From bugzilla at redhat.com Wed Apr 1 06:44:11 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Apr 2015 06:44:11 +0000 Subject: [RHSA-2015:0767-01] Important: flac security update Message-ID: <201504010644.t316iCTW026477@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: flac security update Advisory ID: RHSA-2015:0767-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0767.html Issue date: 2015-03-31 Updated on: 2015-04-01 CVE Names: CVE-2014-8962 CVE-2014-9028 ===================================================================== 1. Summary: Updated flac packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The flac packages contain a decoder and an encoder for the FLAC (Free Lossless Audio Codec) audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028) A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962) All flac users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications linked against the flac library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1167236 - CVE-2014-8962 flac: Buffer read overflow when processing ID3V2 metadata 1167741 - CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_ 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: flac-1.2.1-7.el6_6.src.rpm i386: flac-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm x86_64: flac-1.2.1-7.el6_6.i686.rpm flac-1.2.1-7.el6_6.x86_64.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.i686.rpm x86_64: flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm flac-devel-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: flac-1.2.1-7.el6_6.src.rpm x86_64: flac-1.2.1-7.el6_6.i686.rpm flac-1.2.1-7.el6_6.x86_64.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm flac-devel-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: flac-1.2.1-7.el6_6.src.rpm i386: flac-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm ppc64: flac-1.2.1-7.el6_6.ppc.rpm flac-1.2.1-7.el6_6.ppc64.rpm flac-debuginfo-1.2.1-7.el6_6.ppc.rpm flac-debuginfo-1.2.1-7.el6_6.ppc64.rpm s390x: flac-1.2.1-7.el6_6.s390.rpm flac-1.2.1-7.el6_6.s390x.rpm flac-debuginfo-1.2.1-7.el6_6.s390.rpm flac-debuginfo-1.2.1-7.el6_6.s390x.rpm x86_64: flac-1.2.1-7.el6_6.i686.rpm flac-1.2.1-7.el6_6.x86_64.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.i686.rpm ppc64: flac-debuginfo-1.2.1-7.el6_6.ppc.rpm flac-debuginfo-1.2.1-7.el6_6.ppc64.rpm flac-devel-1.2.1-7.el6_6.ppc.rpm flac-devel-1.2.1-7.el6_6.ppc64.rpm s390x: flac-debuginfo-1.2.1-7.el6_6.s390.rpm flac-debuginfo-1.2.1-7.el6_6.s390x.rpm flac-devel-1.2.1-7.el6_6.s390.rpm flac-devel-1.2.1-7.el6_6.s390x.rpm x86_64: flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm flac-devel-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: flac-1.2.1-7.el6_6.src.rpm i386: flac-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm x86_64: flac-1.2.1-7.el6_6.i686.rpm flac-1.2.1-7.el6_6.x86_64.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.i686.rpm x86_64: flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm flac-devel-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: flac-1.3.0-5.el7_1.src.rpm x86_64: flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-libs-1.3.0-5.el7_1.i686.rpm flac-libs-1.3.0-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: flac-1.3.0-5.el7_1.x86_64.rpm flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-devel-1.3.0-5.el7_1.i686.rpm flac-devel-1.3.0-5.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: flac-1.3.0-5.el7_1.src.rpm x86_64: flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-libs-1.3.0-5.el7_1.i686.rpm flac-libs-1.3.0-5.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: flac-1.3.0-5.el7_1.x86_64.rpm flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-devel-1.3.0-5.el7_1.i686.rpm flac-devel-1.3.0-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: flac-1.3.0-5.el7_1.src.rpm ppc64: flac-debuginfo-1.3.0-5.el7_1.ppc.rpm flac-debuginfo-1.3.0-5.el7_1.ppc64.rpm flac-libs-1.3.0-5.el7_1.ppc.rpm flac-libs-1.3.0-5.el7_1.ppc64.rpm s390x: flac-debuginfo-1.3.0-5.el7_1.s390.rpm flac-debuginfo-1.3.0-5.el7_1.s390x.rpm flac-libs-1.3.0-5.el7_1.s390.rpm flac-libs-1.3.0-5.el7_1.s390x.rpm x86_64: flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-libs-1.3.0-5.el7_1.i686.rpm flac-libs-1.3.0-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: flac-1.3.0-5.ael7b_1.src.rpm ppc64le: flac-debuginfo-1.3.0-5.ael7b_1.ppc64le.rpm flac-libs-1.3.0-5.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: flac-1.3.0-5.el7_1.ppc64.rpm flac-debuginfo-1.3.0-5.el7_1.ppc.rpm flac-debuginfo-1.3.0-5.el7_1.ppc64.rpm flac-devel-1.3.0-5.el7_1.ppc.rpm flac-devel-1.3.0-5.el7_1.ppc64.rpm s390x: flac-1.3.0-5.el7_1.s390x.rpm flac-debuginfo-1.3.0-5.el7_1.s390.rpm flac-debuginfo-1.3.0-5.el7_1.s390x.rpm flac-devel-1.3.0-5.el7_1.s390.rpm flac-devel-1.3.0-5.el7_1.s390x.rpm x86_64: flac-1.3.0-5.el7_1.x86_64.rpm flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-devel-1.3.0-5.el7_1.i686.rpm flac-devel-1.3.0-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: flac-1.3.0-5.ael7b_1.ppc64le.rpm flac-debuginfo-1.3.0-5.ael7b_1.ppc64le.rpm flac-devel-1.3.0-5.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: flac-1.3.0-5.el7_1.src.rpm x86_64: flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-libs-1.3.0-5.el7_1.i686.rpm flac-libs-1.3.0-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: flac-1.3.0-5.el7_1.x86_64.rpm flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-devel-1.3.0-5.el7_1.i686.rpm flac-devel-1.3.0-5.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8962 https://access.redhat.com/security/cve/CVE-2014-9028 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVG5OhXlSAg2UNWIIRAia8AJsFSX4621X/fGy4597RN0d9py7keQCfdQWo 9fJC03dS5ZFip8Dj2ELCyZs= =u1Z1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 1 07:04:00 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Apr 2015 07:04:00 +0000 Subject: [RHSA-2015:0768-01] Low: Red Hat Enterprise Linux 5.9 Extended Update Support Retirement Notice Message-ID: <201504010704.t31741LN018830@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5.9 Extended Update Support Retirement Notice Advisory ID: RHSA-2015:0768-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0768.html Issue date: 2015-04-01 ===================================================================== 1. Summary: This is the final notification for the retirement of Red Hat Enterprise Linux 5.9 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.9. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 was retired on March 31, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux EUS (v. 5.9 server): Source: redhat-release-5Server-5.9.0.5.src.rpm i386: redhat-release-5Server-5.9.0.5.i386.rpm ia64: redhat-release-5Server-5.9.0.5.ia64.rpm ppc: redhat-release-5Server-5.9.0.5.ppc.rpm s390x: redhat-release-5Server-5.9.0.5.s390x.rpm x86_64: redhat-release-5Server-5.9.0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVG5hbXlSAg2UNWIIRAseTAKCiRYrEhzXD0750sx1av94sjZ4XNACghAqI VNuXqTZL5RpkQ0MYRSdWJs0= =H2TC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 1 08:31:29 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Apr 2015 08:31:29 +0000 Subject: [RHSA-2015:0766-01] Critical: firefox security update Message-ID: <201504010820.t318KFNe023931@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2015:0766-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0766.html Issue date: 2015-04-01 CVE Names: CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Firefox. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1207068 - CVE-2015-0815 Mozilla: Miscellaneous memory safety hazards (rv:31.6) (MFSA 2015-30) 1207072 - CVE-2015-0816 Mozilla: resource:// documents can load privileged pages (MFSA 2015-33) 1207076 - CVE-2015-0807 Mozilla: CORS requests should not follow 30x redirections after preflight (MFSA 2015-36) 1207084 - CVE-2015-0801 Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40) 1207088 - CVE-2015-0813 Mozilla: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-31.6.0-2.el5_11.src.rpm i386: firefox-31.6.0-2.el5_11.i386.rpm firefox-debuginfo-31.6.0-2.el5_11.i386.rpm x86_64: firefox-31.6.0-2.el5_11.i386.rpm firefox-31.6.0-2.el5_11.x86_64.rpm firefox-debuginfo-31.6.0-2.el5_11.i386.rpm firefox-debuginfo-31.6.0-2.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-31.6.0-2.el5_11.src.rpm i386: firefox-31.6.0-2.el5_11.i386.rpm firefox-debuginfo-31.6.0-2.el5_11.i386.rpm ia64: firefox-31.6.0-2.el5_11.ia64.rpm firefox-debuginfo-31.6.0-2.el5_11.ia64.rpm ppc: firefox-31.6.0-2.el5_11.ppc.rpm firefox-debuginfo-31.6.0-2.el5_11.ppc.rpm s390x: firefox-31.6.0-2.el5_11.s390.rpm firefox-31.6.0-2.el5_11.s390x.rpm firefox-debuginfo-31.6.0-2.el5_11.s390.rpm firefox-debuginfo-31.6.0-2.el5_11.s390x.rpm x86_64: firefox-31.6.0-2.el5_11.i386.rpm firefox-31.6.0-2.el5_11.x86_64.rpm firefox-debuginfo-31.6.0-2.el5_11.i386.rpm firefox-debuginfo-31.6.0-2.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-31.6.0-2.el6_6.src.rpm i386: firefox-31.6.0-2.el6_6.i686.rpm firefox-debuginfo-31.6.0-2.el6_6.i686.rpm x86_64: firefox-31.6.0-2.el6_6.x86_64.rpm firefox-debuginfo-31.6.0-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-31.6.0-2.el6_6.i686.rpm firefox-debuginfo-31.6.0-2.el6_6.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-31.6.0-2.el6_6.src.rpm x86_64: firefox-31.6.0-2.el6_6.i686.rpm firefox-31.6.0-2.el6_6.x86_64.rpm firefox-debuginfo-31.6.0-2.el6_6.i686.rpm firefox-debuginfo-31.6.0-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-31.6.0-2.el6_6.src.rpm i386: firefox-31.6.0-2.el6_6.i686.rpm firefox-debuginfo-31.6.0-2.el6_6.i686.rpm ppc64: firefox-31.6.0-2.el6_6.ppc64.rpm firefox-debuginfo-31.6.0-2.el6_6.ppc64.rpm s390x: firefox-31.6.0-2.el6_6.s390x.rpm firefox-debuginfo-31.6.0-2.el6_6.s390x.rpm x86_64: firefox-31.6.0-2.el6_6.x86_64.rpm firefox-debuginfo-31.6.0-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-31.6.0-2.el6_6.ppc.rpm firefox-debuginfo-31.6.0-2.el6_6.ppc.rpm s390x: firefox-31.6.0-2.el6_6.s390.rpm firefox-debuginfo-31.6.0-2.el6_6.s390.rpm x86_64: firefox-31.6.0-2.el6_6.i686.rpm firefox-debuginfo-31.6.0-2.el6_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-31.6.0-2.el6_6.src.rpm i386: firefox-31.6.0-2.el6_6.i686.rpm firefox-debuginfo-31.6.0-2.el6_6.i686.rpm x86_64: firefox-31.6.0-2.el6_6.x86_64.rpm firefox-debuginfo-31.6.0-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-31.6.0-2.el6_6.i686.rpm firefox-debuginfo-31.6.0-2.el6_6.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-31.6.0-2.el7_1.src.rpm xulrunner-31.6.0-2.el7_1.src.rpm x86_64: firefox-31.6.0-2.el7_1.x86_64.rpm firefox-debuginfo-31.6.0-2.el7_1.x86_64.rpm xulrunner-31.6.0-2.el7_1.i686.rpm xulrunner-31.6.0-2.el7_1.x86_64.rpm xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-31.6.0-2.el7_1.i686.rpm firefox-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm xulrunner-devel-31.6.0-2.el7_1.i686.rpm xulrunner-devel-31.6.0-2.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xulrunner-31.6.0-2.el7_1.src.rpm x86_64: xulrunner-31.6.0-2.el7_1.i686.rpm xulrunner-31.6.0-2.el7_1.x86_64.rpm xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm xulrunner-devel-31.6.0-2.el7_1.i686.rpm xulrunner-devel-31.6.0-2.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-31.6.0-2.el7_1.src.rpm xulrunner-31.6.0-2.el7_1.src.rpm ppc64: firefox-31.6.0-2.el7_1.ppc64.rpm firefox-debuginfo-31.6.0-2.el7_1.ppc64.rpm xulrunner-31.6.0-2.el7_1.ppc.rpm xulrunner-31.6.0-2.el7_1.ppc64.rpm xulrunner-debuginfo-31.6.0-2.el7_1.ppc.rpm xulrunner-debuginfo-31.6.0-2.el7_1.ppc64.rpm s390x: firefox-31.6.0-2.el7_1.s390x.rpm firefox-debuginfo-31.6.0-2.el7_1.s390x.rpm x86_64: firefox-31.6.0-2.el7_1.x86_64.rpm firefox-debuginfo-31.6.0-2.el7_1.x86_64.rpm xulrunner-31.6.0-2.el7_1.i686.rpm xulrunner-31.6.0-2.el7_1.x86_64.rpm xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-31.6.0-2.ael7b_1.src.rpm xulrunner-31.6.0-2.ael7b_1.src.rpm ppc64le: firefox-31.6.0-2.ael7b_1.ppc64le.rpm firefox-debuginfo-31.6.0-2.ael7b_1.ppc64le.rpm xulrunner-31.6.0-2.ael7b_1.ppc64le.rpm xulrunner-debuginfo-31.6.0-2.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: xulrunner-31.6.0-2.el7_1.src.rpm ppc64: firefox-31.6.0-2.el7_1.ppc.rpm firefox-debuginfo-31.6.0-2.el7_1.ppc.rpm xulrunner-debuginfo-31.6.0-2.el7_1.ppc.rpm xulrunner-debuginfo-31.6.0-2.el7_1.ppc64.rpm xulrunner-devel-31.6.0-2.el7_1.ppc.rpm xulrunner-devel-31.6.0-2.el7_1.ppc64.rpm s390x: firefox-31.6.0-2.el7_1.s390.rpm firefox-debuginfo-31.6.0-2.el7_1.s390.rpm xulrunner-31.6.0-2.el7_1.s390.rpm xulrunner-31.6.0-2.el7_1.s390x.rpm xulrunner-debuginfo-31.6.0-2.el7_1.s390.rpm xulrunner-debuginfo-31.6.0-2.el7_1.s390x.rpm xulrunner-devel-31.6.0-2.el7_1.s390.rpm xulrunner-devel-31.6.0-2.el7_1.s390x.rpm x86_64: firefox-31.6.0-2.el7_1.i686.rpm firefox-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm xulrunner-devel-31.6.0-2.el7_1.i686.rpm xulrunner-devel-31.6.0-2.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: xulrunner-debuginfo-31.6.0-2.ael7b_1.ppc64le.rpm xulrunner-devel-31.6.0-2.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-31.6.0-2.el7_1.src.rpm xulrunner-31.6.0-2.el7_1.src.rpm x86_64: firefox-31.6.0-2.el7_1.x86_64.rpm firefox-debuginfo-31.6.0-2.el7_1.x86_64.rpm xulrunner-31.6.0-2.el7_1.i686.rpm xulrunner-31.6.0-2.el7_1.x86_64.rpm xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-31.6.0-2.el7_1.i686.rpm firefox-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm xulrunner-devel-31.6.0-2.el7_1.i686.rpm xulrunner-devel-31.6.0-2.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0801 https://access.redhat.com/security/cve/CVE-2015-0807 https://access.redhat.com/security/cve/CVE-2015-0813 https://access.redhat.com/security/cve/CVE-2015-0815 https://access.redhat.com/security/cve/CVE-2015-0816 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.6 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVG6otXlSAg2UNWIIRAm9SAJ9kT83FquyCrcKqm9zDzVvZt8cWBwCgmAGm WeGIVo5AKY++dQxX+jcZ7sI= =zpih -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 1 15:05:47 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Apr 2015 15:05:47 +0000 Subject: [RHSA-2015:0771-01] Important: thunderbird security update Message-ID: <201504011505.t31F5msI020488@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2015:0771-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0771.html Issue date: 2015-04-01 CVE Names: CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1207068 - CVE-2015-0815 Mozilla: Miscellaneous memory safety hazards (rv:31.6) (MFSA 2015-30) 1207072 - CVE-2015-0816 Mozilla: resource:// documents can load privileged pages (MFSA 2015-33) 1207076 - CVE-2015-0807 Mozilla: CORS requests should not follow 30x redirections after preflight (MFSA 2015-37) 1207084 - CVE-2015-0801 Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40) 1207088 - CVE-2015-0813 Mozilla: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-31.6.0-1.el5_11.src.rpm i386: thunderbird-31.6.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.6.0-1.el5_11.i386.rpm x86_64: thunderbird-31.6.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el5_11.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: thunderbird-31.6.0-1.el5_11.src.rpm i386: thunderbird-31.6.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.6.0-1.el5_11.i386.rpm x86_64: thunderbird-31.6.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-31.6.0-1.el6_6.src.rpm i386: thunderbird-31.6.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.6.0-1.el6_6.i686.rpm x86_64: thunderbird-31.6.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-31.6.0-1.el6_6.src.rpm i386: thunderbird-31.6.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.6.0-1.el6_6.i686.rpm ppc64: thunderbird-31.6.0-1.el6_6.ppc64.rpm thunderbird-debuginfo-31.6.0-1.el6_6.ppc64.rpm s390x: thunderbird-31.6.0-1.el6_6.s390x.rpm thunderbird-debuginfo-31.6.0-1.el6_6.s390x.rpm x86_64: thunderbird-31.6.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-31.6.0-1.el6_6.src.rpm i386: thunderbird-31.6.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.6.0-1.el6_6.i686.rpm x86_64: thunderbird-31.6.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-31.6.0-1.el7_1.src.rpm x86_64: thunderbird-31.6.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-31.6.0-1.el7_1.src.rpm x86_64: thunderbird-31.6.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-31.6.0-1.ael7b_1.src.rpm ppc64le: thunderbird-31.6.0-1.ael7b_1.ppc64le.rpm thunderbird-debuginfo-31.6.0-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-31.6.0-1.el7_1.src.rpm x86_64: thunderbird-31.6.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-31.6.0-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0801 https://access.redhat.com/security/cve/CVE-2015-0807 https://access.redhat.com/security/cve/CVE-2015-0813 https://access.redhat.com/security/cve/CVE-2015-0815 https://access.redhat.com/security/cve/CVE-2015-0816 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.6 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVHAkHXlSAg2UNWIIRAnCRAKCkWM5osc8E97Q2nPZJxKwPHkttAACfSdT5 WKOJmA01nkrhsmU45g4V+0g= =d3sp -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 6 14:40:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 6 Apr 2015 14:40:28 +0000 Subject: [RHSA-2015:0778-01] Critical: chromium-browser security update Message-ID: <201504061440.t36EeSXN013779@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2015:0778-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0778.html Issue date: 2015-04-06 CVE Names: CVE-2015-1233 CVE-2015-1234 ===================================================================== 1. Summary: Updated chromium-browser packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1233, CVE-2015-1234) All Chromium users should upgrade to these updated packages, which contain Chromium version 41.0.2272.118, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1208422 - CVE-2015-1233 chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution 1208424 - CVE-2015-1234 chromium-browser: buffer overflow via race condition in GPU 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1233 https://access.redhat.com/security/cve/CVE-2015-1234 https://access.redhat.com/security/updates/classification/#critical http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVIpk8XlSAg2UNWIIRAqvfAJ4gF/bAUqQnIGEvpjz2gm98etxcJQCdEYz1 RYA4PeHRl1iWQQ2YMJdo6rg= =oA8r -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 7 15:14:43 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Apr 2015 15:14:43 +0000 Subject: [RHSA-2015:0782-01] Important: kernel security and bug fix update Message-ID: <201504071514.t37FEixg005444@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0782-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0782.html Issue date: 2015-04-07 CVE Names: CVE-2013-2596 CVE-2014-3690 CVE-2014-5471 CVE-2014-5472 CVE-2014-8159 CVE-2014-8884 CVE-2015-1421 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2014-3690, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) * A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. (CVE-2014-8884, Low) Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and Andy Lutomirski for reporting CVE-2014-3690. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat. This update also fixes the following bugs: * Previously, a NULL pointer check that is needed to prevent an oops in the nfs_async_inode_return_delegation() function was removed. As a consequence, a NFS4 client could terminate unexpectedly. The missing NULL pointer check has been added back, and NFS4 client no longer crashes in this situation. (BZ#1187638) * Due to unbalanced multicast join and leave processing, the attempt to leave a multicast group that had not previously completed a join became unresponsive. This update resolves multiple locking issues in the IPoIB multicast code that allowed multicast groups to be left before the joining was entirely completed. Now, multicast join and leave failures or lockups no longer occur in the described situation. (BZ#1187663) * A failure to leave a multicast group which had previously been joined prevented the attempt to unregister from the "sa" service. Multiple locking issues in the IPoIB multicast join and leave processing have been fixed so that leaving a group that has completed its join process is successful. As a result, attempts to unregister from the "sa" service no longer lock up due to leaked resources. (BZ#1187665) * Due to a regression, when large reads which partially extended beyond the end of the underlying device were done, the raw driver returned the EIO error code instead of returning a short read covering the valid part of the device. The underlying source code has been patched, and the raw driver now returns a short read for the remainder of the device. (BZ#1195746) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1034490 - CVE-2013-2596 kernel: integer overflow in fb_mmap 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories 1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries 1164266 - CVE-2014-8884 kernel: usb: buffer overflow in ttusb-dec 1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access 1196581 - CVE-2015-1421 kernel: net: slab corruption from use after free on INIT collisions 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: kernel-2.6.32-431.53.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.53.2.el6.noarch.rpm kernel-doc-2.6.32-431.53.2.el6.noarch.rpm kernel-firmware-2.6.32-431.53.2.el6.noarch.rpm x86_64: kernel-2.6.32-431.53.2.el6.x86_64.rpm kernel-debug-2.6.32-431.53.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.53.2.el6.x86_64.rpm kernel-devel-2.6.32-431.53.2.el6.x86_64.rpm kernel-headers-2.6.32-431.53.2.el6.x86_64.rpm perf-2.6.32-431.53.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: kernel-2.6.32-431.53.2.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.53.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm python-perf-2.6.32-431.53.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: kernel-2.6.32-431.53.2.el6.src.rpm i386: kernel-2.6.32-431.53.2.el6.i686.rpm kernel-debug-2.6.32-431.53.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.53.2.el6.i686.rpm kernel-debug-devel-2.6.32-431.53.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.53.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.53.2.el6.i686.rpm kernel-devel-2.6.32-431.53.2.el6.i686.rpm kernel-headers-2.6.32-431.53.2.el6.i686.rpm perf-2.6.32-431.53.2.el6.i686.rpm perf-debuginfo-2.6.32-431.53.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.53.2.el6.noarch.rpm kernel-doc-2.6.32-431.53.2.el6.noarch.rpm kernel-firmware-2.6.32-431.53.2.el6.noarch.rpm ppc64: kernel-2.6.32-431.53.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.53.2.el6.ppc64.rpm kernel-debug-2.6.32-431.53.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.53.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.53.2.el6.ppc64.rpm kernel-devel-2.6.32-431.53.2.el6.ppc64.rpm kernel-headers-2.6.32-431.53.2.el6.ppc64.rpm perf-2.6.32-431.53.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm s390x: kernel-2.6.32-431.53.2.el6.s390x.rpm kernel-debug-2.6.32-431.53.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.53.2.el6.s390x.rpm kernel-debug-devel-2.6.32-431.53.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.53.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.53.2.el6.s390x.rpm kernel-devel-2.6.32-431.53.2.el6.s390x.rpm kernel-headers-2.6.32-431.53.2.el6.s390x.rpm kernel-kdump-2.6.32-431.53.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.53.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.53.2.el6.s390x.rpm perf-2.6.32-431.53.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.53.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.s390x.rpm x86_64: kernel-2.6.32-431.53.2.el6.x86_64.rpm kernel-debug-2.6.32-431.53.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.53.2.el6.x86_64.rpm kernel-devel-2.6.32-431.53.2.el6.x86_64.rpm kernel-headers-2.6.32-431.53.2.el6.x86_64.rpm perf-2.6.32-431.53.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: kernel-2.6.32-431.53.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.53.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.53.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.53.2.el6.i686.rpm perf-debuginfo-2.6.32-431.53.2.el6.i686.rpm python-perf-2.6.32-431.53.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.53.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm python-perf-2.6.32-431.53.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.53.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.53.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.53.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.53.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.53.2.el6.s390x.rpm python-perf-2.6.32-431.53.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.53.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm python-perf-2.6.32-431.53.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.53.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2596 https://access.redhat.com/security/cve/CVE-2014-3690 https://access.redhat.com/security/cve/CVE-2014-5471 https://access.redhat.com/security/cve/CVE-2014-5472 https://access.redhat.com/security/cve/CVE-2014-8159 https://access.redhat.com/security/cve/CVE-2014-8884 https://access.redhat.com/security/cve/CVE-2015-1421 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVI/RQXlSAg2UNWIIRAkc+AJsGccCr60uT5QmqlUW+J9WhYoEyXACggsLU u4WTqS8x4bPMPPDGTt5PkBQ= =1fkz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 7 15:31:38 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Apr 2015 15:31:38 +0000 Subject: [RHSA-2015:0783-01] Important: kernel security and bug fix update Message-ID: <201504071531.t37FVdes021283@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0783-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0783.html Issue date: 2015-04-07 CVE Names: CVE-2014-8159 CVE-2014-8867 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host. (CVE-2014-8867, Important) Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and the Xen project for reporting CVE-2014-8867. This update also fixes the following bugs: * Under memory pressure, cached data was previously flushed to the backing server using the PID of the thread responsible for flushing the data in the Server Message Block (SMB) headers instead of the PID of the thread which actually wrote the data. As a consequence, when a file was locked by the writing thread prior to writing, the server considered writes by the thread flushing the pagecache as being a separate process from writing to a locked file, and thus rejected the writes. In addition, the data to be written was discarded. This update ensures that the correct PID is sent to the server, and data corruption is avoided when data is being written from a client under memory pressure. (BZ#1169304) * This update adds support for new cryptographic hardware in toleration mode for IBM System z. (BZ#1182522) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1164255 - CVE-2014-8867 xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (xsa112) 1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-404.el5.src.rpm i386: kernel-2.6.18-404.el5.i686.rpm kernel-PAE-2.6.18-404.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-404.el5.i686.rpm kernel-PAE-devel-2.6.18-404.el5.i686.rpm kernel-debug-2.6.18-404.el5.i686.rpm kernel-debug-debuginfo-2.6.18-404.el5.i686.rpm kernel-debug-devel-2.6.18-404.el5.i686.rpm kernel-debuginfo-2.6.18-404.el5.i686.rpm kernel-debuginfo-common-2.6.18-404.el5.i686.rpm kernel-devel-2.6.18-404.el5.i686.rpm kernel-headers-2.6.18-404.el5.i386.rpm kernel-xen-2.6.18-404.el5.i686.rpm kernel-xen-debuginfo-2.6.18-404.el5.i686.rpm kernel-xen-devel-2.6.18-404.el5.i686.rpm noarch: kernel-doc-2.6.18-404.el5.noarch.rpm x86_64: kernel-2.6.18-404.el5.x86_64.rpm kernel-debug-2.6.18-404.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-404.el5.x86_64.rpm kernel-debug-devel-2.6.18-404.el5.x86_64.rpm kernel-debuginfo-2.6.18-404.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-404.el5.x86_64.rpm kernel-devel-2.6.18-404.el5.x86_64.rpm kernel-headers-2.6.18-404.el5.x86_64.rpm kernel-xen-2.6.18-404.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-404.el5.x86_64.rpm kernel-xen-devel-2.6.18-404.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-404.el5.src.rpm i386: kernel-2.6.18-404.el5.i686.rpm kernel-PAE-2.6.18-404.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-404.el5.i686.rpm kernel-PAE-devel-2.6.18-404.el5.i686.rpm kernel-debug-2.6.18-404.el5.i686.rpm kernel-debug-debuginfo-2.6.18-404.el5.i686.rpm kernel-debug-devel-2.6.18-404.el5.i686.rpm kernel-debuginfo-2.6.18-404.el5.i686.rpm kernel-debuginfo-common-2.6.18-404.el5.i686.rpm kernel-devel-2.6.18-404.el5.i686.rpm kernel-headers-2.6.18-404.el5.i386.rpm kernel-xen-2.6.18-404.el5.i686.rpm kernel-xen-debuginfo-2.6.18-404.el5.i686.rpm kernel-xen-devel-2.6.18-404.el5.i686.rpm ia64: kernel-2.6.18-404.el5.ia64.rpm kernel-debug-2.6.18-404.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-404.el5.ia64.rpm kernel-debug-devel-2.6.18-404.el5.ia64.rpm kernel-debuginfo-2.6.18-404.el5.ia64.rpm kernel-debuginfo-common-2.6.18-404.el5.ia64.rpm kernel-devel-2.6.18-404.el5.ia64.rpm kernel-headers-2.6.18-404.el5.ia64.rpm kernel-xen-2.6.18-404.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-404.el5.ia64.rpm kernel-xen-devel-2.6.18-404.el5.ia64.rpm noarch: kernel-doc-2.6.18-404.el5.noarch.rpm ppc: kernel-2.6.18-404.el5.ppc64.rpm kernel-debug-2.6.18-404.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-404.el5.ppc64.rpm kernel-debug-devel-2.6.18-404.el5.ppc64.rpm kernel-debuginfo-2.6.18-404.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-404.el5.ppc64.rpm kernel-devel-2.6.18-404.el5.ppc64.rpm kernel-headers-2.6.18-404.el5.ppc.rpm kernel-headers-2.6.18-404.el5.ppc64.rpm kernel-kdump-2.6.18-404.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-404.el5.ppc64.rpm kernel-kdump-devel-2.6.18-404.el5.ppc64.rpm s390x: kernel-2.6.18-404.el5.s390x.rpm kernel-debug-2.6.18-404.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-404.el5.s390x.rpm kernel-debug-devel-2.6.18-404.el5.s390x.rpm kernel-debuginfo-2.6.18-404.el5.s390x.rpm kernel-debuginfo-common-2.6.18-404.el5.s390x.rpm kernel-devel-2.6.18-404.el5.s390x.rpm kernel-headers-2.6.18-404.el5.s390x.rpm kernel-kdump-2.6.18-404.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-404.el5.s390x.rpm kernel-kdump-devel-2.6.18-404.el5.s390x.rpm x86_64: kernel-2.6.18-404.el5.x86_64.rpm kernel-debug-2.6.18-404.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-404.el5.x86_64.rpm kernel-debug-devel-2.6.18-404.el5.x86_64.rpm kernel-debuginfo-2.6.18-404.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-404.el5.x86_64.rpm kernel-devel-2.6.18-404.el5.x86_64.rpm kernel-headers-2.6.18-404.el5.x86_64.rpm kernel-xen-2.6.18-404.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-404.el5.x86_64.rpm kernel-xen-devel-2.6.18-404.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8159 https://access.redhat.com/security/cve/CVE-2014-8867 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVI/dsXlSAg2UNWIIRAqOlAJwOOKtqsWgPuw58Ymh3jc30ZPbMMQCfUnWh Q6oblLEtjh4aBkyzP5f6o1k= =wufe -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 8 00:37:16 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 8 Apr 2015 00:37:16 +0000 Subject: [RHSA-2015:0791-01] Important: Red Hat Enterprise Linux OpenStack Platform Installer update Message-ID: <201504080037.t380bH4a013000@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux OpenStack Platform Installer update Advisory ID: RHSA-2015:0791-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0791.html Issue date: 2015-04-07 CVE Names: CVE-2015-1842 ===================================================================== 1. Summary: Updated Red Hat Enterprise Linux OpenStack Platform Installer packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 6 Installer for RHEL 7 - noarch 3. Description: Red Hat Enterprise OpenStack Platform Installer is a deployment management tool. It provides a web user interface for managing the installation and configuration of remote systems. Deployment of changes is performed using Puppet. Additionally, Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Preboot Execution Environment (PXE), and Trivial File Transfer Protocol (TFTP) services can be provided. Controlling these services also enables provisioning of physical systems that do not yet have an operating system installed. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. (CVE-2015-1842) Note: This flaw only affects Red Hat Enterprise Linux OpenStack Platform installations deployed using the HA feature set. For additional information on addressing this flaw see: https://access.redhat.com/articles/1396123 This issue was discovered by Alessandro Vozza of Red Hat. In addition to the above issue, this update also addresses multiple bugs which are documented in the Red Hat Enterprise Linux OpenStack Platform Technical Notes, linked to in the References section. All Red Hat Enterprise Linux OpenStack Platform Installer users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1131584 - If fd0 is in /proc/partitions in the provisioned nodes installation fails with "Specified nonexistent disk fd0 in partition command" 1179892 - Could not retrieve catalog from remote server: Error 400 on SERVER: undefined method `to_a' for "eqlx1":String at /etc/puppet/environments/production/modules/quickstack/manifests/cinder_volume.pp:179 1187815 - Add an indicator to Assigned Hosts table to show when networks have been configured 1188602 - Can't change the IP in interfaces of hosts assigned to an OSP deployment if the interfaces are a bond device 1189921 - [HA] start/stop ordering constraint are not correct and can cause cluster to fail on shutdown 1190185 - OFI not reliably setting IP for tenant bridge when using tunnels 1191519 - Need to increase the value of max_connections in Galera to avoid disconnections 1192513 - Ceilometer not installed correctly via installer 1192862 - Glance fails to start after RHEL-OSP6 install with Ceph backend (missing known_stores) 1192864 - Ceph public network is evaluated to be the Provisioning/PXE network 1193582 - [Neutron][Staypuft] Single Controller fails to create router 1194269 - Deployment will stop on systems which boots/shutdowns quickly and foreman-proxy is terminated before buffer is flushed. 1196310 - Include rhel-ha-for-rhel-7-server-rpms channel for HA deployments 1198032 - VRRP_Instance are on MASTER STATE on all controllers. 1199266 - OSP compute nodes should not rely on ceph command 1199827 - RHEL-OSP-Installer should disable all repos before activating the right ones 1201363 - Changes in fencing require OFI changes 1201875 - CVE-2015-1842 openstack-puppet-modules: pacemaker configured with default password 1202464 - rubygem-staypuft: During deployment -error in reports: Execution of '/usr/bin/systemctl start openstack-nova-compute' returned 1: Job for openstack-nova-compute.service failed 1204483 - HA | Duplicate entry exception for vxlan-allocation cause to neutron-server fail to start. VXLAN. 1204647 - Download of glance image fails because of wrong glance_store option. 1207284 - l2pop and l3-ha should never be turned on together 6. Package List: OpenStack 6 Installer for RHEL 7: Source: foreman-discovery-image-7.0-20150227.0.el7ost.src.rpm foreman-proxy-1.6.0.30-6.el7ost.src.rpm openstack-foreman-installer-3.0.22-1.el7ost.src.rpm openstack-puppet-modules-2014.2.13-2.el7ost.src.rpm rhel-osp-installer-0.5.7-1.el7ost.src.rpm ruby193-rubygem-staypuft-0.5.22-1.el7ost.src.rpm noarch: foreman-discovery-image-7.0-20150227.0.el7ost.noarch.rpm foreman-proxy-1.6.0.30-6.el7ost.noarch.rpm openstack-foreman-installer-3.0.22-1.el7ost.noarch.rpm openstack-puppet-modules-2014.2.13-2.el7ost.noarch.rpm rhel-osp-installer-0.5.7-1.el7ost.noarch.rpm rhel-osp-installer-client-0.5.7-1.el7ost.noarch.rpm ruby193-rubygem-staypuft-0.5.22-1.el7ost.noarch.rpm ruby193-rubygem-staypuft-doc-0.5.22-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1842 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Technical_Notes/index.html https://access.redhat.com/articles/1396123 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJHgvXlSAg2UNWIIRAmjiAJ9mRPeObffyQfqpnNijZ5sMTRZ8qACgqGNk lFuldaWjVK6ld2aZ537/+DU= =AvXo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 8 01:00:19 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 8 Apr 2015 01:00:19 +0000 Subject: [RHSA-2015:0790-01] Important: openstack-nova security, bug fix, and enhancement update Message-ID: <201504080100.t3810KWD019910@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2015:0790-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0790.html Issue date: 2015-04-07 CVE Names: CVE-2015-0259 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute (nova) console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw. (CVE-2015-0259) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Brian Manifold of Cisco, and Paul McMillan of Nebula as the original reporters. In addition to the above issue, this update also addresses bugs and enhancements which are documented in the Red Hat Enterprise Linux OpenStack Platform Technical Notes, linked to in the References section. All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1017288 - [Blocked] Snapshots on GlusterFS w/ libgfapi enabled 1100535 - [RFE][nova]: Add a virt driver for Ironic 1104926 - [RFE][nova]: I/O (PCIe) Based NUMA Scheduling 1171454 - Launching an instance with muliple interfaces attached to same network by using --net-id fails 1190112 - CVE-2015-0259 openstack-nova: console Cross-Site WebSocket hijacking 1190719 - when using dedicated cpus, the emulator thread should be affined as well 1191174 - Cinder volume fails to attach when multipathing in Nova and Storwize CHAPS are enabled 1203182 - Launching an instance fails when using a port with vnic_type=direct 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-nova-2014.2.2-19.el7ost.src.rpm noarch: openstack-nova-2014.2.2-19.el7ost.noarch.rpm openstack-nova-api-2014.2.2-19.el7ost.noarch.rpm openstack-nova-cells-2014.2.2-19.el7ost.noarch.rpm openstack-nova-cert-2014.2.2-19.el7ost.noarch.rpm openstack-nova-common-2014.2.2-19.el7ost.noarch.rpm openstack-nova-compute-2014.2.2-19.el7ost.noarch.rpm openstack-nova-conductor-2014.2.2-19.el7ost.noarch.rpm openstack-nova-console-2014.2.2-19.el7ost.noarch.rpm openstack-nova-doc-2014.2.2-19.el7ost.noarch.rpm openstack-nova-network-2014.2.2-19.el7ost.noarch.rpm openstack-nova-novncproxy-2014.2.2-19.el7ost.noarch.rpm openstack-nova-objectstore-2014.2.2-19.el7ost.noarch.rpm openstack-nova-scheduler-2014.2.2-19.el7ost.noarch.rpm openstack-nova-serialproxy-2014.2.2-19.el7ost.noarch.rpm python-nova-2014.2.2-19.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0259 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJH2KXlSAg2UNWIIRAjRsAJ0d5/LLq9+PoQ2LPAYDQMiD/D2OnQCdGMkS 3Qm+bGKiWL7OTJwIAY+lOdA= =LCW/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 8 02:01:48 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 8 Apr 2015 02:01:48 +0000 Subject: [RHSA-2015:0789-01] Important: openstack-packstack and openstack-puppet-modules security and bug fix update Message-ID: <201504080201.t3821nI7012966@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-packstack and openstack-puppet-modules security and bug fix update Advisory ID: RHSA-2015:0789-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0789.html Issue date: 2015-04-07 CVE Names: CVE-2015-1842 ===================================================================== 1. Summary: Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for proof-of-concept installations. PackStack is suitable for deploying proof-of-concept installations. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. (CVE-2015-1842) This issue was discovered by Alessandro Vozza of Red Hat. This update also fixes the following bugs: * If OpenStack Networking is enabled, Packstack would display a warning if the Network Manager service is active on hosts. (BZ#1117277) * A quiet dependency on a newer version of selinux-policy causes openstack-selinux 0.6.23 to fail to install modules when paired with selinux-policy packages from Red Hat Enterprise Linux 7.0 or 7.0.z. This causes Identity and other OpenStack services to receive 'AVC' denials and malfunction under some circumstances. The following workarounds allow the OpenStack services to function correctly: 1) Leave openstack-selinux at 0.6.18-2.el7ost until you are ready to update to Red Hat Enterprise Linux 7.1. At that time, a 'yum update' will resolve the issue. 2) Install the updated selinux-policy and selinux-policy-targeted packages from Red Hat Enterprise Linux 7.1 (version selinux-policy-3.13.1-23.el7 or later), then update openstack-selinux to version 0.6.23-1.el7ost. (BZ#1195252) * A typo in the code caused a Sahara option that uses OpenStack Networking to be always false. Sahara now uses OpenStack Networking if the parameter 'CONFIG_NEUTRON_INSTALL is set to 'y'. (BZ#1199047) * Prior to this update, users had to install the OpenStack Unified Client separately after an installation of Packstack. Packstack now installs it by default. (BZ#1199114) * This enhancement updates Packstack to retain temporary directories when running an installation in debug mode. This assists with troubleshooting activities. As a result, temporary directories are not deleted when running Packstack with the --debug command line option. (BZ#1199565) * Prior to this update, some validators did not use 'validate_not_empty' to ensure that certain parameters contained values. As a result, a number of internal validations could not be properly handled, leading to the possibility of unexpected errors. This update fixes validators to use validate_not_empty when required, resulting in correct validation behavior from validators. (BZ#11995889) In addition to the above issues, this update also addresses bugs and enhancements which can be found in the Red Hat Enterprise Linux OpenStack Platform Technical Notes, linked to in the References section. All openstack-packstack and openstack-puppet-modules users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1117277 - Test Packstack/RHEL OSP on RHEL 7 nodes where Network Manager is NOT disabled 1123117 - Deploy Keystone in Apache httpd 1171744 - Configure TCP keepalive setting via puppet-rabbitmq 1172305 - [RFE] Support Keystone read-only LDAP configuration with domain-specific identity backends 1173930 - Horizon help url in RHEL-OSP6 points to the RHEL-OSP5 documentation 1187343 - Packstack does not install Ironic with CONFIG_IRONIC_INSTALL flag set to "y" 1187706 - problems with puppet-keystone LDAP support 1193889 - puppet restart neutron server every 30 minutes on evironments deployed by staypuft 1195252 - [keystone] - selinux denial 1195258 - Packstack doesn't set firewall so vxlan traffic can be received in multinode setup 1199047 - The value of use_neutron is set to false (instead of true) when neutron is used. 1199072 - packstack does not set ironic password 1199076 - glance_image provider doesn't respect custom region name 1199085 - RHOS backport RDO fix for packstack error: Error: sysctl -p /etc/sysctl.conf returned 255 instead of one of 1199114 - add openstack unified client 1199423 - Use flake8 and hacking instead of pep8 for Python syntax checks 1199427 - Cherrypick documentation fixes from RDO 1199519 - Packstack install AMQP with SSL, fails to start rabbitmq service 1199547 - Install rhos-log-collector only on RHEL systems 1199549 - Backport packstack RDO fixes for rebased modules 1199562 - RFE: Allow command-line options with --gen-answer-file 1199565 - Do not delete temporary directories after a failed installation in debug mode 1199589 - Cherry pick internal Packstack enhancements from RDO 1199677 - Update OSP OPM to the latest RDO package 1201875 - CVE-2015-1842 openstack-puppet-modules: pacemaker configured with default password 1202107 - packstack --help throws a traceback at the end of the output 1204482 - nova-novncproxy fails with ValidationError: Origin header protocol does not match this host 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-packstack-2014.2-0.20.dev1467.g70c9655.el7ost.src.rpm openstack-puppet-modules-2014.2.13-2.el7ost.src.rpm noarch: openstack-packstack-2014.2-0.20.dev1467.g70c9655.el7ost.noarch.rpm openstack-packstack-doc-2014.2-0.20.dev1467.g70c9655.el7ost.noarch.rpm openstack-packstack-puppet-2014.2-0.20.dev1467.g70c9655.el7ost.noarch.rpm openstack-puppet-modules-2014.2.13-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1842 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJIwIXlSAg2UNWIIRAsCcAJwJJgMiSeZR4LcGJojRRw3ZPGQGzACgngwB Pv0MBb8SUgDiiKc/3zJ1Uo4= =bo/b -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 8 02:11:29 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 8 Apr 2015 02:11:29 +0000 Subject: [RHSA-2015:0788-01] Moderate: novnc security update Message-ID: <201504080211.t382BUiT023097@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0788-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0788.html Issue date: 2015-04-07 CVE Names: CVE-2013-7436 ===================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: novnc-0.5.1-2.el7ost.src.rpm noarch: novnc-0.5.1-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJI3cXlSAg2UNWIIRAqYjAJ4gb8sjUQzR7Rq9LhUjZkALJPQcnACfRvSo QPrncxcGiuzdNMnnlt8T1Bo= =166I -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 9 05:13:18 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 9 Apr 2015 05:13:18 +0000 Subject: [RHSA-2015:0794-01] Moderate: krb5 security update Message-ID: <201504090513.t395DJPR005160@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2015:0794-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0794.html Issue date: 2015-04-09 CVE Names: CVE-2014-5352 CVE-2014-5353 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. (CVE-2014-5355) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) Red Hat would like to thank the MIT Kerberos project for reporting CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project acknowledges Nico Williams for assisting with the analysis of CVE-2014-5352. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name 1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001) 1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001) 1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001) 1193939 - CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: krb5-1.10.3-37.el6_6.src.rpm i386: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-libs-1.10.3-37.el6_6.i686.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm krb5-workstation-1.10.3-37.el6_6.i686.rpm x86_64: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-debuginfo-1.10.3-37.el6_6.x86_64.rpm krb5-libs-1.10.3-37.el6_6.i686.rpm krb5-libs-1.10.3-37.el6_6.x86_64.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm krb5-workstation-1.10.3-37.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-devel-1.10.3-37.el6_6.i686.rpm krb5-server-1.10.3-37.el6_6.i686.rpm krb5-server-ldap-1.10.3-37.el6_6.i686.rpm x86_64: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-debuginfo-1.10.3-37.el6_6.x86_64.rpm krb5-devel-1.10.3-37.el6_6.i686.rpm krb5-devel-1.10.3-37.el6_6.x86_64.rpm krb5-server-1.10.3-37.el6_6.x86_64.rpm krb5-server-ldap-1.10.3-37.el6_6.i686.rpm krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: krb5-1.10.3-37.el6_6.src.rpm x86_64: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-debuginfo-1.10.3-37.el6_6.x86_64.rpm krb5-libs-1.10.3-37.el6_6.i686.rpm krb5-libs-1.10.3-37.el6_6.x86_64.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm krb5-workstation-1.10.3-37.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-debuginfo-1.10.3-37.el6_6.x86_64.rpm krb5-devel-1.10.3-37.el6_6.i686.rpm krb5-devel-1.10.3-37.el6_6.x86_64.rpm krb5-server-1.10.3-37.el6_6.x86_64.rpm krb5-server-ldap-1.10.3-37.el6_6.i686.rpm krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: krb5-1.10.3-37.el6_6.src.rpm i386: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-devel-1.10.3-37.el6_6.i686.rpm krb5-libs-1.10.3-37.el6_6.i686.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm krb5-server-1.10.3-37.el6_6.i686.rpm krb5-server-ldap-1.10.3-37.el6_6.i686.rpm krb5-workstation-1.10.3-37.el6_6.i686.rpm ppc64: krb5-debuginfo-1.10.3-37.el6_6.ppc.rpm krb5-debuginfo-1.10.3-37.el6_6.ppc64.rpm krb5-devel-1.10.3-37.el6_6.ppc.rpm krb5-devel-1.10.3-37.el6_6.ppc64.rpm krb5-libs-1.10.3-37.el6_6.ppc.rpm krb5-libs-1.10.3-37.el6_6.ppc64.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.ppc64.rpm krb5-server-1.10.3-37.el6_6.ppc64.rpm krb5-server-ldap-1.10.3-37.el6_6.ppc.rpm krb5-server-ldap-1.10.3-37.el6_6.ppc64.rpm krb5-workstation-1.10.3-37.el6_6.ppc64.rpm s390x: krb5-debuginfo-1.10.3-37.el6_6.s390.rpm krb5-debuginfo-1.10.3-37.el6_6.s390x.rpm krb5-devel-1.10.3-37.el6_6.s390.rpm krb5-devel-1.10.3-37.el6_6.s390x.rpm krb5-libs-1.10.3-37.el6_6.s390.rpm krb5-libs-1.10.3-37.el6_6.s390x.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.s390x.rpm krb5-server-1.10.3-37.el6_6.s390x.rpm krb5-server-ldap-1.10.3-37.el6_6.s390.rpm krb5-server-ldap-1.10.3-37.el6_6.s390x.rpm krb5-workstation-1.10.3-37.el6_6.s390x.rpm x86_64: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-debuginfo-1.10.3-37.el6_6.x86_64.rpm krb5-devel-1.10.3-37.el6_6.i686.rpm krb5-devel-1.10.3-37.el6_6.x86_64.rpm krb5-libs-1.10.3-37.el6_6.i686.rpm krb5-libs-1.10.3-37.el6_6.x86_64.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm krb5-server-1.10.3-37.el6_6.x86_64.rpm krb5-server-ldap-1.10.3-37.el6_6.i686.rpm krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm krb5-workstation-1.10.3-37.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: krb5-1.10.3-37.el6_6.src.rpm i386: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-devel-1.10.3-37.el6_6.i686.rpm krb5-libs-1.10.3-37.el6_6.i686.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm krb5-server-1.10.3-37.el6_6.i686.rpm krb5-server-ldap-1.10.3-37.el6_6.i686.rpm krb5-workstation-1.10.3-37.el6_6.i686.rpm x86_64: krb5-debuginfo-1.10.3-37.el6_6.i686.rpm krb5-debuginfo-1.10.3-37.el6_6.x86_64.rpm krb5-devel-1.10.3-37.el6_6.i686.rpm krb5-devel-1.10.3-37.el6_6.x86_64.rpm krb5-libs-1.10.3-37.el6_6.i686.rpm krb5-libs-1.10.3-37.el6_6.x86_64.rpm krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm krb5-server-1.10.3-37.el6_6.x86_64.rpm krb5-server-ldap-1.10.3-37.el6_6.i686.rpm krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm krb5-workstation-1.10.3-37.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-5352 https://access.redhat.com/security/cve/CVE-2014-5353 https://access.redhat.com/security/cve/CVE-2014-5355 https://access.redhat.com/security/cve/CVE-2014-9421 https://access.redhat.com/security/cve/CVE-2014-9422 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJgpoXlSAg2UNWIIRAnT5AKCBCQt2KyA8O/YfHB9Nqr8pAljqGgCghHdO AI8Ls1UYpkK6YMkE+jfyw+M= =MmEH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 9 23:02:04 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 9 Apr 2015 23:02:04 +0000 Subject: [RHSA-2015:0795-01] Important: qemu-kvm-rhev security update Message-ID: <201504092302.t39N25W0025148@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2015:0795-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0795.html Issue date: 2015-04-09 CVE Names: CVE-2014-8106 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. (CVE-2014-8106) This issue was discovered by Paolo Bonzini of Red Hat. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169454 - CVE-2014-8106 qemu: cirrus: insufficient blit region checks 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: qemu-kvm-rhev-2.1.2-23.el7.src.rpm x86_64: libcacard-devel-rhev-2.1.2-23.el7.x86_64.rpm libcacard-rhev-2.1.2-23.el7.x86_64.rpm libcacard-tools-rhev-2.1.2-23.el7.x86_64.rpm qemu-img-rhev-2.1.2-23.el7.x86_64.rpm qemu-kvm-common-rhev-2.1.2-23.el7.x86_64.rpm qemu-kvm-rhev-2.1.2-23.el7.x86_64.rpm qemu-kvm-rhev-debuginfo-2.1.2-23.el7.x86_64.rpm qemu-kvm-tools-rhev-2.1.2-23.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8106 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJwTlXlSAg2UNWIIRAipjAKC3bKtp3PEmBxKTu7zKu5GNNHaEWACgl2Ds 9SnvZWJnjMthWZkJTfl3q7A= =H++c -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 10 06:16:05 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 10 Apr 2015 06:16:05 +0000 Subject: [RHSA-2015:0797-01] Moderate: xorg-x11-server security update Message-ID: <201504100616.t3A6G63a024577@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xorg-x11-server security update Advisory ID: RHSA-2015:0797-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0797.html Issue date: 2015-04-10 CVE Names: CVE-2015-0255 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1189062 - CVE-2015-0255 xorg-x11-server: information leak in the XkbSetGeometry request of X servers 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: xorg-x11-server-1.15.0-26.el6_6.src.rpm i386: xorg-x11-server-Xephyr-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.i686.rpm xorg-x11-server-common-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: xorg-x11-server-Xdmx-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm noarch: xorg-x11-server-source-1.15.0-26.el6_6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: xorg-x11-server-1.15.0-26.el6_6.src.rpm noarch: xorg-x11-server-source-1.15.0-26.el6_6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xephyr-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: xorg-x11-server-1.15.0-26.el6_6.src.rpm i386: xorg-x11-server-Xephyr-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.i686.rpm xorg-x11-server-common-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm ppc64: xorg-x11-server-Xephyr-1.15.0-26.el6_6.ppc64.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.ppc64.rpm xorg-x11-server-common-1.15.0-26.el6_6.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.15.0-26.el6_6.s390x.rpm xorg-x11-server-common-1.15.0-26.el6_6.s390x.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: xorg-x11-server-Xdmx-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm noarch: xorg-x11-server-source-1.15.0-26.el6_6.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.15.0-26.el6_6.ppc64.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.ppc64.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.ppc.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.ppc64.rpm xorg-x11-server-devel-1.15.0-26.el6_6.ppc.rpm xorg-x11-server-devel-1.15.0-26.el6_6.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.15.0-26.el6_6.s390x.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.s390x.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.s390x.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: xorg-x11-server-1.15.0-26.el6_6.src.rpm i386: xorg-x11-server-Xephyr-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.i686.rpm xorg-x11-server-common-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: xorg-x11-server-Xdmx-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm noarch: xorg-x11-server-source-1.15.0-26.el6_6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: xorg-x11-server-1.15.0-33.el7_1.src.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xorg-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-common-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: xorg-x11-server-source-1.15.0-33.el7_1.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xnest-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.i686.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-devel-1.15.0-33.el7_1.i686.rpm xorg-x11-server-devel-1.15.0-33.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xorg-x11-server-1.15.0-33.el7_1.src.rpm noarch: xorg-x11-server-source-1.15.0-33.el7_1.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xephyr-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xnest-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xorg-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-common-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.i686.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-devel-1.15.0-33.el7_1.i686.rpm xorg-x11-server-devel-1.15.0-33.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: xorg-x11-server-1.15.0-33.el7_1.src.rpm ppc64: xorg-x11-server-Xephyr-1.15.0-33.el7_1.ppc64.rpm xorg-x11-server-Xorg-1.15.0-33.el7_1.ppc64.rpm xorg-x11-server-common-1.15.0-33.el7_1.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.15.0-33.el7_1.s390x.rpm xorg-x11-server-common-1.15.0-33.el7_1.s390x.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xorg-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-common-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: xorg-x11-server-1.15.0-33.ael7b_1.src.rpm ppc64le: xorg-x11-server-Xephyr-1.15.0-33.ael7b_1.ppc64le.rpm xorg-x11-server-Xorg-1.15.0-33.ael7b_1.ppc64le.rpm xorg-x11-server-common-1.15.0-33.ael7b_1.ppc64le.rpm xorg-x11-server-debuginfo-1.15.0-33.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: xorg-x11-server-source-1.15.0-33.el7_1.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.15.0-33.el7_1.ppc64.rpm xorg-x11-server-Xnest-1.15.0-33.el7_1.ppc64.rpm xorg-x11-server-Xvfb-1.15.0-33.el7_1.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.ppc.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.ppc64.rpm xorg-x11-server-devel-1.15.0-33.el7_1.ppc.rpm xorg-x11-server-devel-1.15.0-33.el7_1.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.15.0-33.el7_1.s390x.rpm xorg-x11-server-Xnest-1.15.0-33.el7_1.s390x.rpm xorg-x11-server-Xvfb-1.15.0-33.el7_1.s390x.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xnest-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.i686.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-devel-1.15.0-33.el7_1.i686.rpm xorg-x11-server-devel-1.15.0-33.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: xorg-x11-server-source-1.15.0-33.ael7b_1.noarch.rpm ppc64le: xorg-x11-server-Xdmx-1.15.0-33.ael7b_1.ppc64le.rpm xorg-x11-server-Xnest-1.15.0-33.ael7b_1.ppc64le.rpm xorg-x11-server-Xvfb-1.15.0-33.ael7b_1.ppc64le.rpm xorg-x11-server-debuginfo-1.15.0-33.ael7b_1.ppc64le.rpm xorg-x11-server-devel-1.15.0-33.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: xorg-x11-server-1.15.0-33.el7_1.src.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xorg-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-common-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: xorg-x11-server-source-1.15.0-33.el7_1.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xnest-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.i686.rpm xorg-x11-server-debuginfo-1.15.0-33.el7_1.x86_64.rpm xorg-x11-server-devel-1.15.0-33.el7_1.i686.rpm xorg-x11-server-devel-1.15.0-33.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0255 https://access.redhat.com/security/updates/classification/#moderate http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJ2paXlSAg2UNWIIRAsnHAKDE4vIxbqtxNAEZ1WcCMqdvAaSPdgCeJdu/ /Mx61KJLnaslsGDB2kbYnLA= =aYLQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 13 12:00:20 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Apr 2015 12:00:20 +0000 Subject: [RHSA-2015:0800-01] Moderate: openssl security update Message-ID: <201504131200.t3DC0KEL009090@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0800-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0800.html Issue date: 2015-04-13 CVE Names: CVE-2014-8275 CVE-2015-0204 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289) Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Emilia K?sper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia K?sper of the OpenSSL development team as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1202380 - CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption 1202384 - CVE-2015-0289 openssl: PKCS7 NULL pointer dereference 1202395 - CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding 1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1202418 - CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: openssl-0.9.8e-33.el5_11.src.rpm i386: openssl-0.9.8e-33.el5_11.i386.rpm openssl-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-perl-0.9.8e-33.el5_11.i386.rpm x86_64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-perl-0.9.8e-33.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: openssl-0.9.8e-33.el5_11.src.rpm i386: openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm x86_64: openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: openssl-0.9.8e-33.el5_11.src.rpm i386: openssl-0.9.8e-33.el5_11.i386.rpm openssl-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-perl-0.9.8e-33.el5_11.i386.rpm ia64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.ia64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.ia64.rpm openssl-devel-0.9.8e-33.el5_11.ia64.rpm openssl-perl-0.9.8e-33.el5_11.ia64.rpm ppc: openssl-0.9.8e-33.el5_11.ppc.rpm openssl-0.9.8e-33.el5_11.ppc64.rpm openssl-debuginfo-0.9.8e-33.el5_11.ppc.rpm openssl-debuginfo-0.9.8e-33.el5_11.ppc64.rpm openssl-devel-0.9.8e-33.el5_11.ppc.rpm openssl-devel-0.9.8e-33.el5_11.ppc64.rpm openssl-perl-0.9.8e-33.el5_11.ppc.rpm s390x: openssl-0.9.8e-33.el5_11.s390.rpm openssl-0.9.8e-33.el5_11.s390x.rpm openssl-debuginfo-0.9.8e-33.el5_11.s390.rpm openssl-debuginfo-0.9.8e-33.el5_11.s390x.rpm openssl-devel-0.9.8e-33.el5_11.s390.rpm openssl-devel-0.9.8e-33.el5_11.s390x.rpm openssl-perl-0.9.8e-33.el5_11.s390x.rpm x86_64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.x86_64.rpm openssl-perl-0.9.8e-33.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0287 https://access.redhat.com/security/cve/CVE-2015-0288 https://access.redhat.com/security/cve/CVE-2015-0289 https://access.redhat.com/security/cve/CVE-2015-0292 https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt https://www.openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVK6+gXlSAg2UNWIIRAoSlAJ0UGwyEUVUDOKBoGDKJRsDtDdmxSwCgvH9a M4Bxjq//ZXaJCcyFFc1l5A4= =rctB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 14 13:04:32 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Apr 2015 13:04:32 +0000 Subject: [RHSA-2015:0803-01] Important: kernel security and bug fix update Message-ID: <201504141304.t3ED4WSH018334@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0803-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0803.html Issue date: 2015-04-14 CVE Names: CVE-2013-2596 CVE-2014-5471 CVE-2014-5472 CVE-2014-8159 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue. This update also fixes the following bugs: * The kernel could sometimes panic due to a possible division by zero in the kernel scheduler. This bug has been fixed by defining a new div64_ul() division function and correcting the affected calculation in the proc_sched_show_task() function. (BZ#1199898) * When repeating a Coordinated Universal Time (UTC) value during a leap second (when the UTC time should be 23:59:60), the International Atomic Time (TAI) timescale previously stopped as the kernel NTP code incremented the TAI offset one second too late. A patch has been provided, which fixes the bug by incrementing the offset during the leap second itself. Now, the correct TAI is set during the leap second. (BZ#1201672) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1034490 - CVE-2013-2596 kernel: integer overflow in fb_mmap 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories 1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.59.1.el6.src.rpm i386: kernel-2.6.32-358.59.1.el6.i686.rpm kernel-debug-2.6.32-358.59.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.59.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.59.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.59.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.59.1.el6.i686.rpm kernel-devel-2.6.32-358.59.1.el6.i686.rpm kernel-headers-2.6.32-358.59.1.el6.i686.rpm perf-2.6.32-358.59.1.el6.i686.rpm perf-debuginfo-2.6.32-358.59.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.59.1.el6.noarch.rpm kernel-firmware-2.6.32-358.59.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.59.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.59.1.el6.ppc64.rpm kernel-debug-2.6.32-358.59.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.59.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.59.1.el6.ppc64.rpm kernel-devel-2.6.32-358.59.1.el6.ppc64.rpm kernel-headers-2.6.32-358.59.1.el6.ppc64.rpm perf-2.6.32-358.59.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.59.1.el6.s390x.rpm kernel-debug-2.6.32-358.59.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.59.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.59.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.59.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.59.1.el6.s390x.rpm kernel-devel-2.6.32-358.59.1.el6.s390x.rpm kernel-headers-2.6.32-358.59.1.el6.s390x.rpm kernel-kdump-2.6.32-358.59.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.59.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.59.1.el6.s390x.rpm perf-2.6.32-358.59.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.59.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.59.1.el6.x86_64.rpm kernel-debug-2.6.32-358.59.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.59.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.59.1.el6.x86_64.rpm kernel-devel-2.6.32-358.59.1.el6.x86_64.rpm kernel-headers-2.6.32-358.59.1.el6.x86_64.rpm perf-2.6.32-358.59.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.59.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.59.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.59.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.59.1.el6.i686.rpm perf-debuginfo-2.6.32-358.59.1.el6.i686.rpm python-perf-2.6.32-358.59.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.59.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm python-perf-2.6.32-358.59.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.59.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.59.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.59.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.59.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.59.1.el6.s390x.rpm python-perf-2.6.32-358.59.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.59.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm python-perf-2.6.32-358.59.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.59.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2596 https://access.redhat.com/security/cve/CVE-2014-5471 https://access.redhat.com/security/cve/CVE-2014-5472 https://access.redhat.com/security/cve/CVE-2014-8159 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVLRBVXlSAg2UNWIIRAiVzAJ9oSk/OQV4sVYthXHoALRjlGAHnDACgt1ho cQvYpw1ezsPe8xXt/c/zQcc= =4t9L -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 15 13:15:12 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Apr 2015 13:15:12 +0000 Subject: [RHSA-2015:0813-01] Critical: flash-plugin security update Message-ID: <201504151315.t3FDFDOo013610@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:0813-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0813.html Issue date: 2015-04-15 CVE Names: CVE-2015-0346 CVE-2015-0347 CVE-2015-0348 CVE-2015-0349 CVE-2015-0350 CVE-2015-0351 CVE-2015-0352 CVE-2015-0353 CVE-2015-0354 CVE-2015-0355 CVE-2015-0356 CVE-2015-0357 CVE-2015-0358 CVE-2015-0359 CVE-2015-0360 CVE-2015-3038 CVE-2015-3039 CVE-2015-3040 CVE-2015-3041 CVE-2015-3042 CVE-2015-3043 CVE-2015-3044 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-06 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043) A security bypass flaw was found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2015-3044) Two memory information leak flaws were found in flash-plugin that could allow an attacker to potentially bypass ASLR (Address Space Layout Randomization) protection, and make it easier to exploit other flaws. (CVE-2015-0357, CVE-2015-3040) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.457. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1211869 - flash-plugin: multiple code execution issues fixed in APSB15-06 1211894 - CVE-2015-3044 flash-plugin: security bypass leading to information disclosure (APSB15-06) 1211898 - CVE-2015-0357 CVE-2015-3040 flash-plugin: information leaks leading to ASLR bypass (APSB15-06) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.457-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.457-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.457-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.457-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.457-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.457-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.457-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.457-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.457-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.457-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0346 https://access.redhat.com/security/cve/CVE-2015-0347 https://access.redhat.com/security/cve/CVE-2015-0348 https://access.redhat.com/security/cve/CVE-2015-0349 https://access.redhat.com/security/cve/CVE-2015-0350 https://access.redhat.com/security/cve/CVE-2015-0351 https://access.redhat.com/security/cve/CVE-2015-0352 https://access.redhat.com/security/cve/CVE-2015-0353 https://access.redhat.com/security/cve/CVE-2015-0354 https://access.redhat.com/security/cve/CVE-2015-0355 https://access.redhat.com/security/cve/CVE-2015-0356 https://access.redhat.com/security/cve/CVE-2015-0357 https://access.redhat.com/security/cve/CVE-2015-0358 https://access.redhat.com/security/cve/CVE-2015-0359 https://access.redhat.com/security/cve/CVE-2015-0360 https://access.redhat.com/security/cve/CVE-2015-3038 https://access.redhat.com/security/cve/CVE-2015-3039 https://access.redhat.com/security/cve/CVE-2015-3040 https://access.redhat.com/security/cve/CVE-2015-3041 https://access.redhat.com/security/cve/CVE-2015-3042 https://access.redhat.com/security/cve/CVE-2015-3043 https://access.redhat.com/security/cve/CVE-2015-3044 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-06.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVLmOuXlSAg2UNWIIRAhCpAKCQYartNTxOyN7YneEoLHmonLVYxwCeJeZL 9gBkw1TFVgaSAtPj0Xh+ubg= =LVW2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 15 18:15:33 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Apr 2015 18:15:33 +0000 Subject: [RHSA-2015:0806-01] Critical: java-1.7.0-openjdk security update Message-ID: <201504151815.t3FIFXpb000794@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:0806-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0806.html Issue date: 2015-04-14 CVE Names: CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.src.rpm i386: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.src.rpm i386: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.src.rpm i386: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm s390x: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.ael7b_1.src.rpm ppc64le: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.ppc64.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.s390x.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.ael7b_1.noarch.rpm ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.el7_1.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVLqqTXlSAg2UNWIIRAsHgAKCTg6Gj8hBdbPz07pExS+KjKvKHYwCgqePX iDpVdpzqV/qItN9MLds7TmQ= =N9uU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 15 18:16:24 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Apr 2015 18:16:24 +0000 Subject: [RHSA-2015:0807-01] Important: java-1.7.0-openjdk security update Message-ID: <201504151816.t3FIGP3u028179@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:0807-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0807.html Issue date: 2015-04-14 CVE Names: CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.79-2.5.5.2.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVLqrgXlSAg2UNWIIRAlE6AKCvJnwx1JrfAjTvL7XSKD0rFTVMCQCfblXO 0cwC0elfx8YHu+fYuXXZYDY= =50o5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 15 18:19:11 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Apr 2015 18:19:11 +0000 Subject: [RHSA-2015:0808-01] Important: java-1.6.0-openjdk security update Message-ID: <201504151819.t3FIJCdf007905@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2015:0808-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0808.html Issue date: 2015-04-14 CVE Names: CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.s390x.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVLqtjXlSAg2UNWIIRAoUrAKCcYz2nidoCl7sk0SbMNk++1Kga5gCcDndT 6u616AEvbdHjE16eCkpWMQ0= =7vhz -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 15 18:21:45 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Apr 2015 18:21:45 +0000 Subject: [RHSA-2015:0809-01] Important: java-1.8.0-openjdk security update Message-ID: <201504151821.t3FILju8031392@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2015:0809-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0809.html Issue date: 2015-04-14 CVE Names: CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 ===================================================================== 1. Summary: Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211387 - CVE-2015-0470 OpenJDK: incorrect handling of default methods (Hotspot, 8065366) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm i386: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm i386: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.src.rpm i386: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.i686.rpm java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-28.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-28.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-28.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.ppc64.rpm s390x: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.45-30.b13.ael7b_1.src.rpm ppc64le: java-1.8.0-openjdk-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.ppc64.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.s390x.rpm java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.ael7b_1.noarch.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.45-30.b13.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.45-30.b13.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.el7_1.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.45-30.b13.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.45-30.b13.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0470 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVLqwcXlSAg2UNWIIRAoYsAJ4zmd6xNnpSBDrV0A+rXRbqq7jz8gCfd9cE q2uTi/nCA58+RY+m2+oAAR0= =tBP+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 08:38:18 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 08:38:18 +0000 Subject: [RHSA-2015:0816-01] Important: chromium-browser security update Message-ID: <201504160838.t3G8cIRo008376@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2015:0816-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0816.html Issue date: 2015-04-16 CVE Names: CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium.(CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249) All Chromium users should upgrade to these updated packages, which contain Chromium version 42.0.2311.90, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1211919 - CVE-2015-1235 chromium-browser: Cross-origin-bypass in HTML parser 1211920 - CVE-2015-1236 chromium-browser: Cross-origin-bypass in Blink 1211921 - CVE-2015-1237 chromium-browser: Use-after-free in IPC 1211922 - CVE-2015-1238 chromium-browser: Out-of-bounds write in Skia 1211923 - CVE-2015-1240 chromium-browser: Out-of-bounds read in WebGL 1211924 - CVE-2015-1241 chromium-browser: tap-jacking vulnerability 1211925 - CVE-2015-1242 chromium-browser: Type confusion in V8 1211926 - CVE-2015-1244 chromium-browser: HSTS bypass in WebSockets 1211927 - CVE-2015-1245 chromium-browser: Use-after-free in PDFium 1211928 - CVE-2015-1246 chromium-browser: Out-of-bounds read in Blink 1211929 - CVE-2015-1247 chromium-browser: Scheme issues in OpenSearch 1211930 - CVE-2015-1248 chromium-browser: SafeBrowsing bypass 1211932 - CVE-2015-1249 chromium-browser: Various fixes from internal audits, fuzzing and other initiatives 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-42.0.2311.90-1.el6_6.src.rpm i386: chromium-browser-42.0.2311.90-1.el6_6.i686.rpm chromium-browser-debuginfo-42.0.2311.90-1.el6_6.i686.rpm x86_64: chromium-browser-42.0.2311.90-1.el6_6.x86_64.rpm chromium-browser-debuginfo-42.0.2311.90-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-42.0.2311.90-1.el6_6.src.rpm i386: chromium-browser-42.0.2311.90-1.el6_6.i686.rpm chromium-browser-debuginfo-42.0.2311.90-1.el6_6.i686.rpm x86_64: chromium-browser-42.0.2311.90-1.el6_6.x86_64.rpm chromium-browser-debuginfo-42.0.2311.90-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-42.0.2311.90-1.el6_6.src.rpm i386: chromium-browser-42.0.2311.90-1.el6_6.i686.rpm chromium-browser-debuginfo-42.0.2311.90-1.el6_6.i686.rpm x86_64: chromium-browser-42.0.2311.90-1.el6_6.x86_64.rpm chromium-browser-debuginfo-42.0.2311.90-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1235 https://access.redhat.com/security/cve/CVE-2015-1236 https://access.redhat.com/security/cve/CVE-2015-1237 https://access.redhat.com/security/cve/CVE-2015-1238 https://access.redhat.com/security/cve/CVE-2015-1240 https://access.redhat.com/security/cve/CVE-2015-1241 https://access.redhat.com/security/cve/CVE-2015-1242 https://access.redhat.com/security/cve/CVE-2015-1244 https://access.redhat.com/security/cve/CVE-2015-1245 https://access.redhat.com/security/cve/CVE-2015-1246 https://access.redhat.com/security/cve/CVE-2015-1247 https://access.redhat.com/security/cve/CVE-2015-1248 https://access.redhat.com/security/cve/CVE-2015-1249 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVL3TQXlSAg2UNWIIRAupuAJ9B5ESCib2H7jIEPANLl9sEsyha1ACfXvF4 a2Neik8+xn/tddf2JDHeK5I= =78zU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:54:02 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:54:02 +0000 Subject: [RHSA-2015:0830-01] Important: openstack-foreman-installer security update Message-ID: <201504161854.t3GIs34T012705@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-foreman-installer security update Advisory ID: RHSA-2015:0830-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0830.html Issue date: 2015-04-16 CVE Names: CVE-2015-1842 ===================================================================== 1. Summary: Updated Red Hat Enterprise Linux OpenStack Platform Installer packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack Foreman - noarch, x86_64 3. Description: Red Hat Enterprise OpenStack Platform Installer is a deployment management tool. It provides a web user interface for managing the installation and configuration of remote systems. Deployment of changes is performed using Puppet. Additionally, Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Preboot Execution Environment (PXE), and Trivial File Transfer Protocol (TFTP) services can be provided. Controlling these services also enables provisioning of physical systems that do not yet have an operating system installed. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. (CVE-2015-1842) Note: This flaw only affects Red Hat Enterprise Linux OpenStack Platform installations deployed using the HA feature set. For additional information on addressing this flaw see: https://access.redhat.com/articles/1396123 This issue was discovered by Alessandro Vozza of Red Hat. The augeas package has been upgraded to version 1.0.0-7, which provides a number of bug fixes over the previous version. (BZ#1198236) This update also fixes the following bug: * A problem with cloned constraints for neutron caused RHEL OpenStack Platform deployments to fail. This update corrects the cloned constraints, and deployments are now successful. (BZ#1209628) All Red Hat Enterprise Linux OpenStack Platform Installer users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1198236 - Update augeas to match 6.6 z-stream 1201875 - CVE-2015-1842 openstack-puppet-modules: pacemaker configured with default password 1209628 - rubygem-staypuft: A4 RHOS5 deployment failed with: /usr/sbin/pcs constraint order start neutron-ovs-cleanup then start neutron-netns-cleanup returned 1 instead of one of [0] 6. Package List: OpenStack Foreman: Source: augeas-1.0.0-7.el6_6.1.src.rpm openstack-foreman-installer-2.0.34-1.el6ost.src.rpm openstack-puppet-modules-2014.1.2-1.el6ost.src.rpm rhel-osp-installer-0.4.7-2.el6ost.src.rpm ruby193-rubygem-staypuft-0.4.15-1.el6ost.src.rpm noarch: openstack-foreman-installer-2.0.34-1.el6ost.noarch.rpm openstack-puppet-modules-2014.1.2-1.el6ost.noarch.rpm rhel-osp-installer-0.4.7-2.el6ost.noarch.rpm ruby193-rubygem-staypuft-0.4.15-1.el6ost.noarch.rpm ruby193-rubygem-staypuft-doc-0.4.15-1.el6ost.noarch.rpm x86_64: augeas-1.0.0-7.el6_6.1.x86_64.rpm augeas-debuginfo-1.0.0-7.el6_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAUBXlSAg2UNWIIRAtpnAJ0RB6jwIPtPWg0bmqovOnAAlDDjWgCeNIIN KIougE5tJoMkMAIHcTEVBv0= =VVVn -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:54:40 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:54:40 +0000 Subject: [RHSA-2015:0831-01] Important: openstack-packstack and openstack-puppet-modules update Message-ID: <201504161854.t3GIsfQK012862@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-packstack and openstack-puppet-modules update Advisory ID: RHSA-2015:0831-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0831.html Issue date: 2015-04-16 CVE Names: CVE-2015-1842 ===================================================================== 1. Summary: Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and adds one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for deploying proof-of-concept installations. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. (CVE-2015-1842) This issue was discovered by Alessandro Vozza of Red Hat. This update also adds the following enhancement: * If OpenStack Networking (neutron) is enabled, Packstack now displays a warning if the Network Manager service is active on hosts. (BZ#1117115) All openstack-packstack and openstack-puppet-modules users are advised to upgrade to these updated packages, which corrects this issue and adds this enhancement. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat Enterprise Linux 7.1. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes (see References section) contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7, including which channels need to be enabled and disabled. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1066019 - Packstack parameter CONFIG_NEUTRON_L2_PLUGIN lacking usage examples in documentation 1117115 - packstack should warn installing openstack while NM is active 1120397 - [RFE]Disable file injection when using RBD as compute ephemeral storage 1141125 - swiftloopback vs swift_loopback in packstack python/puppet 1141615 - Keystone puppet module should set up PKI when UUID tokens are used 1147823 - Packstack SSL deployment, failed to start openstack-nova-compute returned 1 1153354 - packstack creates duplicate services/endpoints for cinder v2 1154024 - packstack: clear text password for heat 1174413 - neutron subnet-create error halts packstack installation 1201875 - CVE-2015-1842 openstack-puppet-modules: pacemaker configured with default password 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-packstack-2014.1.1-0.46.dev1280.el7ost.src.rpm openstack-puppet-modules-2014.1.2-1.el7ost.src.rpm noarch: openstack-packstack-2014.1.1-0.46.dev1280.el7ost.noarch.rpm openstack-packstack-doc-2014.1.1-0.46.dev1280.el7ost.noarch.rpm openstack-packstack-puppet-2014.1.1-0.46.dev1280.el7ost.noarch.rpm openstack-puppet-modules-2014.1.2-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1842 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAVeXlSAg2UNWIIRAl6yAJ9aWI8OXqmIiRDac7+9Cvbs1y8wFwCdFhbe ulwbcIX2C68yJtg/cSnYXKc= =PcgD -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:55:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:55:28 +0000 Subject: [RHSA-2015:0832-01] Important: openstack-packstack and openstack-puppet-modules update Message-ID: <201504161855.t3GItTAg002409@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-packstack and openstack-puppet-modules update Advisory ID: RHSA-2015:0832-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0832.html Issue date: 2015-04-16 CVE Names: CVE-2015-1842 ===================================================================== 1. Summary: Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and adds one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for deploying proof-of-concept installations. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. (CVE-2015-1842) This issue was discovered by Alessandro Vozza of Red Hat. This update also adds the following enhancement: * If OpenStack Networking (neutron) is enabled, Packstack now displays a warning if the Network Manager service is active on hosts. (BZ#1117115) All openstack-packstack and openstack-puppet-modules users are advised to upgrade to these updated packages, which correct these issues and add this enhancement. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 runs on Red Hat Enterprise Linux 6.6. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 Release Notes (see References section) contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6, including which channels need to be enabled and disabled. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1130589 - packstack should warn installing openstack while NM is active 1201875 - CVE-2015-1842 openstack-puppet-modules: pacemaker configured with default password 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-packstack-2014.1.1-0.46.dev1280.el6ost.src.rpm openstack-puppet-modules-2014.1.2-1.el6ost.src.rpm noarch: openstack-packstack-2014.1.1-0.46.dev1280.el6ost.noarch.rpm openstack-packstack-doc-2014.1.1-0.46.dev1280.el6ost.noarch.rpm openstack-packstack-puppet-2014.1.1-0.46.dev1280.el6ost.noarch.rpm openstack-puppet-modules-2014.1.2-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1842 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAV/XlSAg2UNWIIRAiQAAJ0YYDw1IJoflYpnQV+tBn+y19eAIwCgsTRE VbV2g58cB5RAN8q5FU5kAS4= =JNeJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:55:59 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:55:59 +0000 Subject: [RHSA-2015:0833-01] Moderate: novnc security update Message-ID: <201504161856.t3GIu0Ma017769@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0833-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0833.html Issue date: 2015-04-16 CVE Names: CVE-2013-7436 ===================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: novnc-0.5.1-2.el6ost.src.rpm noarch: novnc-0.5.1-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAWwXlSAg2UNWIIRAlKsAKDBWfxXe7P5ORafmSp5Ad2qL1KghgCfU92q YePvdBmgf+Dc1Pd9Hha2KHI= =+7AK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:56:36 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:56:36 +0000 Subject: [RHSA-2015:0834-01] Moderate: novnc security update Message-ID: <201504161856.t3GIuaBB017999@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0834-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0834.html Issue date: 2015-04-16 CVE Names: CVE-2013-7436 ===================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: novnc-0.5.1-2.el7ost.src.rpm noarch: novnc-0.5.1-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAXNXlSAg2UNWIIRAr5KAJ48FgZ2gWOrbJUIQviOWADAPkI/JACeN2Ne DBorCKYr178gOEVqr5ECpWA= =K8hN -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:57:13 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:57:13 +0000 Subject: [RHSA-2015:0835-01] Moderate: openstack-swift security update Message-ID: <201504161857.t3GIvDpB018292@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2015:0835-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0835.html Issue date: 2015-04-16 CVE Names: CVE-2014-7960 ===================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in the metadata constraints in OpenStack Object Storage (swift). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration. (CVE-2014-7960) All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat Enterprise Linux 7.1. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7, including which channels need to be enabled and disabled. The Release Notes are linked to in the References section. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1150461 - CVE-2014-7960 openstack-swift: Swift metadata constraints are not correctly enforced 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-swift-1.13.1-4.el7ost.src.rpm noarch: openstack-swift-1.13.1-4.el7ost.noarch.rpm openstack-swift-account-1.13.1-4.el7ost.noarch.rpm openstack-swift-container-1.13.1-4.el7ost.noarch.rpm openstack-swift-doc-1.13.1-4.el7ost.noarch.rpm openstack-swift-object-1.13.1-4.el7ost.noarch.rpm openstack-swift-proxy-1.13.1-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7960 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAX0XlSAg2UNWIIRAs8+AJ9HdGcfwEgJcDdzkA8IVIGnkN5OkgCeLowj 664UfkbTMnChHuLOwgQzb9k= =NIk1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:57:50 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:57:50 +0000 Subject: [RHSA-2015:0836-01] Moderate: openstack-swift security update Message-ID: <201504161857.t3GIvp4c024531@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2015:0836-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0836.html Issue date: 2015-04-16 CVE Names: CVE-2014-7960 ===================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in the metadata constraints in OpenStack Object Storage (swift). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration. (CVE-2014-7960) All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 runs on Red Hat Enterprise Linux 6.6. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6, including which channels need to be enabled and disabled. The Release Notes are linked to in the References section. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1150461 - CVE-2014-7960 openstack-swift: Swift metadata constraints are not correctly enforced 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-swift-1.13.1-4.el6ost.src.rpm noarch: openstack-swift-1.13.1-4.el6ost.noarch.rpm openstack-swift-account-1.13.1-4.el6ost.noarch.rpm openstack-swift-container-1.13.1-4.el6ost.noarch.rpm openstack-swift-doc-1.13.1-4.el6ost.noarch.rpm openstack-swift-object-1.13.1-4.el6ost.noarch.rpm openstack-swift-proxy-1.13.1-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7960 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAYZXlSAg2UNWIIRAsjSAJ9lkm7lg+J8EP49N4tOb5GFWTlU2wCgugre 3N+q43dlG9LsgfUqn0mJ/1c= =1Qbi -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 18:58:40 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 18:58:40 +0000 Subject: [RHSA-2015:0837-01] Low: openstack-glance security and bug fix update Message-ID: <201504161858.t3GIwfnh014855@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security and bug fix update Advisory ID: RHSA-2015:0837-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0837.html Issue date: 2015-04-16 CVE Names: CVE-2014-9623 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service. (CVE-2014-9623) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil of NTT as the original reporter. The openstack-glance packages have been upgraded to upstream version 2014.1.4, which provides a number of bug fixes over the previous version. (BZ#1203275) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat Enterprise Linux 7.1. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7, including which channels need to be enabled and disabled. The Release Notes are linked to in the References section. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183647 - CVE-2014-9623 openstack-glance: user storage quota bypass 1203275 - Rebase openstack-glance to 2014.1.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-glance-2014.1.4-1.el7ost.src.rpm noarch: openstack-glance-2014.1.4-1.el7ost.noarch.rpm openstack-glance-doc-2014.1.4-1.el7ost.noarch.rpm python-glance-2014.1.4-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9623 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAZJXlSAg2UNWIIRArDpAJ90oWPbo6OVYJmA7B38ewVZG/+DAQCglmK0 68ddoquHrwtw5LfKB7+Vz/s= =XRBv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 19:00:22 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 19:00:22 +0000 Subject: [RHSA-2015:0838-01] Low: openstack-glance security and bug fix update Message-ID: <201504161900.t3GJ0N1X015551@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security and bug fix update Advisory ID: RHSA-2015:0838-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0838.html Issue date: 2015-04-16 CVE Names: CVE-2014-9623 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service. (CVE-2014-9623) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil of NTT as the original reporter. The openstack-glance packages have been upgraded to upstream version 2014.1.4, which provides a number of bug fixes over the previous version. (BZ#1203227) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 runs on Red Hat Enterprise Linux 6.6. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6, including which channels need to be enabled and disabled. The Release Notes are linked to in the References section. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183647 - CVE-2014-9623 openstack-glance: user storage quota bypass 1203227 - Rebase openstack-glance to 2014.1.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-glance-2014.1.4-1.el6ost.src.rpm noarch: openstack-glance-2014.1.4-1.el6ost.noarch.rpm openstack-glance-doc-2014.1.4-1.el6ost.noarch.rpm python-glance-2014.1.4-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9623 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAa0XlSAg2UNWIIRAvaMAJ0UAbyZfs3vLzlmftkmLFflgDoyXACgiEkD pTEqmoFvqytnv4EaWVc4iUg= =gFrl -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 19:01:03 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 19:01:03 +0000 Subject: [RHSA-2015:0839-01] Moderate: python-django-horizon and python-django-openstack-auth update Message-ID: <201504161901.t3GJ14vL026259@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django-horizon and python-django-openstack-auth update Advisory ID: RHSA-2015:0839-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0839.html Issue date: 2015-04-16 CVE Names: CVE-2014-8124 ===================================================================== 1. Summary: Updated python-django-horizon and python-django-openstack-auth packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Dashboard (horizon) provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A denial of service flaw was found in the OpenStack Dashboard (horizon) when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service. (CVE-2014-8124) Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Eric Peterson from Time Warner Cable as the original reporter. The python-django-horizon packages have been upgraded to upstream version 2014.1.4, which provides a number of bug fixes over the previous version, including: * Default 'target={}' value leaks into subsequent 'policy.check()' calls. * Neutron subnet create tooltip has invalid HTML tags. * Memory reported improperly in admin dashboard. * The container dashboard does not handle unicode URL correctly. (BZ#1203281) This update also fixes the following bugs: * The option 'OPENSTACK_SSL_NO_VERIFY' is used to enable or disable checks for SSL certificate validity. Prior to this update, swift clients ignored this check. As a result, you could not use horizon with swift, and swift was accessed via a self signed certificate. With this update, the option is now handled properly and Horizon is able to use this endpoint while the 'OPENSTACK_SSL_NO_VERIFY' option is enabled. (BZ#1192517) * Previously, horizon.log was not truncated automatically, resulting in very large log files. With this update, files are now trimmed by logrotate, fixing this issue. (BZ#1112621) All OpenStack Dashboard users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat Enterprise Linux 7.1. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7, including which channels need to be enabled and disabled. The Release Notes are linked to in the References section. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1112621 - log file is not limited 1168575 - Horizon: Project Overview doesn't look good on Internet Explorer 1169637 - CVE-2014-8124 python-django-horizon: denial of service via login page requests 1192517 - Swift.py does not respect the OPENSTACK_SSL_NO_VERIFY setting for use with self signed certs 1203281 - Rebase python-django-horizon to 2014.1.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: python-django-horizon-2014.1.4-1.el7ost.src.rpm python-django-openstack-auth-1.1.5-4.el7ost.src.rpm noarch: openstack-dashboard-2014.1.4-1.el7ost.noarch.rpm openstack-dashboard-theme-2014.1.4-1.el7ost.noarch.rpm python-django-horizon-2014.1.4-1.el7ost.noarch.rpm python-django-horizon-doc-2014.1.4-1.el7ost.noarch.rpm python-django-openstack-auth-1.1.5-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8124 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAbeXlSAg2UNWIIRAqJ/AKClymy1i5BIId+MnUNDoAHQpx9v9gCgjPhN L2ikFI0yApsEmXDy4jhOm38= =wRHW -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 19:01:40 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 19:01:40 +0000 Subject: [RHSA-2015:0840-01] Important: redhat-access-plugin security update Message-ID: <201504161901.t3GJ1fm3026579@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: redhat-access-plugin security update Advisory ID: RHSA-2015:0840-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0840.html Issue date: 2015-04-16 CVE Names: CVE-2015-0271 ===================================================================== 1. Summary: An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription services from the Red Hat OpenStack administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard (horizon) did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server. (CVE-2015-0271) Red Hat would like to thank Sara Perez Merino of SensePost for reporting this issue. All redhat-access-plugin-openstack users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193638 - CVE-2015-0271 OpenStack dashboard: log file arbitrary file retrieval 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: redhat-access-plugin-openstack-5.0.1-0.el7ost.src.rpm noarch: redhat-access-plugin-openstack-5.0.1-0.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0271 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAcBXlSAg2UNWIIRAptkAJ9cOapdjpsXySr487rS93oEnShxqQCfaS3d cnZ4E1KFYFqgzeKzXZdn6SA= =FYX/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 19:02:12 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 19:02:12 +0000 Subject: [RHSA-2015:0841-01] Important: redhat-access-plugin security update Message-ID: <201504161902.t3GJ2DCu017552@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: redhat-access-plugin security update Advisory ID: RHSA-2015:0841-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0841.html Issue date: 2015-04-16 CVE Names: CVE-2015-0271 ===================================================================== 1. Summary: An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription services from the Red Hat OpenStack administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard (horizon) did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server. (CVE-2015-0271) Red Hat would like to thank Sara Perez Merino of SensePost for reporting this issue. All redhat-access-plugin-openstack users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193638 - CVE-2015-0271 OpenStack dashboard: log file arbitrary file retrieval 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: redhat-access-plugin-openstack-5.0.1-0.el6ost.src.rpm noarch: redhat-access-plugin-openstack-5.0.1-0.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0271 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAcoXlSAg2UNWIIRAv0YAJ0SE2nfeQl2po3dBOKWTUUpr3evHACgtDBN hYJxe2EhquSpZDzes2fxxsY= =ihDv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 19:02:56 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 19:02:56 +0000 Subject: [RHSA-2015:0843-01] Important: openstack-nova security, bug fix, and enhancement update Message-ID: <201504161902.t3GJ2vAQ022337@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2015:0843-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0843.html Issue date: 2015-04-16 CVE Names: CVE-2014-3708 CVE-2014-8333 CVE-2015-0259 ===================================================================== 1. Summary: Updated OpenStack Compute (nova) packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute (nova) console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw. (CVE-2015-0259) A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time. (CVE-2014-3708) A flaw was found in the OpenStack Compute (nova) VMWare driver, which could allow an authenticated user to delete an instance while it was in the resize state, causing the instance to remain on the back end. A malicious user could use this flaw to cause a denial of service by exhausting all available resources on the system. (CVE-2014-8333) Red Hat would like to thank the OpenStack project for reporting the CVE-2015-0259 and CVE-2014-3708 issues. Upstream acknowledges Brian Manifold of Cisco and Paul McMillan of Nebula as the original reporters of CVE-2015-0259, and Mohammed Naser from Vexxhost as the original reporter of CVE-2014-3708. In addition to the above issues, this update also addresses several bugs and adds various enhancements, which are documented in the Red Hat Enterprise Linux OpenStack Platform Technical Notes (see References section). All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Red Hat Enterprise Linux 7.1. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7, including which channels need to be enabled and disabled. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1141518 - NOVA API will not update nova compute with vif-plugged events when booting many VMs 1151114 - Ephemeral disk format option ignored 1154890 - CVE-2014-8333 openstack-nova: Nova VMware instance in resize state may leak 1154951 - CVE-2014-3708 openstack-nova: Nova network denial of service through API filtering 1174422 - Evacuate Fails 'Invalid state of instance files' using Ceph Ephemeral RBD 1188355 - Fix nova evacuate for shared storage 1189836 - nova-compute fails to start when there is an instance with port with binding:vif_type=binding_failed 1190112 - CVE-2015-0259 openstack-nova: console Cross-Site WebSocket hijacking 1199106 - Rebase openstack-nova to 2014.1.4 1205806 - QCOW2 virtual size can bypass disk size checks for a flavor 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-nova-2014.1.4-3.el7ost.src.rpm noarch: openstack-nova-2014.1.4-3.el7ost.noarch.rpm openstack-nova-api-2014.1.4-3.el7ost.noarch.rpm openstack-nova-cells-2014.1.4-3.el7ost.noarch.rpm openstack-nova-cert-2014.1.4-3.el7ost.noarch.rpm openstack-nova-common-2014.1.4-3.el7ost.noarch.rpm openstack-nova-compute-2014.1.4-3.el7ost.noarch.rpm openstack-nova-conductor-2014.1.4-3.el7ost.noarch.rpm openstack-nova-console-2014.1.4-3.el7ost.noarch.rpm openstack-nova-doc-2014.1.4-3.el7ost.noarch.rpm openstack-nova-network-2014.1.4-3.el7ost.noarch.rpm openstack-nova-novncproxy-2014.1.4-3.el7ost.noarch.rpm openstack-nova-objectstore-2014.1.4-3.el7ost.noarch.rpm openstack-nova-scheduler-2014.1.4-3.el7ost.noarch.rpm openstack-nova-serialproxy-2014.1.4-3.el7ost.noarch.rpm python-nova-2014.1.4-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3708 https://access.redhat.com/security/cve/CVE-2014-8333 https://access.redhat.com/security/cve/CVE-2015-0259 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Technical_Notes/index.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAdPXlSAg2UNWIIRAjNRAJ4m/HhOUk6RcuOofB1mJVF1nuU7UgCfck5v o/624lQCnJFVXfoltSZeXI0= =vhmm -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 19:03:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 19:03:28 +0000 Subject: [RHSA-2015:0844-01] Important: openstack-nova security, bug fix, and enhancement update Message-ID: <201504161903.t3GJ3SPC023335@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2015:0844-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0844.html Issue date: 2015-04-16 CVE Names: CVE-2014-3708 CVE-2014-8333 CVE-2015-0259 ===================================================================== 1. Summary: Updated OpenStack Compute (nova) packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute (nova) console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw. (CVE-2015-0259) A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time. (CVE-2014-3708) A flaw was found in the OpenStack Compute (nova) VMWare driver, which could allow an authenticated user to delete an instance while it was in the resize state, causing the instance to remain on the back end. A malicious user could use this flaw to cause a denial of service by exhausting all available resources on the system. (CVE-2014-8333) Red Hat would like to thank the OpenStack project for reporting the CVE-2015-0259 and CVE-2014-3708 issues. Upstream acknowledges Brian Manifold of Cisco and Paul McMillan of Nebula as the original reporters of CVE-2015-0259, and Mohammed Naser from Vexxhost as the original reporter of CVE-2014-3708. In addition to the above issues, this update also addresses several bugs and adds various enhancements, which are documented in the Red Hat Enterprise Linux OpenStack Platform Technical Notes (see References section). All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 runs on Red Hat Enterprise Linux 6.6. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 Release Notes (see References section) contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6, including which channels need to be enabled and disabled. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1154890 - CVE-2014-8333 openstack-nova: Nova VMware instance in resize state may leak 1154951 - CVE-2014-3708 openstack-nova: Nova network denial of service through API filtering 1170558 - live migration between different openstack versions can hang 1174424 - Evacuate Fails 'Invalid state of instance files' using Ceph Ephemeral RBD 1180602 - Live migration fails. Libvirt says Cannot assign requested address. 1190112 - CVE-2015-0259 openstack-nova: console Cross-Site WebSocket hijacking 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-nova-2014.1.4-3.el6ost.src.rpm noarch: openstack-nova-2014.1.4-3.el6ost.noarch.rpm openstack-nova-api-2014.1.4-3.el6ost.noarch.rpm openstack-nova-cells-2014.1.4-3.el6ost.noarch.rpm openstack-nova-cert-2014.1.4-3.el6ost.noarch.rpm openstack-nova-common-2014.1.4-3.el6ost.noarch.rpm openstack-nova-compute-2014.1.4-3.el6ost.noarch.rpm openstack-nova-conductor-2014.1.4-3.el6ost.noarch.rpm openstack-nova-console-2014.1.4-3.el6ost.noarch.rpm openstack-nova-doc-2014.1.4-3.el6ost.noarch.rpm openstack-nova-network-2014.1.4-3.el6ost.noarch.rpm openstack-nova-novncproxy-2014.1.4-3.el6ost.noarch.rpm openstack-nova-objectstore-2014.1.4-3.el6ost.noarch.rpm openstack-nova-scheduler-2014.1.4-3.el6ost.noarch.rpm openstack-nova-serialproxy-2014.1.4-3.el6ost.noarch.rpm python-nova-2014.1.4-3.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3708 https://access.redhat.com/security/cve/CVE-2014-8333 https://access.redhat.com/security/cve/CVE-2015-0259 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Technical_Notes/index.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAdwXlSAg2UNWIIRAt8UAJ9mfmDIur+oeNjLu4PIrfdICZNmAwCfWIxu Ns+lEE2WcTuICguNzQjgqd8= =tZXI -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 19:04:00 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 19:04:00 +0000 Subject: [RHSA-2015:0845-01] Moderate: python-django-horizon and python-django-openstack-auth update Message-ID: <201504161904.t3GJ41DH023483@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django-horizon and python-django-openstack-auth update Advisory ID: RHSA-2015:0845-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0845.html Issue date: 2015-04-16 CVE Names: CVE-2014-8124 ===================================================================== 1. Summary: Updated python-django-horizon and python-django-openstack-auth packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Dashboard (horizon) provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A denial of service flaw was found in the OpenStack Dashboard (horizon) when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service. (CVE-2014-8124) Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Eric Peterson from Time Warner Cable as the original reporter. The python-django-horizon packages have been upgraded to upstream version 2014.1.4, which provides a number of bug fixes over the previous version, including: * Default 'target={}' value leaks into subsequent 'policy.check()' calls. * Neutron subnet create tooltip has invalid HTML tags. * Memory reported improperly in admin dashboard. * The container dashboard does not handle unicode URL correctly. (BZ#1203281) This update also fixes the following bugs: * The option 'OPENSTACK_SSL_NO_VERIFY' is used to enable or disable checks for SSL certificate validity. Prior to this update, swift clients ignored this check. As a result, you could not use horizon with swift, and swift was accessed via a self signed certificate. With this update, the option is now handled properly and Horizon is able to use this endpoint while the 'OPENSTACK_SSL_NO_VERIFY' option is enabled. (BZ#1192517) * Previously, horizon.log was not truncated automatically, resulting in very large log files. With this update, files are now trimmed by logrotate, fixing this issue. (BZ#1112621) All OpenStack Dashboard users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 runs on Red Hat Enterprise Linux 6.6. The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes (see References section) contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5, including which channels need to be enabled and disabled. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169637 - CVE-2014-8124 python-django-horizon: denial of service via login page requests 1203231 - Rebase python-django-horizon to 2014.1.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: python-django-horizon-2014.1.4-1.el6ost.src.rpm python-django-openstack-auth-1.1.5-4.el6ost.src.rpm noarch: openstack-dashboard-2014.1.4-1.el6ost.noarch.rpm openstack-dashboard-theme-2014.1.4-1.el6ost.noarch.rpm python-django-horizon-2014.1.4-1.el6ost.noarch.rpm python-django-horizon-doc-2014.1.4-1.el6ost.noarch.rpm python-django-openstack-auth-1.1.5-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8124 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAeRXlSAg2UNWIIRAj3LAJ0Xr8uD4FQfGk7u+wY34nWFxCqsqwCguCQK hRAQONjLK7bNzdC8KmgT8oM= =0q1B -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 17 11:01:32 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 17 Apr 2015 11:01:32 +0000 Subject: [RHSA-2015:0854-01] Critical: java-1.8.0-oracle security update Message-ID: <201504171101.t3HB1XT3011377@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2015:0854-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0854.html Issue date: 2015-04-17 CVE Names: CVE-2005-1080 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0484 CVE-2015-0486 CVE-2015-0488 CVE-2015-0491 CVE-2015-0492 ===================================================================== 1. Summary: Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211387 - CVE-2015-0470 OpenJDK: incorrect handling of default methods (Hotspot, 8065366) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211770 - CVE-2015-0492 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 1211773 - CVE-2015-0484 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX) 1211774 - CVE-2015-0486 Oracle JDK: unspecified vulnerability fixed in 8u45 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.8.0-oracle-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0458 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0470 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0484 https://access.redhat.com/security/cve/CVE-2015-0486 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-0492 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMOfcXlSAg2UNWIIRAigHAJ9iiCXsg8pjUmcblmGNTSBQXP/8IwCgpll7 lURJuLF7uIj99YBy+hL8W9g= =1Xpi -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 20 14:43:21 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Apr 2015 14:43:21 +0000 Subject: [RHSA-2015:0857-01] Critical: java-1.7.0-oracle security update Message-ID: <201504201443.t3KEhMTX006882@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2015:0857-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0857.html Issue date: 2015-04-20 CVE Names: CVE-2005-1080 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0484 CVE-2015-0488 CVE-2015-0491 CVE-2015-0492 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 79 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211770 - CVE-2015-0492 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 1211773 - CVE-2015-0484 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0458 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0484 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-0492 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVNRBQXlSAg2UNWIIRAmJVAJ9Axv54JyA+OKhw16Tvpp/+4yLysACgi/nH Ih0/NpUncrhZv+WNl9lavNU= =TeK0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 20 14:44:54 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Apr 2015 14:44:54 +0000 Subject: [RHSA-2015:0858-01] Important: java-1.6.0-sun security update Message-ID: <201504201444.t3KEisbg015616@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-sun security update Advisory ID: RHSA-2015:0858-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0858.html Issue date: 2015-04-20 CVE Names: CVE-2005-1080 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211285 - CVE-2015-0460 OpenJDK: incorrect handling of phantom references (Hotspot, 8071931) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.95-1jpp.3.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0458 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0460 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVNRC1XlSAg2UNWIIRAjECAJwMRNP9KubHK5tvIPOMZ3cvG0XjZACghu3T d2/IGgPrh/0p5RO9vjqxIUg= =hEPD -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 21 08:34:46 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Apr 2015 08:34:46 +0000 Subject: [RHSA-2015:0860-01] Low: Red Hat Enterprise Linux OpenStack Platform 4.0 - 60 Day Retirement Notice Message-ID: <201504210834.t3L8Ykkv018010@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux OpenStack Platform 4.0 - 60 Day Retirement Notice Advisory ID: RHSA-2015:0860-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0860.html Issue date: 2015-04-21 ===================================================================== 1. Summary: This is the 60 day notification for the retirement of Red Hat Enterprise Linux OpenStack Platform 4.0. 2. Description: In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5 year life cycle of Production Support for version 4 will end on June 19, 2015. On June 20, 2015, Red Hat Enterprise Linux OpenStack Platform version 4 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform version 5 or 6. For upgrade instructions, see the Knowledgebase articles linked in the References section. Full details of the Red Hat Enterprise Linux OpenStack Platform Life Cycle can be found at https://access.redhat.com/support/policy/updates/openstack/platform/ 3. Solution: Customers are encouraged to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform version 5 or 6. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/openstack/platform/ https://access.redhat.com/articles/1177953 https://access.redhat.com/articles/1317223 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVNgt9XlSAg2UNWIIRAnFhAJwM3Xd2rUYkCZzdaNDaEVeUhTJSCgCgu2Qu dLEbgPz2yZivIzE2ezX3gTo= =cB8N -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 21 11:37:15 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Apr 2015 11:37:15 +0000 Subject: [RHSA-2015:0863-01] Moderate: glibc security and bug fix update Message-ID: <201504211137.t3LBbGF1014776@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2015:0863-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0863.html Issue date: 2015-04-21 CVE Names: CVE-2013-7423 CVE-2015-1781 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781) It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423) The CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat. This update also fixes the following bug: * Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. (BZ#1194149) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1187109 - CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load 1199525 - CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.149.el6_6.7.src.rpm i386: glibc-2.12-1.149.el6_6.7.i686.rpm glibc-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-devel-2.12-1.149.el6_6.7.i686.rpm glibc-headers-2.12-1.149.el6_6.7.i686.rpm glibc-utils-2.12-1.149.el6_6.7.i686.rpm nscd-2.12-1.149.el6_6.7.i686.rpm x86_64: glibc-2.12-1.149.el6_6.7.i686.rpm glibc-2.12-1.149.el6_6.7.x86_64.rpm glibc-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-devel-2.12-1.149.el6_6.7.i686.rpm glibc-devel-2.12-1.149.el6_6.7.x86_64.rpm glibc-headers-2.12-1.149.el6_6.7.x86_64.rpm glibc-utils-2.12-1.149.el6_6.7.x86_64.rpm nscd-2.12-1.149.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-static-2.12-1.149.el6_6.7.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-static-2.12-1.149.el6_6.7.i686.rpm glibc-static-2.12-1.149.el6_6.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.149.el6_6.7.src.rpm x86_64: glibc-2.12-1.149.el6_6.7.i686.rpm glibc-2.12-1.149.el6_6.7.x86_64.rpm glibc-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-devel-2.12-1.149.el6_6.7.i686.rpm glibc-devel-2.12-1.149.el6_6.7.x86_64.rpm glibc-headers-2.12-1.149.el6_6.7.x86_64.rpm glibc-utils-2.12-1.149.el6_6.7.x86_64.rpm nscd-2.12-1.149.el6_6.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-static-2.12-1.149.el6_6.7.i686.rpm glibc-static-2.12-1.149.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.149.el6_6.7.src.rpm i386: glibc-2.12-1.149.el6_6.7.i686.rpm glibc-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-devel-2.12-1.149.el6_6.7.i686.rpm glibc-headers-2.12-1.149.el6_6.7.i686.rpm glibc-utils-2.12-1.149.el6_6.7.i686.rpm nscd-2.12-1.149.el6_6.7.i686.rpm ppc64: glibc-2.12-1.149.el6_6.7.ppc.rpm glibc-2.12-1.149.el6_6.7.ppc64.rpm glibc-common-2.12-1.149.el6_6.7.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.7.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.7.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.ppc64.rpm glibc-devel-2.12-1.149.el6_6.7.ppc.rpm glibc-devel-2.12-1.149.el6_6.7.ppc64.rpm glibc-headers-2.12-1.149.el6_6.7.ppc64.rpm glibc-utils-2.12-1.149.el6_6.7.ppc64.rpm nscd-2.12-1.149.el6_6.7.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.7.s390.rpm glibc-2.12-1.149.el6_6.7.s390x.rpm glibc-common-2.12-1.149.el6_6.7.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.7.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.7.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.s390x.rpm glibc-devel-2.12-1.149.el6_6.7.s390.rpm glibc-devel-2.12-1.149.el6_6.7.s390x.rpm glibc-headers-2.12-1.149.el6_6.7.s390x.rpm glibc-utils-2.12-1.149.el6_6.7.s390x.rpm nscd-2.12-1.149.el6_6.7.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.7.i686.rpm glibc-2.12-1.149.el6_6.7.x86_64.rpm glibc-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-devel-2.12-1.149.el6_6.7.i686.rpm glibc-devel-2.12-1.149.el6_6.7.x86_64.rpm glibc-headers-2.12-1.149.el6_6.7.x86_64.rpm glibc-utils-2.12-1.149.el6_6.7.x86_64.rpm nscd-2.12-1.149.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-static-2.12-1.149.el6_6.7.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.7.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.7.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.ppc64.rpm glibc-static-2.12-1.149.el6_6.7.ppc.rpm glibc-static-2.12-1.149.el6_6.7.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.7.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.7.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.s390x.rpm glibc-static-2.12-1.149.el6_6.7.s390.rpm glibc-static-2.12-1.149.el6_6.7.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-static-2.12-1.149.el6_6.7.i686.rpm glibc-static-2.12-1.149.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.149.el6_6.7.src.rpm i386: glibc-2.12-1.149.el6_6.7.i686.rpm glibc-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-devel-2.12-1.149.el6_6.7.i686.rpm glibc-headers-2.12-1.149.el6_6.7.i686.rpm glibc-utils-2.12-1.149.el6_6.7.i686.rpm nscd-2.12-1.149.el6_6.7.i686.rpm x86_64: glibc-2.12-1.149.el6_6.7.i686.rpm glibc-2.12-1.149.el6_6.7.x86_64.rpm glibc-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-devel-2.12-1.149.el6_6.7.i686.rpm glibc-devel-2.12-1.149.el6_6.7.x86_64.rpm glibc-headers-2.12-1.149.el6_6.7.x86_64.rpm glibc-utils-2.12-1.149.el6_6.7.x86_64.rpm nscd-2.12-1.149.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-static-2.12-1.149.el6_6.7.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.7.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.7.x86_64.rpm glibc-static-2.12-1.149.el6_6.7.i686.rpm glibc-static-2.12-1.149.el6_6.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7423 https://access.redhat.com/security/cve/CVE-2015-1781 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVNjZcXlSAg2UNWIIRAh/vAJ9G7IfTpj10LLreiOJXlgHOKyyxUQCbB8c+ EUh5mWbL+UqNLADhrfGmOYk= =+85j -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 21 15:06:07 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Apr 2015 15:06:07 +0000 Subject: [RHSA-2015:0864-01] Important: kernel security and bug fix update Message-ID: <201504211506.t3LF67F6011197@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0864-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0864.html Issue date: 2015-04-21 CVE Names: CVE-2014-3215 CVE-2014-3690 CVE-2014-7825 CVE-2014-7826 CVE-2014-8171 CVE-2014-8884 CVE-2014-9529 CVE-2014-9584 CVE-2015-1421 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support. (CVE-2014-3215, Important) * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) * It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2014-3690, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-7825, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. (CVE-2014-7826, Moderate) * It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system. (CVE-2014-8171, Moderate) * A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. (CVE-2014-9529, Moderate) * A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. (CVE-2014-8884, Low) * An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. (CVE-2014-9584, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215 and CVE-2014-3690, Robert ?wi?cki for reporting CVE-2014-7825 and CVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat. This update also fixes several bugs. Documentation for these changes is available from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1095855 - CVE-2014-3215 policycoreutils: local privilege escalation via seunshare 1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries 1161565 - CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems 1164266 - CVE-2014-8884 kernel: usb: buffer overflow in ttusb-dec 1179813 - CVE-2014-9529 kernel: memory corruption or panic during key garbage collection 1180119 - CVE-2014-9584 kernel: isofs: unchecked printing of ER records 1196581 - CVE-2015-1421 kernel: net: slab corruption from use after free on INIT collisions 1198109 - CVE-2014-8171 kernel: memcg: OOM handling DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-504.16.2.el6.src.rpm i386: kernel-2.6.32-504.16.2.el6.i686.rpm kernel-debug-2.6.32-504.16.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debug-devel-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm kernel-devel-2.6.32-504.16.2.el6.i686.rpm kernel-headers-2.6.32-504.16.2.el6.i686.rpm perf-2.6.32-504.16.2.el6.i686.rpm perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm kernel-doc-2.6.32-504.16.2.el6.noarch.rpm kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm x86_64: kernel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm kernel-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-headers-2.6.32-504.16.2.el6.x86_64.rpm perf-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm python-perf-2.6.32-504.16.2.el6.i686.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-504.16.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm kernel-doc-2.6.32-504.16.2.el6.noarch.rpm kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm x86_64: kernel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm kernel-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-headers-2.6.32-504.16.2.el6.x86_64.rpm perf-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-504.16.2.el6.src.rpm i386: kernel-2.6.32-504.16.2.el6.i686.rpm kernel-debug-2.6.32-504.16.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debug-devel-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm kernel-devel-2.6.32-504.16.2.el6.i686.rpm kernel-headers-2.6.32-504.16.2.el6.i686.rpm perf-2.6.32-504.16.2.el6.i686.rpm perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm kernel-doc-2.6.32-504.16.2.el6.noarch.rpm kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm ppc64: kernel-2.6.32-504.16.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.16.2.el6.ppc64.rpm kernel-debug-2.6.32-504.16.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.16.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.16.2.el6.ppc64.rpm kernel-devel-2.6.32-504.16.2.el6.ppc64.rpm kernel-headers-2.6.32-504.16.2.el6.ppc64.rpm perf-2.6.32-504.16.2.el6.ppc64.rpm perf-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm s390x: kernel-2.6.32-504.16.2.el6.s390x.rpm kernel-debug-2.6.32-504.16.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.s390x.rpm kernel-debug-devel-2.6.32-504.16.2.el6.s390x.rpm kernel-debuginfo-2.6.32-504.16.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.16.2.el6.s390x.rpm kernel-devel-2.6.32-504.16.2.el6.s390x.rpm kernel-headers-2.6.32-504.16.2.el6.s390x.rpm kernel-kdump-2.6.32-504.16.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.16.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.16.2.el6.s390x.rpm perf-2.6.32-504.16.2.el6.s390x.rpm perf-debuginfo-2.6.32-504.16.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.s390x.rpm x86_64: kernel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm kernel-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-headers-2.6.32-504.16.2.el6.x86_64.rpm perf-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm python-perf-2.6.32-504.16.2.el6.i686.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.16.2.el6.ppc64.rpm perf-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm python-perf-2.6.32-504.16.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.16.2.el6.s390x.rpm kernel-debuginfo-2.6.32-504.16.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.16.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.16.2.el6.s390x.rpm perf-debuginfo-2.6.32-504.16.2.el6.s390x.rpm python-perf-2.6.32-504.16.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-504.16.2.el6.src.rpm i386: kernel-2.6.32-504.16.2.el6.i686.rpm kernel-debug-2.6.32-504.16.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debug-devel-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm kernel-devel-2.6.32-504.16.2.el6.i686.rpm kernel-headers-2.6.32-504.16.2.el6.i686.rpm perf-2.6.32-504.16.2.el6.i686.rpm perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm kernel-doc-2.6.32-504.16.2.el6.noarch.rpm kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm x86_64: kernel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm kernel-devel-2.6.32-504.16.2.el6.x86_64.rpm kernel-headers-2.6.32-504.16.2.el6.x86_64.rpm perf-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm python-perf-2.6.32-504.16.2.el6.i686.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm python-perf-2.6.32-504.16.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3215 https://access.redhat.com/security/cve/CVE-2014-3690 https://access.redhat.com/security/cve/CVE-2014-7825 https://access.redhat.com/security/cve/CVE-2014-7826 https://access.redhat.com/security/cve/CVE-2014-8171 https://access.redhat.com/security/cve/CVE-2014-8884 https://access.redhat.com/security/cve/CVE-2014-9529 https://access.redhat.com/security/cve/CVE-2014-9584 https://access.redhat.com/security/cve/CVE-2015-1421 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVNmbUXlSAg2UNWIIRAnIwAJ0aFQPpfUnASsmFvvmzTl6UNrCJEACfbF2l w8l2g/j31KalKIZpwmqdOO0= =z9/0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 21 18:03:01 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Apr 2015 18:03:01 +0000 Subject: [RHSA-2015:0867-01] Important: qemu-kvm security and bug fix update Message-ID: <201504211803.t3LI32q7017374@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: RHSA-2015:0867-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0867.html Issue date: 2015-04-21 CVE Names: CVE-2014-8106 ===================================================================== 1. Summary: An updated qemu-kvm package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM- allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. (CVE-2014-8106) This issue was found by Paolo Bonzini of Red Hat. This update also fixes the following bug: * Previously, the effective downtime during the last phase of a live migration would sometimes be much higher than the maximum downtime specified by 'migration_downtime' in vdsm.conf. This problem has been corrected. The value of 'migration_downtime' is now honored and the migration is aborted if the downtime cannot be achieved. (BZ#1142756) All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169454 - CVE-2014-8106 qemu: cirrus: insufficient blit region checks 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.2.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8106 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVNpCuXlSAg2UNWIIRAu48AJ9pGqqKAcPkJbR0I9gWuGTAMgA9BgCfRZHi 5PXON+GVi9Exw7oZErspaOM= =JzKU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 22 10:54:50 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Apr 2015 10:54:50 +0000 Subject: [RHSA-2015:0869-01] Important: kvm security update Message-ID: <201504221043.t3MAhGHk030496@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2015:0869-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0869.html Issue date: 2015-04-22 CVE Names: CVE-2014-3610 CVE-2014-3611 ===================================================================== 1. Summary: Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue. All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (https://bugzilla.redhat.com/): 1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition 1144883 - CVE-2014-3610 kernel: kvm: noncanonical MSR writes 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: kvm-83-270.el5_11.src.rpm x86_64: kmod-kvm-83-270.el5_11.x86_64.rpm kmod-kvm-debug-83-270.el5_11.x86_64.rpm kvm-83-270.el5_11.x86_64.rpm kvm-debuginfo-83-270.el5_11.x86_64.rpm kvm-qemu-img-83-270.el5_11.x86_64.rpm kvm-tools-83-270.el5_11.x86_64.rpm RHEL Virtualization (v. 5 server): Source: kvm-83-270.el5_11.src.rpm x86_64: kmod-kvm-83-270.el5_11.x86_64.rpm kmod-kvm-debug-83-270.el5_11.x86_64.rpm kvm-83-270.el5_11.x86_64.rpm kvm-debuginfo-83-270.el5_11.x86_64.rpm kvm-qemu-img-83-270.el5_11.x86_64.rpm kvm-tools-83-270.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3610 https://access.redhat.com/security/cve/CVE-2014-3611 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVN3s3XlSAg2UNWIIRAg/UAKCBiZgLwNuXdKojCQWm2SRiRQ6cigCfZhEj TXPj/BwdH1WwdLjMvtODoQM= =MgBT -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 22 10:55:43 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Apr 2015 10:55:43 +0000 Subject: [RHSA-2015:0870-01] Important: kernel security update Message-ID: <201504221044.t3MAi9pq019190@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2015:0870-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0870.html Issue date: 2015-04-22 CVE Names: CVE-2014-8159 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) Red Hat would like to thank Mellanox for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access 6. Package List: Red Hat Enterprise Linux EUS (v. 5.9 server): Source: kernel-2.6.18-348.30.1.el5.src.rpm i386: kernel-2.6.18-348.30.1.el5.i686.rpm kernel-PAE-2.6.18-348.30.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.30.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.30.1.el5.i686.rpm kernel-debug-2.6.18-348.30.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.30.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.30.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.30.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.30.1.el5.i686.rpm kernel-devel-2.6.18-348.30.1.el5.i686.rpm kernel-headers-2.6.18-348.30.1.el5.i386.rpm kernel-xen-2.6.18-348.30.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.30.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.30.1.el5.i686.rpm ia64: kernel-2.6.18-348.30.1.el5.ia64.rpm kernel-debug-2.6.18-348.30.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.30.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.30.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.30.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.30.1.el5.ia64.rpm kernel-devel-2.6.18-348.30.1.el5.ia64.rpm kernel-headers-2.6.18-348.30.1.el5.ia64.rpm kernel-xen-2.6.18-348.30.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.30.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.30.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.30.1.el5.noarch.rpm ppc: kernel-2.6.18-348.30.1.el5.ppc64.rpm kernel-debug-2.6.18-348.30.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.30.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.30.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.30.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.30.1.el5.ppc64.rpm kernel-devel-2.6.18-348.30.1.el5.ppc64.rpm kernel-headers-2.6.18-348.30.1.el5.ppc.rpm kernel-headers-2.6.18-348.30.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.30.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.30.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.30.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.30.1.el5.s390x.rpm kernel-debug-2.6.18-348.30.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.30.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.30.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.30.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.30.1.el5.s390x.rpm kernel-devel-2.6.18-348.30.1.el5.s390x.rpm kernel-headers-2.6.18-348.30.1.el5.s390x.rpm kernel-kdump-2.6.18-348.30.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.30.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.30.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.30.1.el5.x86_64.rpm kernel-debug-2.6.18-348.30.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.30.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.30.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.30.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.30.1.el5.x86_64.rpm kernel-devel-2.6.18-348.30.1.el5.x86_64.rpm kernel-headers-2.6.18-348.30.1.el5.x86_64.rpm kernel-xen-2.6.18-348.30.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.30.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.30.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8159 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVN3thXlSAg2UNWIIRAnjWAKC00K4ifrnucnMD7jxJulVmlWZ8jwCgknVq IQ0SbzGceEbGGq8zzw2e1ug= =ceTG -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 23 14:50:46 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Apr 2015 14:50:46 +0000 Subject: [RHSA-2015:0884-01] Moderate: novnc security update Message-ID: <201504231450.t3NEokmu017353@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0884-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0884.html Issue date: 2015-04-23 CVE Names: CVE-2013-7436 ===================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: novnc-0.5.1-2.el6ost.src.rpm noarch: novnc-0.5.1-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVOQatXlSAg2UNWIIRAumdAKC2YpzGzZskIuIcx9GaR/g4xYe5dACfaqu1 KhKxGJqUihsGGU16x2U/tTw= =sLLP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 28 05:48:16 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Apr 2015 05:48:16 +0000 Subject: [RHSA-2015:0891-01] Important: qemu-kvm-rhev security update Message-ID: <201504280548.t3S5mGG8013916@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2015:0891-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0891.html Issue date: 2015-04-28 CVE Names: CVE-2014-8106 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 and 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - x86_64 Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. (CVE-2014-8106) This issue was found by Paolo Bonzini of Red Hat. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169454 - CVE-2014-8106 qemu: cirrus: insufficient blit region checks 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm Red Hat Enterprise Linux OpenStack Platform 4.0: Source: qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8106 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVPx8UXlSAg2UNWIIRAjRNAJwNjdwtBIAa9pibMNEDtNqjfldDEgCfZbgs H7HDEb3S+GCaZoWOLqgPRps= =Ahtp -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 30 16:06:48 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Apr 2015 16:06:48 +0000 Subject: [RHSA-2015:0919-01] Important: kernel security update Message-ID: <201504301606.t3UG6ndZ018511@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2015:0919-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0919.html Issue date: 2015-04-30 CVE Names: CVE-2014-8159 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) Red Hat would like to thank Mellanox for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access 6. Package List: Red Hat Enterprise Linux LL (v. 5.6 server): Source: kernel-2.6.18-238.55.1.el5.src.rpm i386: kernel-2.6.18-238.55.1.el5.i686.rpm kernel-PAE-2.6.18-238.55.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.55.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.55.1.el5.i686.rpm kernel-debug-2.6.18-238.55.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.55.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.55.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.55.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.55.1.el5.i686.rpm kernel-devel-2.6.18-238.55.1.el5.i686.rpm kernel-headers-2.6.18-238.55.1.el5.i386.rpm kernel-xen-2.6.18-238.55.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.55.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.55.1.el5.i686.rpm ia64: kernel-2.6.18-238.55.1.el5.ia64.rpm kernel-debug-2.6.18-238.55.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.55.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.55.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.55.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.55.1.el5.ia64.rpm kernel-devel-2.6.18-238.55.1.el5.ia64.rpm kernel-headers-2.6.18-238.55.1.el5.ia64.rpm kernel-xen-2.6.18-238.55.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.55.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.55.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.55.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.55.1.el5.x86_64.rpm kernel-debug-2.6.18-238.55.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.55.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.55.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.55.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.55.1.el5.x86_64.rpm kernel-devel-2.6.18-238.55.1.el5.x86_64.rpm kernel-headers-2.6.18-238.55.1.el5.x86_64.rpm kernel-xen-2.6.18-238.55.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.55.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.55.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8159 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVQlKtXlSAg2UNWIIRAnKYAJ0e9dsFyZoh1KtK95n4kCP04FwQnACdHexE zN9gdu2zSiIAZJEhWe1yXO8= =bwvG -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 30 20:03:32 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Apr 2015 20:03:32 +0000 Subject: [RHSA-2015:0921-01] Important: chromium-browser security and bug fix update Message-ID: <201504302003.t3UK3Wlq030515@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security and bug fix update Advisory ID: RHSA-2015:0921-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0921.html Issue date: 2015-04-30 CVE Names: CVE-2015-1243 CVE-2015-1250 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1243, CVE-2015-1250) This update also fixes the following bug: * Prior to this update, Chromium did not accept GNOME's system proxy settings due to having GConf support disabled. This issue has been resolved in this update. (BZ#1217065) All Chromium users should upgrade to these updated packages, which contain Chromium version 42.0.2311.135, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1216920 - CVE-2015-1243 chromium-browser: use-after-free in DOM 1216921 - CVE-2015-1250 chromium-browser: various unspecified flaws 1217065 - Chromium-browser not accepting gnome system proxy settings in RHEL6. 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-42.0.2311.135-1.el6_6.src.rpm i386: chromium-browser-42.0.2311.135-1.el6_6.i686.rpm chromium-browser-debuginfo-42.0.2311.135-1.el6_6.i686.rpm x86_64: chromium-browser-42.0.2311.135-1.el6_6.x86_64.rpm chromium-browser-debuginfo-42.0.2311.135-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-42.0.2311.135-1.el6_6.src.rpm i386: chromium-browser-42.0.2311.135-1.el6_6.i686.rpm chromium-browser-debuginfo-42.0.2311.135-1.el6_6.i686.rpm x86_64: chromium-browser-42.0.2311.135-1.el6_6.x86_64.rpm chromium-browser-debuginfo-42.0.2311.135-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-42.0.2311.135-1.el6_6.src.rpm i386: chromium-browser-42.0.2311.135-1.el6_6.i686.rpm chromium-browser-debuginfo-42.0.2311.135-1.el6_6.i686.rpm x86_64: chromium-browser-42.0.2311.135-1.el6_6.x86_64.rpm chromium-browser-debuginfo-42.0.2311.135-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1243 https://access.redhat.com/security/cve/CVE-2015-1250 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVQopnXlSAg2UNWIIRAgQLAKCzVoixHduhi3H16D16uWNNhvdvcQCgqNj0 LvRH19/Se7OKiVYg1eoWKXA= =+RnW -----END PGP SIGNATURE-----