-26.el5_11.i386.rpm php53-gd-5.3.3-26.el5_11.i386.rpm php53-imap-5.3.3-26.el5_11.i386.rpm php53-intl-5.3.3-26.el5_11.i386.rpm php53-ldap-5.3.3-26.el5_11.i386.rpm php53-mbstring-5.3.3-26.el5_11.i386.rpm php53-mysql-5.3.3-26.el5_11.i386.rpm php53-odbc-5.3.3-26.el5_11.i386.rpm php53-pdo-5.3.3-26.el5_11.i386.rpm php53-pgsql-5.3.3-26.el5_11.i386.rpm php53-process-5.3.3-26.el5_11.i386.rpm php53-pspell-5.3.3-26.el5_11.i386.rpm php53-snmp-5.3.3-26.el5_11.i386.rpm php53-soap-5.3.3-26.el5_11.i386.rpm php53-xml-5.3.3-26.el5_11.i386.rpm php53-xmlrpc-5.3.3-26.el5_11.i386.rpm x86_64: php53-5.3.3-26.el5_11.x86_64.rpm php53-bcmath-5.3.3-26.el5_11.x86_64.rpm php53-cli-5.3.3-26.el5_11.x86_64.rpm php53-common-5.3.3-26.el5_11.x86_64.rpm php53-dba-5.3.3-26.el5_11.x86_64.rpm php53-debuginfo-5.3.3-26.el5_11.x86_64.rpm php53-devel-5.3.3-26.el5_11.x86_64.rpm php53-gd-5.3.3-26.el5_11.x86_64.rpm php53-imap-5.3.3-26.el5_11.x86_64.rpm php53-intl-5.3.3-26.el5_11.x86_64.rpm php53-ldap-5.3.3-26.el5_11.x86_64.rpm php53-mbstring-5.3.3-26.el5_11.x86_64.rpm php53-mysql-5.3.3-26.el5_11.x86_64.rpm php53-odbc-5.3.3-26.el5_11.x86_64.rpm php53-pdo-5.3.3-26.el5_11.x86_64.rpm php53-pgsql-5.3.3-26.el5_11.x86_64.rpm php53-process-5.3.3-26.el5_11.x86_64.rpm php53-pspell-5.3.3-26.el5_11.x86_64.rpm php53-snmp-5.3.3-26.el5_11.x86_64.rpm php53-soap-5.3.3-26.el5_11.x86_64.rpm php53-xml-5.3.3-26.el5_11.x86_64.rpm php53-xmlrpc-5.3.3-26.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: php53-5.3.3-26.el5_11.src.rpm i386: php53-5.3.3-26.el5_11.i386.rpm php53-bcmath-5.3.3-26.el5_11.i386.rpm php53-cli-5.3.3-26.el5_11.i386.rpm php53-common-5.3.3-26.el5_11.i386.rpm php53-dba-5.3.3-26.el5_11.i386.rpm php53-debuginfo-5.3.3-26.el5_11.i386.rpm php53-devel-5.3.3-26.el5_11.i386.rpm php53-gd-5.3.3-26.el5_11.i386.rpm php53-imap-5.3.3-26.el5_11.i386.rpm php53-intl-5.3.3-26.el5_11.i386.rpm php53-ldap-5.3.3-26.el5_11.i386.rpm php53-mbstring-5.3.3-26.el5_11.i386.rpm php53-mysql-5.3.3-26.el5_11.i386.rpm php53-odbc-5.3.3-26.el5_11.i386.rpm php53-pdo-5.3.3-26.el5_11.i386.rpm php53-pgsql-5.3.3-26.el5_11.i386.rpm php53-process-5.3.3-26.el5_11.i386.rpm php53-pspell-5.3.3-26.el5_11.i386.rpm php53-snmp-5.3.3-26.el5_11.i386.rpm php53-soap-5.3.3-26.el5_11.i386.rpm php53-xml-5.3.3-26.el5_11.i386.rpm php53-xmlrpc-5.3.3-26.el5_11.i386.rpm ia64: php53-5.3.3-26.el5_11.ia64.rpm php53-bcmath-5.3.3-26.el5_11.ia64.rpm php53-cli-5.3.3-26.el5_11.ia64.rpm php53-common-5.3.3-26.el5_11.ia64.rpm php53-dba-5.3.3-26.el5_11.ia64.rpm php53-debuginfo-5.3.3-26.el5_11.ia64.rpm php53-devel-5.3.3-26.el5_11.ia64.rpm php53-gd-5.3.3-26.el5_11.ia64.rpm php53-imap-5.3.3-26.el5_11.ia64.rpm php53-intl-5.3.3-26.el5_11.ia64.rpm php53-ldap-5.3.3-26.el5_11.ia64.rpm php53-mbstring-5.3.3-26.el5_11.ia64.rpm php53-mysql-5.3.3-26.el5_11.ia64.rpm php53-odbc-5.3.3-26.el5_11.ia64.rpm php53-pdo-5.3.3-26.el5_11.ia64.rpm php53-pgsql-5.3.3-26.el5_11.ia64.rpm php53-process-5.3.3-26.el5_11.ia64.rpm php53-pspell-5.3.3-26.el5_11.ia64.rpm php53-snmp-5.3.3-26.el5_11.ia64.rpm php53-soap-5.3.3-26.el5_11.ia64.rpm php53-xml-5.3.3-26.el5_11.ia64.rpm php53-xmlrpc-5.3.3-26.el5_11.ia64.rpm ppc: php53-5.3.3-26.el5_11.ppc.rpm php53-bcmath-5.3.3-26.el5_11.ppc.rpm php53-cli-5.3.3-26.el5_11.ppc.rpm php53-common-5.3.3-26.el5_11.ppc.rpm php53-dba-5.3.3-26.el5_11.ppc.rpm php53-debuginfo-5.3.3-26.el5_11.ppc.rpm php53-devel-5.3.3-26.el5_11.ppc.rpm php53-gd-5.3.3-26.el5_11.ppc.rpm php53-imap-5.3.3-26.el5_11.ppc.rpm php53-intl-5.3.3-26.el5_11.ppc.rpm php53-ldap-5.3.3-26.el5_11.ppc.rpm php53-mbstring-5.3.3-26.el5_11.ppc.rpm php53-mysql-5.3.3-26.el5_11.ppc.rpm php53-odbc-5.3.3-26.el5_11.ppc.rpm php53-pdo-5.3.3-26.el5_11.ppc.rpm php53-pgsql-5.3.3-26.el5_11.ppc.rpm php53-process-5.3.3-26.el5_11.ppc.rpm php53-pspell-5.3.3-26.el5_11.ppc.rpm php53-snmp-5.3.3-26.el5_11.ppc.rpm php53-soap-5.3.3-26.el5_11.ppc.rpm php53-xml-5.3.3-26.el5_11.ppc.rpm php53-xmlrpc-5.3.3-26.el5_11.ppc.rpm s390x: php53-5.3.3-26.el5_11.s390x.rpm php53-bcmath-5.3.3-26.el5_11.s390x.rpm php53-cli-5.3.3-26.el5_11.s390x.rpm php53-common-5.3.3-26.el5_11.s390x.rpm php53-dba-5.3.3-26.el5_11.s390x.rpm php53-debuginfo-5.3.3-26.el5_11.s390x.rpm php53-devel-5.3.3-26.el5_11.s390x.rpm php53-gd-5.3.3-26.el5_11.s390x.rpm php53-imap-5.3.3-26.el5_11.s390x.rpm php53-intl-5.3.3-26.el5_11.s390x.rpm php53-ldap-5.3.3-26.el5_11.s390x.rpm php53-mbstring-5.3.3-26.el5_11.s390x.rpm php53-mysql-5.3.3-26.el5_11.s390x.rpm php53-odbc-5.3.3-26.el5_11.s390x.rpm php53-pdo-5.3.3-26.el5_11.s390x.rpm php53-pgsql-5.3.3-26.el5_11.s390x.rpm php53-process-5.3.3-26.el5_11.s390x.rpm php53-pspell-5.3.3-26.el5_11.s390x.rpm php53-snmp-5.3.3-26.el5_11.s390x.rpm php53-soap-5.3.3-26.el5_11.s390x.rpm php53-xml-5.3.3-26.el5_11.s390x.rpm php53-xmlrpc-5.3.3-26.el5_11.s390x.rpm x86_64: php53-5.3.3-26.el5_11.x86_64.rpm php53-bcmath-5.3.3-26.el5_11.x86_64.rpm php53-cli-5.3.3-26.el5_11.x86_64.rpm php53-common-5.3.3-26.el5_11.x86_64.rpm php53-dba-5.3.3-26.el5_11.x86_64.rpm php53-debuginfo-5.3.3-26.el5_11.x86_64.rpm php53-devel-5.3.3-26.el5_11.x86_64.rpm php53-gd-5.3.3-26.el5_11.x86_64.rpm php53-imap-5.3.3-26.el5_11.x86_64.rpm php53-intl-5.3.3-26.el5_11.x86_64.rpm php53-ldap-5.3.3-26.el5_11.x86_64.rpm php53-mbstring-5.3.3-26.el5_11.x86_64.rpm php53-mysql-5.3.3-26.el5_11.x86_64.rpm php53-odbc-5.3.3-26.el5_11.x86_64.rpm php53-pdo-5.3.3-26.el5_11.x86_64.rpm php53-pgsql-5.3.3-26.el5_11.x86_64.rpm php53-process-5.3.3-26.el5_11.x86_64.rpm php53-pspell-5.3.3-26.el5_11.x86_64.rpm php53-snmp-5.3.3-26.el5_11.x86_64.rpm php53-soap-5.3.3-26.el5_11.x86_64.rpm php53-xml-5.3.3-26.el5_11.x86_64.rpm php53-xmlrpc-5.3.3-26.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3668 https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUqYaXlSAg2UNWIIRAnVAAJ9GafX1l1QFapjmQLLSXyv6X+PmsACeLg4g 1aZFgm4lzqWVmymw19Ix7M0= =zAxB -----END PGP SIGNATURE-----