From bugzilla at redhat.com Tue Aug 4 17:18:29 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Aug 2015 13:18:29 -0400 Subject: [RHSA-2015:1544-01] Important: java-1.5.0-ibm security update Message-ID: <201508041718.t74HITCY026625@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2015:1544-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1544.html Issue date: 2015-08-04 CVE Names: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: This update forces the TLS/SSL client implementation in IBM JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section. Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP13 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) 1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment) 1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1931 https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2637 https://access.redhat.com/security/cve/CVE-2015-2638 https://access.redhat.com/security/cve/CVE-2015-2664 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ https://www.ibm.com/developerworks/java/jdk/lifecycle/ https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVwPPkXlSAg2UNWIIRAo58AJ0f5ydeQDOPD94MBu+9dLB4StLPgACgv9P0 jLcHugyRDfZPLmcsHXcjvoY= =lSeA -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 4 17:18:36 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Aug 2015 13:18:36 -0400 Subject: [RHSA-2015:1545-01] Important: node.js security update Message-ID: <201508041718.t74HIaQ4013472@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: node.js security update Advisory ID: RHSA-2015:1545-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1545.html Issue date: 2015-08-04 CVE Names: CVE-2014-3566 ===================================================================== 1. Summary: Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Node 2.1 - noarch 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) All OpenShift Enterprise users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 6. Package List: RHOSE Node 2.1: Source: openshift-origin-node-proxy-1.22.3.4-1.el6op.src.rpm noarch: openshift-origin-node-proxy-1.22.3.4-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVwPPrXlSAg2UNWIIRAicFAJwLtBa83jvknJ4O1bikpq+xg4A14QCfVl7R U5g35mQX0vIx8VGzFhtrO3g= =e7zz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 4 17:18:44 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Aug 2015 13:18:44 -0400 Subject: [RHSA-2015:1546-01] Important: node.js security update Message-ID: <201508041718.t74HIia5016447@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: node.js security update Advisory ID: RHSA-2015:1546-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1546.html Issue date: 2015-08-04 CVE Names: CVE-2014-3566 ===================================================================== 1. Summary: Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Node 2.0 - noarch 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) All OpenShift Enterprise users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 6. Package List: RHOSE Node 2.0: Source: openshift-origin-node-proxy-1.16.4.2-1.el6op.src.rpm noarch: openshift-origin-node-proxy-1.16.4.2-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVwPPyXlSAg2UNWIIRAuSmAJ9TcvWqTz3XeYWcIi85DwBB0ghGNQCeOIXM OK81DBpVizJpZ7+7tNbR4Yc= =7omg -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 6 02:48:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Aug 2015 22:48:28 -0400 Subject: [RHSA-2015:1534-01] Moderate: kernel security and bug fix update Message-ID: <201508060248.t762mSqR031058@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2015:1534-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1534.html Issue date: 2015-08-05 CVE Names: CVE-2014-9715 CVE-2015-2666 CVE-2015-2922 CVE-2015-3636 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. (CVE-2014-9715, Moderate) * A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place. (CVE-2015-2666, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) Red Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715 issue. This update also fixes several bugs. Refer to the following Knowledgebase article for further information: https://access.redhat.com/articles/1474193 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements. 1204722 - CVE-2015-2666 kernel: execution in the early microcode loader 1208684 - CVE-2014-9715 kernel: netfilter connection tracking extensions denial of service 1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-229.11.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm kernel-doc-3.10.0-229.11.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm perf-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-229.11.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm kernel-doc-3.10.0-229.11.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm perf-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-229.11.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm kernel-doc-3.10.0-229.11.1.el7.noarch.rpm ppc64: kernel-3.10.0-229.11.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.11.1.el7.ppc64.rpm kernel-debug-3.10.0-229.11.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.11.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.11.1.el7.ppc64.rpm kernel-devel-3.10.0-229.11.1.el7.ppc64.rpm kernel-headers-3.10.0-229.11.1.el7.ppc64.rpm kernel-tools-3.10.0-229.11.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.11.1.el7.ppc64.rpm perf-3.10.0-229.11.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm s390x: kernel-3.10.0-229.11.1.el7.s390x.rpm kernel-debug-3.10.0-229.11.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.11.1.el7.s390x.rpm kernel-debug-devel-3.10.0-229.11.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.11.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.11.1.el7.s390x.rpm kernel-devel-3.10.0-229.11.1.el7.s390x.rpm kernel-headers-3.10.0-229.11.1.el7.s390x.rpm kernel-kdump-3.10.0-229.11.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.11.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.11.1.el7.s390x.rpm perf-3.10.0-229.11.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.11.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.s390x.rpm x86_64: kernel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm perf-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-229.11.1.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.11.1.ael7b.noarch.rpm kernel-doc-3.10.0-229.11.1.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.11.1.ael7b.ppc64le.rpm perf-3.10.0-229.11.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.11.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.11.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm python-perf-3.10.0-229.11.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.11.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.11.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.11.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.11.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.11.1.el7.s390x.rpm python-perf-3.10.0-229.11.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: kernel-debug-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.11.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm python-perf-3.10.0-229.11.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.11.1.ael7b.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-229.11.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm kernel-doc-3.10.0-229.11.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm perf-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9715 https://access.redhat.com/security/cve/CVE-2015-2666 https://access.redhat.com/security/cve/CVE-2015-2922 https://access.redhat.com/security/cve/CVE-2015-3636 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/1474193 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVwsr5XlSAg2UNWIIRAqY6AKCH9gNSOr20Yf7JKfhtAdA78KiRDwCglbkx Y9+0OV1kO1lZxrR1gGaoCAY= =XAwn -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 6 02:48:43 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Aug 2015 22:48:43 -0400 Subject: [RHSA-2015:1564-01] Moderate: kernel-rt security, bug fix, and enhancement update Message-ID: <201508060248.t762mhJn007732@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2015:1564-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1564.html Issue date: 2015-08-05 CVE Names: CVE-2014-9715 CVE-2015-2922 CVE-2015-3636 ===================================================================== 1. Summary: Updated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. (CVE-2014-9715, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) Red Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715 issue. This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and fixes the following issues: * drbg: Add stdrng alias and increase priority * seqiv / eseqiv / chainiv: Move IV seeding into init function * ipv4: kABI fix for 0bbf87d backport * ipv4: Convert ipv4.ip_local_port_range to be per netns * libceph: tcp_nodelay support * ipr: Increase default adapter init stage change timeout * fix use-after-free bug in usb_hcd_unlink_urb() * libceph: fix double __remove_osd() problem * ext4: fix data corruption caused by unwritten and delayed extents * sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT * nfs: Fixing lease renewal (Benjamin Coddington) * control hard lockup detection default * Fix print-once on enable * watchdog: update watchdog_thresh properly and watchdog attributes atomically * module: Call module notifier on failure after complete_formation() (BZ#1230403) This update also fixes the following bugs: * Non-standard usage of the functions write_seqcount_{begin,end}() were used in NFSv4, which caused the realtime code to try to sleep while locks were held and produced the "scheduling while atomic" messages. The code was modified to use the functions __write_seqcount_{begin,end}() that do not hold any locks removing the message and allowing correct execution. (BZ#1225642) * Dracut in Red Hat Enterprise Linux 6 has a dependency on a module called scsi_wait_scan that no longer exists on 3.x kernels. This caused the system to display misleading messages at start-up when the obsoleted scsi_wait_scan module was not found. To address this issue, MRG Realtime provides a dummy scsi_wait_scan module so that the requirements for the initramfs created by dracut are met and the boot messages are no longer displayed. (BZ#1230403) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements. 1208684 - CVE-2014-9715 kernel: netfilter connection tracking extensions denial of service 1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation 1230403 - RFE: update the 3.10 kernel-rt sources 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-229.rt56.158.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-229.rt56.158.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-229.rt56.158.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-229.rt56.158.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-229.rt56.158.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9715 https://access.redhat.com/security/cve/CVE-2015-2922 https://access.redhat.com/security/cve/CVE-2015-3636 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVwssKXlSAg2UNWIIRApmcAJ9HLEDckh/xf4qQj8Khp3SjV9JfBACglbOR q16q5cl5xZJjB2WP4OIWEy8= =kpJU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 6 02:48:35 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Aug 2015 22:48:35 -0400 Subject: [RHSA-2015:1565-01] Moderate: kernel-rt security, bug fix, and enhancement update Message-ID: <201508060248.t762mZDC031074@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2015:1565-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1565.html Issue date: 2015-07-03 Updated on: 2015-08-05 CVE Names: CVE-2014-9715 CVE-2015-2666 CVE-2015-2922 CVE-2015-3636 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. (CVE-2014-9715, Moderate) * A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place. (CVE-2015-2666, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) Red Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715 issue. The kernel-rt packages have been upgraded to version 3.10.0-229.11.1, which provides a number of bug fixes and enhancements over the previous version, including: * drbg: Add stdrng alias and increase priority * seqiv / eseqiv / chainiv: Move IV seeding into init function * ipv4: kABI fix for 0bbf87d backport * ipv4: Convert ipv4.ip_local_port_range to be per netns * libceph: tcp_nodelay support * ipr: Increase default adapter init stage change timeout * fix use-after-free bug in usb_hcd_unlink_urb() * libceph: fix double __remove_osd() problem * ext4: fix data corruption caused by unwritten and delayed extents * sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT * nfs: Fixing lease renewal (Benjamin Coddington) * control hard lockup detection default * Fix print-once on enable * watchdog: update watchdog_thresh properly and watchdog attributes atomically * module: Call module notifier on failure after complete_formation() (BZ#1234470) This update also fixes the following bugs: * The megasas driver used the smp_processor_id() function within a preemptible context, which caused warning messages to be returned to the console. The function has been changed to raw_smp_processor_id() so that a lock is held while getting the processor ID. As a result, correct operations are now allowed without any console warnings being produced. (BZ#1235304) * In the NFSv4 file system, non-standard usage of the write_seqcount_{begin,end}() functions were used, which caused the realtime code to try to sleep while locks were held. As a consequence, the "scheduling while atomic" error messages were returned. The underlying source code has been modified to use the __write_seqcount_{begin,end}() functions that do not hold any locks, allowing correct execution of realtime. (BZ#1235301) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements. 1204722 - CVE-2015-2666 kernel: execution in the early microcode loader 1208684 - CVE-2014-9715 kernel: netfilter connection tracking extensions denial of service 1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation 1234470 - kernel-rt: update to the RHEL7.1.z batch 4 source tree 6. Package List: Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-229.11.1.rt56.141.11.el7_1.src.rpm noarch: kernel-rt-doc-3.10.0-229.11.1.rt56.141.11.el7_1.noarch.rpm x86_64: kernel-rt-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-debug-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-debug-devel-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-debuginfo-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-devel-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-trace-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm kernel-rt-trace-devel-3.10.0-229.11.1.rt56.141.11.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9715 https://access.redhat.com/security/cve/CVE-2015-2666 https://access.redhat.com/security/cve/CVE-2015-2922 https://access.redhat.com/security/cve/CVE-2015-3636 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVwssCXlSAg2UNWIIRAhCtAJ9VLJRCNemqOuDoUy0rqKLTFTz8iwCgqaVp uRNVVKnuxyV6GhTzGfZn+XM= =hoWz -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 7 23:10:51 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Aug 2015 19:10:51 -0400 Subject: [RHSA-2015:1581-01] Important: firefox security update Message-ID: <201508072310.t77NAprP011228@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2015:1581-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1581.html Issue date: 2015-08-07 CVE Names: CVE-2015-4495 ===================================================================== 1. Summary: Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. (CVE-2015-4495) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.1.1 ESR, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1251318 - CVE-2015-4495 Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-38.1.1-1.el5_11.src.rpm i386: firefox-38.1.1-1.el5_11.i386.rpm firefox-debuginfo-38.1.1-1.el5_11.i386.rpm x86_64: firefox-38.1.1-1.el5_11.i386.rpm firefox-38.1.1-1.el5_11.x86_64.rpm firefox-debuginfo-38.1.1-1.el5_11.i386.rpm firefox-debuginfo-38.1.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-38.1.1-1.el5_11.src.rpm i386: firefox-38.1.1-1.el5_11.i386.rpm firefox-debuginfo-38.1.1-1.el5_11.i386.rpm ppc: firefox-38.1.1-1.el5_11.ppc64.rpm firefox-debuginfo-38.1.1-1.el5_11.ppc64.rpm s390x: firefox-38.1.1-1.el5_11.s390.rpm firefox-38.1.1-1.el5_11.s390x.rpm firefox-debuginfo-38.1.1-1.el5_11.s390.rpm firefox-debuginfo-38.1.1-1.el5_11.s390x.rpm x86_64: firefox-38.1.1-1.el5_11.i386.rpm firefox-38.1.1-1.el5_11.x86_64.rpm firefox-debuginfo-38.1.1-1.el5_11.i386.rpm firefox-debuginfo-38.1.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-38.1.1-1.el6_7.src.rpm i386: firefox-38.1.1-1.el6_7.i686.rpm firefox-debuginfo-38.1.1-1.el6_7.i686.rpm x86_64: firefox-38.1.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.1.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-38.1.1-1.el6_7.i686.rpm firefox-debuginfo-38.1.1-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-38.1.1-1.el6_7.src.rpm x86_64: firefox-38.1.1-1.el6_7.i686.rpm firefox-38.1.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.1.1-1.el6_7.i686.rpm firefox-debuginfo-38.1.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-38.1.1-1.el6_7.src.rpm i386: firefox-38.1.1-1.el6_7.i686.rpm firefox-debuginfo-38.1.1-1.el6_7.i686.rpm ppc64: firefox-38.1.1-1.el6_7.ppc64.rpm firefox-debuginfo-38.1.1-1.el6_7.ppc64.rpm s390x: firefox-38.1.1-1.el6_7.s390x.rpm firefox-debuginfo-38.1.1-1.el6_7.s390x.rpm x86_64: firefox-38.1.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.1.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-38.1.1-1.el6_7.ppc.rpm firefox-debuginfo-38.1.1-1.el6_7.ppc.rpm s390x: firefox-38.1.1-1.el6_7.s390.rpm firefox-debuginfo-38.1.1-1.el6_7.s390.rpm x86_64: firefox-38.1.1-1.el6_7.i686.rpm firefox-debuginfo-38.1.1-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-38.1.1-1.el6_7.src.rpm i386: firefox-38.1.1-1.el6_7.i686.rpm firefox-debuginfo-38.1.1-1.el6_7.i686.rpm x86_64: firefox-38.1.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.1.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-38.1.1-1.el6_7.i686.rpm firefox-debuginfo-38.1.1-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-38.1.1-1.el7_1.src.rpm x86_64: firefox-38.1.1-1.el7_1.x86_64.rpm firefox-debuginfo-38.1.1-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-38.1.1-1.el7_1.i686.rpm firefox-debuginfo-38.1.1-1.el7_1.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.1.1-1.el7_1.src.rpm ppc64: firefox-38.1.1-1.el7_1.ppc64.rpm firefox-debuginfo-38.1.1-1.el7_1.ppc64.rpm s390x: firefox-38.1.1-1.el7_1.s390x.rpm firefox-debuginfo-38.1.1-1.el7_1.s390x.rpm x86_64: firefox-38.1.1-1.el7_1.x86_64.rpm firefox-debuginfo-38.1.1-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.1.1-1.ael7b_1.src.rpm ppc64le: firefox-38.1.1-1.ael7b_1.ppc64le.rpm firefox-debuginfo-38.1.1-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-38.1.1-1.el7_1.ppc.rpm firefox-debuginfo-38.1.1-1.el7_1.ppc.rpm s390x: firefox-38.1.1-1.el7_1.s390.rpm firefox-debuginfo-38.1.1-1.el7_1.s390.rpm x86_64: firefox-38.1.1-1.el7_1.i686.rpm firefox-debuginfo-38.1.1-1.el7_1.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-38.1.1-1.el7_1.src.rpm x86_64: firefox-38.1.1-1.el7_1.x86_64.rpm firefox-debuginfo-38.1.1-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-38.1.1-1.el7_1.i686.rpm firefox-debuginfo-38.1.1-1.el7_1.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4495 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.1.1 https://access.redhat.com/articles/1563163 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVxTr5XlSAg2UNWIIRAm8NAJ9dnkA54K4FTOFUkjmwNV25xCSF8gCgqiaX UOy322usyBZLrz8aBqhKSuo= =E+QH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 11 14:59:39 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Aug 2015 14:59:39 +0000 Subject: [RHSA-2015:1583-01] Moderate: kernel security and bug fix update Message-ID: <201508111459.t7BExeAC001853@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2015:1583-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1583.html Issue date: 2015-08-11 CVE Names: CVE-2015-3636 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) This update also fixes the following bugs: * Previously, the bridge device did not propagate VLAN information to its ports and Generic Receive Offload (GRO) information to devices that sit on top. This resulted in lower receive performance of VLANs over bridge devices because GRO was not enabled. An attempt to resolve this problem was made with BZ#858198 by introducing a patch that allows VLANs to be registered with the participating bridge ports and adds GRO to the bridge device feature set, however, that attempt introduced a number of regressions, which broke the vast majority of stacked setups involving bridge devices and VLANs. This update reverts the patch provided by BZ#858198 and removes support for this capability. (BZ#1131697) * The backlog data could previously not be consumed when the audit_log_start() function was running even if audit_log_start() called the wait_for_auditd() function to consume it. As only auditd could consume the backlog data, audit_log_start() terminated unexpectedly. Consequently, the system became unresponsive until the backlog timeout was up again. With this update, audit_log_start() no longer terminates and the system shuts down and reboots gracefully in a timely manner. (BZ#1140490) * This update introduces a set of patches with a new VLAN model to conform to upstream standards. In addition, this set of patches fixes other issues such as transmission of Internet Control Message Protocol (ICMP) fragments. (BZ#1173560) * Due to a bug in the audit code, a kernel panic occurred in the tasklist_lock variable if SELinux was in permissive or enforcing mode. A patch has been applied to fix this bug, and the operating system now continues to work normally. (BZ#1236103) * If a server returned an empty or malformed READDIR response, the NFS client could previously terminate unexpectedly while attempting to decode that response. This update uses the response size to determine if existing pages of data are available for decoding, and the client only decodes the responses if they exist. As a result, the NFS client no longer attempts to decode pages of data that may not exist, and the aforementioned crash is thus avoided. (BZ#1232133) * Previously, if a slave device had a receive handler registered, then an error unwind of bonding device enslave function became broken, which led to a kernel oops. This update detaches the slave in the unwind path, and the aforementioned oops no longer occurs. (BZ#1222482) * Due to bad memory or memory corruption, an isolated BUG_ON(mm->nr_ptes) was sometimes reported, indicating that not all the page tables allocated could be found and freed when the exit_mmap() function cleared the user address space. As a consequence, a kernel panic occurred. To fix this bug, the BUG_ON() function has been replaced by WARN_ON(), which prevents the kernel from panicking in the aforementioned situation. (BZ#1235930) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: kernel-2.6.32-431.61.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.61.2.el6.noarch.rpm kernel-doc-2.6.32-431.61.2.el6.noarch.rpm kernel-firmware-2.6.32-431.61.2.el6.noarch.rpm x86_64: kernel-2.6.32-431.61.2.el6.x86_64.rpm kernel-debug-2.6.32-431.61.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.61.2.el6.x86_64.rpm kernel-devel-2.6.32-431.61.2.el6.x86_64.rpm kernel-headers-2.6.32-431.61.2.el6.x86_64.rpm perf-2.6.32-431.61.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: kernel-2.6.32-431.61.2.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.61.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm python-perf-2.6.32-431.61.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: kernel-2.6.32-431.61.2.el6.src.rpm i386: kernel-2.6.32-431.61.2.el6.i686.rpm kernel-debug-2.6.32-431.61.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.61.2.el6.i686.rpm kernel-debug-devel-2.6.32-431.61.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.61.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.61.2.el6.i686.rpm kernel-devel-2.6.32-431.61.2.el6.i686.rpm kernel-headers-2.6.32-431.61.2.el6.i686.rpm perf-2.6.32-431.61.2.el6.i686.rpm perf-debuginfo-2.6.32-431.61.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.61.2.el6.noarch.rpm kernel-doc-2.6.32-431.61.2.el6.noarch.rpm kernel-firmware-2.6.32-431.61.2.el6.noarch.rpm ppc64: kernel-2.6.32-431.61.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.61.2.el6.ppc64.rpm kernel-debug-2.6.32-431.61.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.61.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.61.2.el6.ppc64.rpm kernel-devel-2.6.32-431.61.2.el6.ppc64.rpm kernel-headers-2.6.32-431.61.2.el6.ppc64.rpm perf-2.6.32-431.61.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm s390x: kernel-2.6.32-431.61.2.el6.s390x.rpm kernel-debug-2.6.32-431.61.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.61.2.el6.s390x.rpm kernel-debug-devel-2.6.32-431.61.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.61.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.61.2.el6.s390x.rpm kernel-devel-2.6.32-431.61.2.el6.s390x.rpm kernel-headers-2.6.32-431.61.2.el6.s390x.rpm kernel-kdump-2.6.32-431.61.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.61.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.61.2.el6.s390x.rpm perf-2.6.32-431.61.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.61.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.s390x.rpm x86_64: kernel-2.6.32-431.61.2.el6.x86_64.rpm kernel-debug-2.6.32-431.61.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.61.2.el6.x86_64.rpm kernel-devel-2.6.32-431.61.2.el6.x86_64.rpm kernel-headers-2.6.32-431.61.2.el6.x86_64.rpm perf-2.6.32-431.61.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: kernel-2.6.32-431.61.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.61.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.61.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.61.2.el6.i686.rpm perf-debuginfo-2.6.32-431.61.2.el6.i686.rpm python-perf-2.6.32-431.61.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.61.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm python-perf-2.6.32-431.61.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.61.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.61.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.61.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.61.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.61.2.el6.s390x.rpm python-perf-2.6.32-431.61.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.61.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm python-perf-2.6.32-431.61.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.61.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3636 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVyg3MXlSAg2UNWIIRApHOAKCQLSI7H+SCy1hQSQ/3zKH1kUqoiACaAwoX gAcx0r9Pffm+qmcpxeP4ehc= =rMCo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 11 19:52:29 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Aug 2015 19:52:29 +0000 Subject: [RHSA-2015:1586-01] Critical: firefox security update Message-ID: <201508111952.t7BJqTJ4024125@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2015:1586-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1586.html Issue date: 2015-08-11 CVE Names: CVE-2015-4473 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, Andr? Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jyl?nki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1252271 - CVE-2015-4473 Mozilla: Miscellaneous memory safety hazards (rv:38.2) (MFSA 2015-79) 1252276 - CVE-2015-4475 Mozilla: Out-of-bounds read with malformed MP3 file (MFSA 2015-80) 1252282 - CVE-2015-4478 Mozilla: Redefinition of non-configurable JavaScript object properties (MFSA 2015-82) 1252285 - CVE-2015-4479 CVE-2015-4480 CVE-2015-4493 Mozilla: Overflow issues in libstagefright (MFSA 2015-83) 1252289 - CVE-2015-4484 Mozilla: Crash when using shared memory in JavaScript (MFSA 2015-87) 1252290 - CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88) 1252292 - CVE-2015-4485 CVE-2015-4486 Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89) 1252293 - CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) 1252295 - CVE-2015-4492 Mozilla: Use-after-free in XMLHttpRequest with shared workers (MFSA 2015-92) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-38.2.0-4.el5_11.src.rpm i386: firefox-38.2.0-4.el5_11.i386.rpm firefox-debuginfo-38.2.0-4.el5_11.i386.rpm x86_64: firefox-38.2.0-4.el5_11.i386.rpm firefox-38.2.0-4.el5_11.x86_64.rpm firefox-debuginfo-38.2.0-4.el5_11.i386.rpm firefox-debuginfo-38.2.0-4.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-38.2.0-4.el5_11.src.rpm i386: firefox-38.2.0-4.el5_11.i386.rpm firefox-debuginfo-38.2.0-4.el5_11.i386.rpm ppc: firefox-38.2.0-4.el5_11.ppc64.rpm firefox-debuginfo-38.2.0-4.el5_11.ppc64.rpm s390x: firefox-38.2.0-4.el5_11.s390.rpm firefox-38.2.0-4.el5_11.s390x.rpm firefox-debuginfo-38.2.0-4.el5_11.s390.rpm firefox-debuginfo-38.2.0-4.el5_11.s390x.rpm x86_64: firefox-38.2.0-4.el5_11.i386.rpm firefox-38.2.0-4.el5_11.x86_64.rpm firefox-debuginfo-38.2.0-4.el5_11.i386.rpm firefox-debuginfo-38.2.0-4.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-38.2.0-4.el6_7.src.rpm i386: firefox-38.2.0-4.el6_7.i686.rpm firefox-debuginfo-38.2.0-4.el6_7.i686.rpm x86_64: firefox-38.2.0-4.el6_7.x86_64.rpm firefox-debuginfo-38.2.0-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-38.2.0-4.el6_7.i686.rpm firefox-debuginfo-38.2.0-4.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-38.2.0-4.el6_7.src.rpm x86_64: firefox-38.2.0-4.el6_7.i686.rpm firefox-38.2.0-4.el6_7.x86_64.rpm firefox-debuginfo-38.2.0-4.el6_7.i686.rpm firefox-debuginfo-38.2.0-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-38.2.0-4.el6_7.src.rpm i386: firefox-38.2.0-4.el6_7.i686.rpm firefox-debuginfo-38.2.0-4.el6_7.i686.rpm ppc64: firefox-38.2.0-4.el6_7.ppc64.rpm firefox-debuginfo-38.2.0-4.el6_7.ppc64.rpm s390x: firefox-38.2.0-4.el6_7.s390x.rpm firefox-debuginfo-38.2.0-4.el6_7.s390x.rpm x86_64: firefox-38.2.0-4.el6_7.x86_64.rpm firefox-debuginfo-38.2.0-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-38.2.0-4.el6_7.ppc.rpm firefox-debuginfo-38.2.0-4.el6_7.ppc.rpm s390x: firefox-38.2.0-4.el6_7.s390.rpm firefox-debuginfo-38.2.0-4.el6_7.s390.rpm x86_64: firefox-38.2.0-4.el6_7.i686.rpm firefox-debuginfo-38.2.0-4.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-38.2.0-4.el6_7.src.rpm i386: firefox-38.2.0-4.el6_7.i686.rpm firefox-debuginfo-38.2.0-4.el6_7.i686.rpm x86_64: firefox-38.2.0-4.el6_7.x86_64.rpm firefox-debuginfo-38.2.0-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-38.2.0-4.el6_7.i686.rpm firefox-debuginfo-38.2.0-4.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-38.2.0-4.el7_1.src.rpm x86_64: firefox-38.2.0-4.el7_1.x86_64.rpm firefox-debuginfo-38.2.0-4.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-38.2.0-4.el7_1.i686.rpm firefox-debuginfo-38.2.0-4.el7_1.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.2.0-4.el7_1.src.rpm ppc64: firefox-38.2.0-4.el7_1.ppc64.rpm firefox-debuginfo-38.2.0-4.el7_1.ppc64.rpm s390x: firefox-38.2.0-4.el7_1.s390x.rpm firefox-debuginfo-38.2.0-4.el7_1.s390x.rpm x86_64: firefox-38.2.0-4.el7_1.x86_64.rpm firefox-debuginfo-38.2.0-4.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.2.0-4.ael7b_1.src.rpm ppc64le: firefox-38.2.0-4.ael7b_1.ppc64le.rpm firefox-debuginfo-38.2.0-4.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-38.2.0-4.el7_1.ppc.rpm firefox-debuginfo-38.2.0-4.el7_1.ppc.rpm s390x: firefox-38.2.0-4.el7_1.s390.rpm firefox-debuginfo-38.2.0-4.el7_1.s390.rpm x86_64: firefox-38.2.0-4.el7_1.i686.rpm firefox-debuginfo-38.2.0-4.el7_1.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-38.2.0-4.el7_1.src.rpm x86_64: firefox-38.2.0-4.el7_1.x86_64.rpm firefox-debuginfo-38.2.0-4.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-38.2.0-4.el7_1.i686.rpm firefox-debuginfo-38.2.0-4.el7_1.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4473 https://access.redhat.com/security/cve/CVE-2015-4475 https://access.redhat.com/security/cve/CVE-2015-4478 https://access.redhat.com/security/cve/CVE-2015-4479 https://access.redhat.com/security/cve/CVE-2015-4480 https://access.redhat.com/security/cve/CVE-2015-4484 https://access.redhat.com/security/cve/CVE-2015-4485 https://access.redhat.com/security/cve/CVE-2015-4486 https://access.redhat.com/security/cve/CVE-2015-4487 https://access.redhat.com/security/cve/CVE-2015-4488 https://access.redhat.com/security/cve/CVE-2015-4489 https://access.redhat.com/security/cve/CVE-2015-4491 https://access.redhat.com/security/cve/CVE-2015-4492 https://access.redhat.com/security/cve/CVE-2015-4493 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.2 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVylJLXlSAg2UNWIIRAlPnAJ9ic2o0tbGos/L6S1l7qmqrz+8jzwCggBoa 6kKCe/pCl4t6ym9QMyAM/Fc= =puJ6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 12 15:57:02 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Aug 2015 15:57:02 +0000 Subject: [RHSA-2015:1603-01] Critical: flash-plugin security update Message-ID: <201508121543.t7CFhu4V007427@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1603-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1603.html Issue date: 2015-08-12 CVE Names: CVE-2015-5127 CVE-2015-5128 CVE-2015-5129 CVE-2015-5130 CVE-2015-5131 CVE-2015-5132 CVE-2015-5133 CVE-2015-5134 CVE-2015-5539 CVE-2015-5540 CVE-2015-5541 CVE-2015-5544 CVE-2015-5545 CVE-2015-5546 CVE-2015-5547 CVE-2015-5548 CVE-2015-5549 CVE-2015-5550 CVE-2015-5551 CVE-2015-5552 CVE-2015-5553 CVE-2015-5554 CVE-2015-5555 CVE-2015-5556 CVE-2015-5557 CVE-2015-5558 CVE-2015-5559 CVE-2015-5560 CVE-2015-5561 CVE-2015-5562 CVE-2015-5563 CVE-2015-5564 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.508. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1252697 - flash-plugin: multiple code execution flaws (APSB15-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.508-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.508-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.508-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.508-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.508-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.508-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.508-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.508-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.508-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.508-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5127 https://access.redhat.com/security/cve/CVE-2015-5128 https://access.redhat.com/security/cve/CVE-2015-5129 https://access.redhat.com/security/cve/CVE-2015-5130 https://access.redhat.com/security/cve/CVE-2015-5131 https://access.redhat.com/security/cve/CVE-2015-5132 https://access.redhat.com/security/cve/CVE-2015-5133 https://access.redhat.com/security/cve/CVE-2015-5134 https://access.redhat.com/security/cve/CVE-2015-5539 https://access.redhat.com/security/cve/CVE-2015-5540 https://access.redhat.com/security/cve/CVE-2015-5541 https://access.redhat.com/security/cve/CVE-2015-5544 https://access.redhat.com/security/cve/CVE-2015-5545 https://access.redhat.com/security/cve/CVE-2015-5546 https://access.redhat.com/security/cve/CVE-2015-5547 https://access.redhat.com/security/cve/CVE-2015-5548 https://access.redhat.com/security/cve/CVE-2015-5549 https://access.redhat.com/security/cve/CVE-2015-5550 https://access.redhat.com/security/cve/CVE-2015-5551 https://access.redhat.com/security/cve/CVE-2015-5552 https://access.redhat.com/security/cve/CVE-2015-5553 https://access.redhat.com/security/cve/CVE-2015-5554 https://access.redhat.com/security/cve/CVE-2015-5555 https://access.redhat.com/security/cve/CVE-2015-5556 https://access.redhat.com/security/cve/CVE-2015-5557 https://access.redhat.com/security/cve/CVE-2015-5558 https://access.redhat.com/security/cve/CVE-2015-5559 https://access.redhat.com/security/cve/CVE-2015-5560 https://access.redhat.com/security/cve/CVE-2015-5561 https://access.redhat.com/security/cve/CVE-2015-5562 https://access.redhat.com/security/cve/CVE-2015-5563 https://access.redhat.com/security/cve/CVE-2015-5564 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-19.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVy2mAXlSAg2UNWIIRAty7AKCcTl+pzRlPMcYb+ESu7xg0C9nkVwCfbcNj SwY72oO+5brzzyYR9NLDDnE= =izmD -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 13 17:12:50 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Aug 2015 17:12:50 +0000 Subject: [RHSA-2015:1623-01] Important: kernel security and bug fix update Message-ID: <201508131712.t7DHCoiv009473@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:1623-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1623.html Issue date: 2015-08-13 CVE Names: CVE-2015-5364 CVE-2015-5366 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) This update also fixes the following bugs: * When removing a directory, and a reference was held to that directory by a reference to a negative child dentry, the directory dentry was previously not killed. In addition, once the negative child dentry was killed, an unlinked and unused dentry was present in the cache. As a consequence, deadlock could be caused by forcing the dentry eviction while the file system in question was frozen. With this update, all unused dentries are unhashed and evicted just after a successful directory removal, which avoids the deadlock, and the system no longer hangs in the aforementioned scenario. (BZ#1243400) * Due to the broken s_umount lock ordering, a race condition occurred when an unlinked file was closed and the sync (or syncfs) utility was run at the same time. As a consequence, deadlock occurred on a frozen file system between sync and a process trying to unfreeze the file system. With this update, sync (or syncfs) is skipped on a frozen file system, and deadlock no longer occurs in the aforementioned situation. (BZ#1243404) * Previously, in the scenario when a file was opened by file handle (fhandle) with its dentry not present in dcache ("cold dcache") and then making use of the unlink() and close() functions, the inode was not freed upon the close() system call. As a consequence, the iput() final was delayed indefinitely. A patch has been provided to fix this bug, and the inode is now freed as expected. (BZ#1243406) * Due to a corrupted Executable and Linkable Format (ELF) header in the /proc/vmcore file, the kdump utility failed to provide any information. The underlying source code has been patched, and kdump now provides debuging information for kernel crashes as intended. (BZ#1245195) * Previously, running the multipath request queue caused regressions in cases where paths failed regularly under I/O load. This regression manifested as I/O stalls that exceeded 300 seconds. This update reverts the changes aimed to reduce running the multipath request queue resulting in I/O stalls completing in a timely manner. (BZ#1246095) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1239029 - CVE-2015-5366 CVE-2015-5364 kernel: net: incorrect processing of checksums in UDP implementation 6. Package List: Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-573.3.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.3.1.el6.noarch.rpm kernel-doc-2.6.32-573.3.1.el6.noarch.rpm kernel-firmware-2.6.32-573.3.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.3.1.el6.x86_64.rpm kernel-devel-2.6.32-573.3.1.el6.x86_64.rpm kernel-headers-2.6.32-573.3.1.el6.x86_64.rpm perf-2.6.32-573.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm python-perf-2.6.32-573.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-573.3.1.el6.src.rpm i386: kernel-2.6.32-573.3.1.el6.i686.rpm kernel-debug-2.6.32-573.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.3.1.el6.i686.rpm kernel-devel-2.6.32-573.3.1.el6.i686.rpm kernel-headers-2.6.32-573.3.1.el6.i686.rpm perf-2.6.32-573.3.1.el6.i686.rpm perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.3.1.el6.noarch.rpm kernel-doc-2.6.32-573.3.1.el6.noarch.rpm kernel-firmware-2.6.32-573.3.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.3.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.3.1.el6.ppc64.rpm kernel-debug-2.6.32-573.3.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.3.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.3.1.el6.ppc64.rpm kernel-devel-2.6.32-573.3.1.el6.ppc64.rpm kernel-headers-2.6.32-573.3.1.el6.ppc64.rpm perf-2.6.32-573.3.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.3.1.el6.s390x.rpm kernel-debug-2.6.32-573.3.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.3.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.3.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.3.1.el6.s390x.rpm kernel-devel-2.6.32-573.3.1.el6.s390x.rpm kernel-headers-2.6.32-573.3.1.el6.s390x.rpm kernel-kdump-2.6.32-573.3.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.3.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.3.1.el6.s390x.rpm perf-2.6.32-573.3.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.3.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.3.1.el6.x86_64.rpm kernel-devel-2.6.32-573.3.1.el6.x86_64.rpm kernel-headers-2.6.32-573.3.1.el6.x86_64.rpm perf-2.6.32-573.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.3.1.el6.i686.rpm perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm python-perf-2.6.32-573.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.3.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm python-perf-2.6.32-573.3.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.3.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.3.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.3.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.3.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.3.1.el6.s390x.rpm python-perf-2.6.32-573.3.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm python-perf-2.6.32-573.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-573.3.1.el6.src.rpm i386: kernel-2.6.32-573.3.1.el6.i686.rpm kernel-debug-2.6.32-573.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.3.1.el6.i686.rpm kernel-devel-2.6.32-573.3.1.el6.i686.rpm kernel-headers-2.6.32-573.3.1.el6.i686.rpm perf-2.6.32-573.3.1.el6.i686.rpm perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.3.1.el6.noarch.rpm kernel-doc-2.6.32-573.3.1.el6.noarch.rpm kernel-firmware-2.6.32-573.3.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.3.1.el6.x86_64.rpm kernel-devel-2.6.32-573.3.1.el6.x86_64.rpm kernel-headers-2.6.32-573.3.1.el6.x86_64.rpm perf-2.6.32-573.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.3.1.el6.i686.rpm perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm python-perf-2.6.32-573.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm python-perf-2.6.32-573.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.3.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5364 https://access.redhat.com/security/cve/CVE-2015-5366 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVzNAAXlSAg2UNWIIRAtlWAJ9nnd4p7YFQ3wur5dN5dx+qu8vhLACgvt8/ /lh0U8fYIj3zeX9Bkhp+Y8o= =sc10 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 06:45:50 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 06:45:50 +0000 Subject: [RHSA-2015:1627-01] Moderate: glibc security update Message-ID: <201508170632.t7H6WcaT014717@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security update Advisory ID: RHSA-2015:1627-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1627.html Issue date: 2015-08-17 CVE Names: CVE-2013-7424 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1186614 - CVE-2013-7424 glibc: Invalid-free when using getaddrinfo() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: glibc-2.5-123.el5_11.3.src.rpm i386: glibc-2.5-123.el5_11.3.i386.rpm glibc-2.5-123.el5_11.3.i686.rpm glibc-common-2.5-123.el5_11.3.i386.rpm glibc-debuginfo-2.5-123.el5_11.3.i386.rpm glibc-debuginfo-2.5-123.el5_11.3.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.3.i386.rpm glibc-devel-2.5-123.el5_11.3.i386.rpm glibc-headers-2.5-123.el5_11.3.i386.rpm glibc-utils-2.5-123.el5_11.3.i386.rpm nscd-2.5-123.el5_11.3.i386.rpm x86_64: glibc-2.5-123.el5_11.3.i686.rpm glibc-2.5-123.el5_11.3.x86_64.rpm glibc-common-2.5-123.el5_11.3.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.3.i386.rpm glibc-debuginfo-2.5-123.el5_11.3.i686.rpm glibc-debuginfo-2.5-123.el5_11.3.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.3.i386.rpm glibc-devel-2.5-123.el5_11.3.i386.rpm glibc-devel-2.5-123.el5_11.3.x86_64.rpm glibc-headers-2.5-123.el5_11.3.x86_64.rpm glibc-utils-2.5-123.el5_11.3.x86_64.rpm nscd-2.5-123.el5_11.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: glibc-2.5-123.el5_11.3.src.rpm i386: glibc-2.5-123.el5_11.3.i386.rpm glibc-2.5-123.el5_11.3.i686.rpm glibc-common-2.5-123.el5_11.3.i386.rpm glibc-debuginfo-2.5-123.el5_11.3.i386.rpm glibc-debuginfo-2.5-123.el5_11.3.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.3.i386.rpm glibc-devel-2.5-123.el5_11.3.i386.rpm glibc-headers-2.5-123.el5_11.3.i386.rpm glibc-utils-2.5-123.el5_11.3.i386.rpm nscd-2.5-123.el5_11.3.i386.rpm ia64: glibc-2.5-123.el5_11.3.i686.rpm glibc-2.5-123.el5_11.3.ia64.rpm glibc-common-2.5-123.el5_11.3.ia64.rpm glibc-debuginfo-2.5-123.el5_11.3.i686.rpm glibc-debuginfo-2.5-123.el5_11.3.ia64.rpm glibc-debuginfo-common-2.5-123.el5_11.3.i386.rpm glibc-devel-2.5-123.el5_11.3.ia64.rpm glibc-headers-2.5-123.el5_11.3.ia64.rpm glibc-utils-2.5-123.el5_11.3.ia64.rpm nscd-2.5-123.el5_11.3.ia64.rpm ppc: glibc-2.5-123.el5_11.3.ppc.rpm glibc-2.5-123.el5_11.3.ppc64.rpm glibc-common-2.5-123.el5_11.3.ppc.rpm glibc-debuginfo-2.5-123.el5_11.3.ppc.rpm glibc-debuginfo-2.5-123.el5_11.3.ppc64.rpm glibc-devel-2.5-123.el5_11.3.ppc.rpm glibc-devel-2.5-123.el5_11.3.ppc64.rpm glibc-headers-2.5-123.el5_11.3.ppc.rpm glibc-utils-2.5-123.el5_11.3.ppc.rpm nscd-2.5-123.el5_11.3.ppc.rpm s390x: glibc-2.5-123.el5_11.3.s390.rpm glibc-2.5-123.el5_11.3.s390x.rpm glibc-common-2.5-123.el5_11.3.s390x.rpm glibc-debuginfo-2.5-123.el5_11.3.s390.rpm glibc-debuginfo-2.5-123.el5_11.3.s390x.rpm glibc-devel-2.5-123.el5_11.3.s390.rpm glibc-devel-2.5-123.el5_11.3.s390x.rpm glibc-headers-2.5-123.el5_11.3.s390x.rpm glibc-utils-2.5-123.el5_11.3.s390x.rpm nscd-2.5-123.el5_11.3.s390x.rpm x86_64: glibc-2.5-123.el5_11.3.i686.rpm glibc-2.5-123.el5_11.3.x86_64.rpm glibc-common-2.5-123.el5_11.3.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.3.i386.rpm glibc-debuginfo-2.5-123.el5_11.3.i686.rpm glibc-debuginfo-2.5-123.el5_11.3.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.3.i386.rpm glibc-devel-2.5-123.el5_11.3.i386.rpm glibc-devel-2.5-123.el5_11.3.x86_64.rpm glibc-headers-2.5-123.el5_11.3.x86_64.rpm glibc-utils-2.5-123.el5_11.3.x86_64.rpm nscd-2.5-123.el5_11.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7424 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0X/iXlSAg2UNWIIRAtXWAKC0Ph06yoG620giPEL5D7pfl4EJBgCZAf4t f96AdQ7n2Sq7lMCrkNsPqlU= =65A7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 06:47:31 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 06:47:31 +0000 Subject: [RHSA-2015:1628-01] Moderate: mysql55-mysql security update Message-ID: <201508170634.t7H6YIdc023762@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql55-mysql security update Advisory ID: RHSA-2015:1628-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1628.html Issue date: 2015-08-17 CVE Names: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1184552 - CVE-2014-6568 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015) 1184553 - CVE-2015-0374 mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015) 1184554 - CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184555 - CVE-2015-0382 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184557 - CVE-2015-0391 mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015) 1184560 - CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015) 1184561 - CVE-2015-0432 mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015) 1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: mysql55-mysql-5.5.45-1.el5.src.rpm i386: mysql55-mysql-5.5.45-1.el5.i386.rpm mysql55-mysql-bench-5.5.45-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.i386.rpm mysql55-mysql-libs-5.5.45-1.el5.i386.rpm mysql55-mysql-server-5.5.45-1.el5.i386.rpm mysql55-mysql-test-5.5.45-1.el5.i386.rpm x86_64: mysql55-mysql-5.5.45-1.el5.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el5.x86_64.rpm mysql55-mysql-server-5.5.45-1.el5.x86_64.rpm mysql55-mysql-test-5.5.45-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: mysql55-mysql-5.5.45-1.el5.src.rpm i386: mysql55-mysql-debuginfo-5.5.45-1.el5.i386.rpm mysql55-mysql-devel-5.5.45-1.el5.i386.rpm x86_64: mysql55-mysql-debuginfo-5.5.45-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el5.i386.rpm mysql55-mysql-devel-5.5.45-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: mysql55-mysql-5.5.45-1.el5.src.rpm i386: mysql55-mysql-5.5.45-1.el5.i386.rpm mysql55-mysql-bench-5.5.45-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.i386.rpm mysql55-mysql-devel-5.5.45-1.el5.i386.rpm mysql55-mysql-libs-5.5.45-1.el5.i386.rpm mysql55-mysql-server-5.5.45-1.el5.i386.rpm mysql55-mysql-test-5.5.45-1.el5.i386.rpm ia64: mysql55-mysql-5.5.45-1.el5.ia64.rpm mysql55-mysql-bench-5.5.45-1.el5.ia64.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.ia64.rpm mysql55-mysql-devel-5.5.45-1.el5.ia64.rpm mysql55-mysql-libs-5.5.45-1.el5.ia64.rpm mysql55-mysql-server-5.5.45-1.el5.ia64.rpm mysql55-mysql-test-5.5.45-1.el5.ia64.rpm ppc: mysql55-mysql-5.5.45-1.el5.ppc.rpm mysql55-mysql-bench-5.5.45-1.el5.ppc.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.ppc.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.ppc64.rpm mysql55-mysql-devel-5.5.45-1.el5.ppc.rpm mysql55-mysql-devel-5.5.45-1.el5.ppc64.rpm mysql55-mysql-libs-5.5.45-1.el5.ppc.rpm mysql55-mysql-server-5.5.45-1.el5.ppc.rpm mysql55-mysql-test-5.5.45-1.el5.ppc.rpm s390x: mysql55-mysql-5.5.45-1.el5.s390x.rpm mysql55-mysql-bench-5.5.45-1.el5.s390x.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.s390.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.s390x.rpm mysql55-mysql-devel-5.5.45-1.el5.s390.rpm mysql55-mysql-devel-5.5.45-1.el5.s390x.rpm mysql55-mysql-libs-5.5.45-1.el5.s390x.rpm mysql55-mysql-server-5.5.45-1.el5.s390x.rpm mysql55-mysql-test-5.5.45-1.el5.s390x.rpm x86_64: mysql55-mysql-5.5.45-1.el5.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.45-1.el5.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el5.i386.rpm mysql55-mysql-devel-5.5.45-1.el5.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el5.x86_64.rpm mysql55-mysql-server-5.5.45-1.el5.x86_64.rpm mysql55-mysql-test-5.5.45-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6568 https://access.redhat.com/security/cve/CVE-2015-0374 https://access.redhat.com/security/cve/CVE-2015-0381 https://access.redhat.com/security/cve/CVE-2015-0382 https://access.redhat.com/security/cve/CVE-2015-0391 https://access.redhat.com/security/cve/CVE-2015-0411 https://access.redhat.com/security/cve/CVE-2015-0432 https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0YAzXlSAg2UNWIIRAhI3AJ45Z9jZaBZi2vW4jq4wfK8TX/VTKQCeK2kg XzmgaJP70IQj1w8+ebP3fBI= =dXAU -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 06:48:58 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 06:48:58 +0000 Subject: [RHSA-2015:1629-01] Moderate: mysql55-mysql security update Message-ID: <201508170635.t7H6ZkvU012320@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql55-mysql security update Advisory ID: RHSA-2015:1629-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1629.html Issue date: 2015-08-17 CVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2643, CVE-2015-2648, CVE-2015-4752, CVE-2015-4757, CVE-2015-2620, CVE-2015-4737) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: mysql55-mysql-5.5.45-1.el6.src.rpm x86_64: mysql55-mysql-5.5.45-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el6.x86_64.rpm mysql55-mysql-server-5.5.45-1.el6.x86_64.rpm mysql55-mysql-test-5.5.45-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: mysql55-mysql-5.5.45-1.el6.src.rpm x86_64: mysql55-mysql-5.5.45-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el6.x86_64.rpm mysql55-mysql-server-5.5.45-1.el6.x86_64.rpm mysql55-mysql-test-5.5.45-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mysql55-mysql-5.5.45-1.el6.src.rpm x86_64: mysql55-mysql-5.5.45-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el6.x86_64.rpm mysql55-mysql-server-5.5.45-1.el6.x86_64.rpm mysql55-mysql-test-5.5.45-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: mysql55-mysql-5.5.45-1.el6.src.rpm x86_64: mysql55-mysql-5.5.45-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el6.x86_64.rpm mysql55-mysql-server-5.5.45-1.el6.x86_64.rpm mysql55-mysql-test-5.5.45-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: mysql55-mysql-5.5.45-1.el7.src.rpm x86_64: mysql55-mysql-5.5.45-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el7.x86_64.rpm mysql55-mysql-server-5.5.45-1.el7.x86_64.rpm mysql55-mysql-test-5.5.45-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: mysql55-mysql-5.5.45-1.el7.src.rpm x86_64: mysql55-mysql-5.5.45-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el7.x86_64.rpm mysql55-mysql-server-5.5.45-1.el7.x86_64.rpm mysql55-mysql-test-5.5.45-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: mysql55-mysql-5.5.45-1.el7.src.rpm x86_64: mysql55-mysql-5.5.45-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.45-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.45-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.45-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.45-1.el7.x86_64.rpm mysql55-mysql-server-5.5.45-1.el7.x86_64.rpm mysql55-mysql-test-5.5.45-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0YClXlSAg2UNWIIRAgpaAJ95n3dL/R+6CTscx+2/gwY+t1PQ7gCfUGVv vp/NfP28RUlEIq+SWHCiwB8= =Dl7f -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 06:50:10 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 06:50:10 +0000 Subject: [RHSA-2015:1630-01] Important: rh-mysql56-mysql security update Message-ID: <201508170636.t7H6awk7019803@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mysql56-mysql security update Advisory ID: RHSA-2015:1630-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1630.html Issue date: 2015-08-17 CVE Names: CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 ===================================================================== 1. Summary: Updated rh-mysql56-mysql packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2617, CVE-2015-2582, CVE-2015-2611, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772, CVE-2015-2620, CVE-2015-4737) These updated packages upgrade MySQL to version 5.6.26. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244769 - CVE-2015-2611 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244770 - CVE-2015-2617 mysql: unspecified vulnerability related to Server:Partition (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244772 - CVE-2015-2639 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244773 - CVE-2015-2641 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244776 - CVE-2015-2661 mysql: unspecified vulnerability related to Client (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244780 - CVE-2015-4756 mysql: unspecified vulnerability related to Server:InnoDB (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244782 - CVE-2015-4761 mysql: unspecified vulnerability related to Server:Memcached (CPU July 2015) 1244784 - CVE-2015-4767 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244785 - CVE-2015-4769 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244786 - CVE-2015-4771 mysql: unspecified vulnerability related to Server:RBR (CPU July 2015) 1244787 - CVE-2015-4772 mysql: unspecified vulnerability related to Server:Partition (CPU July 2015) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mysql56-mysql-5.6.26-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.26-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: rh-mysql56-mysql-5.6.26-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.26-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mysql56-mysql-5.6.26-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.26-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mysql56-mysql-5.6.26-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.26-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.26-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mysql56-mysql-5.6.26-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.26-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mysql56-mysql-5.6.26-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.26-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mysql56-mysql-5.6.26-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.26-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.26-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2611 https://access.redhat.com/security/cve/CVE-2015-2617 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2639 https://access.redhat.com/security/cve/CVE-2015-2641 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-2661 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4756 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/cve/CVE-2015-4761 https://access.redhat.com/security/cve/CVE-2015-4767 https://access.redhat.com/security/cve/CVE-2015-4769 https://access.redhat.com/security/cve/CVE-2015-4771 https://access.redhat.com/security/cve/CVE-2015-4772 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0YDxXlSAg2UNWIIRAp31AKC+/fiA73JjTyoorpEUnCCpcDLg/gCgrkxV dhXyw2vh66uu93JAoz6nr0U= =/iYj -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 08:25:51 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 08:25:51 +0000 Subject: [RHSA-2015:1633-01] Moderate: subversion security update Message-ID: <201508170812.t7H8CdEX002297@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:1633-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1633.html Issue date: 2015-08-17 CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3187 ===================================================================== 1. Summary: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers 1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions 1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: subversion-1.6.11-15.el6_7.src.rpm i386: mod_dav_svn-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: subversion-1.6.11-15.el6_7.src.rpm noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: subversion-1.6.11-15.el6_7.src.rpm i386: mod_dav_svn-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm ppc64: mod_dav_svn-1.6.11-15.el6_7.ppc64.rpm subversion-1.6.11-15.el6_7.ppc.rpm subversion-1.6.11-15.el6_7.ppc64.rpm subversion-debuginfo-1.6.11-15.el6_7.ppc.rpm subversion-debuginfo-1.6.11-15.el6_7.ppc64.rpm s390x: mod_dav_svn-1.6.11-15.el6_7.s390x.rpm subversion-1.6.11-15.el6_7.s390.rpm subversion-1.6.11-15.el6_7.s390x.rpm subversion-debuginfo-1.6.11-15.el6_7.s390.rpm subversion-debuginfo-1.6.11-15.el6_7.s390x.rpm x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm ppc64: subversion-debuginfo-1.6.11-15.el6_7.ppc.rpm subversion-debuginfo-1.6.11-15.el6_7.ppc64.rpm subversion-devel-1.6.11-15.el6_7.ppc.rpm subversion-devel-1.6.11-15.el6_7.ppc64.rpm subversion-gnome-1.6.11-15.el6_7.ppc.rpm subversion-gnome-1.6.11-15.el6_7.ppc64.rpm subversion-javahl-1.6.11-15.el6_7.ppc.rpm subversion-javahl-1.6.11-15.el6_7.ppc64.rpm subversion-kde-1.6.11-15.el6_7.ppc.rpm subversion-kde-1.6.11-15.el6_7.ppc64.rpm subversion-perl-1.6.11-15.el6_7.ppc.rpm subversion-perl-1.6.11-15.el6_7.ppc64.rpm subversion-ruby-1.6.11-15.el6_7.ppc.rpm subversion-ruby-1.6.11-15.el6_7.ppc64.rpm s390x: subversion-debuginfo-1.6.11-15.el6_7.s390.rpm subversion-debuginfo-1.6.11-15.el6_7.s390x.rpm subversion-devel-1.6.11-15.el6_7.s390.rpm subversion-devel-1.6.11-15.el6_7.s390x.rpm subversion-gnome-1.6.11-15.el6_7.s390.rpm subversion-gnome-1.6.11-15.el6_7.s390x.rpm subversion-javahl-1.6.11-15.el6_7.s390.rpm subversion-javahl-1.6.11-15.el6_7.s390x.rpm subversion-kde-1.6.11-15.el6_7.s390.rpm subversion-kde-1.6.11-15.el6_7.s390x.rpm subversion-perl-1.6.11-15.el6_7.s390.rpm subversion-perl-1.6.11-15.el6_7.s390x.rpm subversion-ruby-1.6.11-15.el6_7.s390.rpm subversion-ruby-1.6.11-15.el6_7.s390x.rpm x86_64: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: subversion-1.6.11-15.el6_7.src.rpm i386: mod_dav_svn-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm x86_64: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0248 https://access.redhat.com/security/cve/CVE-2015-0251 https://access.redhat.com/security/cve/CVE-2015-3187 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2015-0248-advisory.txt https://subversion.apache.org/security/CVE-2015-0251-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0ZdjXlSAg2UNWIIRAnuxAJ9x321584dqBcuC2zx8/MmY7CjX1wCgteOU b/tq4pUgkKKPnsFd82A6lMc= =lxDG -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 12:05:07 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 12:05:07 +0000 Subject: [RHSA-2015:1634-01] Moderate: sqlite security update Message-ID: <201508171205.t7HC58g8029031@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sqlite security update Advisory ID: RHSA-2015:1634-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1634.html Issue date: 2015-08-17 CVE Names: CVE-2015-3416 ===================================================================== 1. Summary: An updated sqlite package that fixes one security issue is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416) All sqlite users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: sqlite-3.6.20-1.el6_7.2.src.rpm i386: sqlite-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm x86_64: sqlite-3.6.20-1.el6_7.2.i686.rpm sqlite-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: lemon-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-devel-3.6.20-1.el6_7.2.i686.rpm sqlite-doc-3.6.20-1.el6_7.2.i686.rpm sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm x86_64: lemon-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm sqlite-devel-3.6.20-1.el6_7.2.i686.rpm sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: sqlite-3.6.20-1.el6_7.2.src.rpm x86_64: sqlite-3.6.20-1.el6_7.2.i686.rpm sqlite-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: lemon-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm sqlite-devel-3.6.20-1.el6_7.2.i686.rpm sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: sqlite-3.6.20-1.el6_7.2.src.rpm i386: sqlite-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-devel-3.6.20-1.el6_7.2.i686.rpm ppc64: sqlite-3.6.20-1.el6_7.2.ppc.rpm sqlite-3.6.20-1.el6_7.2.ppc64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.ppc.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.ppc64.rpm sqlite-devel-3.6.20-1.el6_7.2.ppc.rpm sqlite-devel-3.6.20-1.el6_7.2.ppc64.rpm s390x: sqlite-3.6.20-1.el6_7.2.s390.rpm sqlite-3.6.20-1.el6_7.2.s390x.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.s390.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.s390x.rpm sqlite-devel-3.6.20-1.el6_7.2.s390.rpm sqlite-devel-3.6.20-1.el6_7.2.s390x.rpm x86_64: sqlite-3.6.20-1.el6_7.2.i686.rpm sqlite-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm sqlite-devel-3.6.20-1.el6_7.2.i686.rpm sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: lemon-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-doc-3.6.20-1.el6_7.2.i686.rpm sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm ppc64: lemon-3.6.20-1.el6_7.2.ppc64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.ppc64.rpm sqlite-doc-3.6.20-1.el6_7.2.ppc64.rpm sqlite-tcl-3.6.20-1.el6_7.2.ppc64.rpm s390x: lemon-3.6.20-1.el6_7.2.s390x.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.s390x.rpm sqlite-doc-3.6.20-1.el6_7.2.s390x.rpm sqlite-tcl-3.6.20-1.el6_7.2.s390x.rpm x86_64: lemon-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: sqlite-3.6.20-1.el6_7.2.src.rpm i386: sqlite-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-devel-3.6.20-1.el6_7.2.i686.rpm x86_64: sqlite-3.6.20-1.el6_7.2.i686.rpm sqlite-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm sqlite-devel-3.6.20-1.el6_7.2.i686.rpm sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: lemon-3.6.20-1.el6_7.2.i686.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm sqlite-doc-3.6.20-1.el6_7.2.i686.rpm sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm x86_64: lemon-3.6.20-1.el6_7.2.x86_64.rpm sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3416 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0c3HXlSAg2UNWIIRAu48AJ9PTcmHen3c4J/aTY8nJ0xfCwg/SwCghsmy FHgXkj385WyeTGXYB5ZMn04= =R5+G -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 12:07:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 12:07:28 +0000 Subject: [RHSA-2015:1635-01] Moderate: sqlite security update Message-ID: <201508171207.t7HC7SfL025059@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sqlite security update Advisory ID: RHSA-2015:1635-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1635.html Issue date: 2015-08-17 CVE Names: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 ===================================================================== 1. Summary: An updated sqlite package that fixes three security issues is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414) It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415) It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416) All sqlite users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212353 - CVE-2015-3414 sqlite: use of uninitialized memory when parsing collation sequences in src/where.c 1212356 - CVE-2015-3415 sqlite: invalid free() in src/vdbe.c 1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm ppc64: sqlite-3.7.17-6.el7_1.1.ppc.rpm sqlite-3.7.17-6.el7_1.1.ppc64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm sqlite-devel-3.7.17-6.el7_1.1.ppc.rpm sqlite-devel-3.7.17-6.el7_1.1.ppc64.rpm s390x: sqlite-3.7.17-6.el7_1.1.s390.rpm sqlite-3.7.17-6.el7_1.1.s390x.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm sqlite-devel-3.7.17-6.el7_1.1.s390.rpm sqlite-devel-3.7.17-6.el7_1.1.s390x.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sqlite-3.7.17-6.ael7b_1.1.src.rpm ppc64le: sqlite-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-devel-3.7.17-6.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm ppc64: lemon-3.7.17-6.el7_1.1.ppc64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm sqlite-tcl-3.7.17-6.el7_1.1.ppc64.rpm s390x: lemon-3.7.17-6.el7_1.1.s390x.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm sqlite-tcl-3.7.17-6.el7_1.1.s390x.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: sqlite-doc-3.7.17-6.ael7b_1.1.noarch.rpm ppc64le: lemon-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-tcl-3.7.17-6.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3414 https://access.redhat.com/security/cve/CVE-2015-3415 https://access.redhat.com/security/cve/CVE-2015-3416 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0c4vXlSAg2UNWIIRAk8jAJ9ya3aROVTX8RDQ+RlCcls0ddR6CACfaeH9 Q91hN45yeXgVnmom/HYSQRU= =814S -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 17 19:52:48 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Aug 2015 19:52:48 +0000 Subject: [RHSA-2015:1636-01] Moderate: net-snmp security update Message-ID: <201508171952.t7HJqmVB019720@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: net-snmp security update Advisory ID: RHSA-2015:1636-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1636.html Issue date: 2015-08-17 CVE Names: CVE-2015-5621 ===================================================================== 1. Summary: Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212408 - CVE-2015-5621 net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: net-snmp-5.5-54.el6_7.1.src.rpm i386: net-snmp-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-libs-5.5-54.el6_7.1.i686.rpm x86_64: net-snmp-5.5-54.el6_7.1.x86_64.rpm net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.x86_64.rpm net-snmp-libs-5.5-54.el6_7.1.i686.rpm net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-devel-5.5-54.el6_7.1.i686.rpm net-snmp-perl-5.5-54.el6_7.1.i686.rpm net-snmp-python-5.5-54.el6_7.1.i686.rpm net-snmp-utils-5.5-54.el6_7.1.i686.rpm x86_64: net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.x86_64.rpm net-snmp-devel-5.5-54.el6_7.1.i686.rpm net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm net-snmp-perl-5.5-54.el6_7.1.x86_64.rpm net-snmp-python-5.5-54.el6_7.1.x86_64.rpm net-snmp-utils-5.5-54.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: net-snmp-5.5-54.el6_7.1.src.rpm x86_64: net-snmp-5.5-54.el6_7.1.x86_64.rpm net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.x86_64.rpm net-snmp-libs-5.5-54.el6_7.1.i686.rpm net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm net-snmp-perl-5.5-54.el6_7.1.x86_64.rpm net-snmp-python-5.5-54.el6_7.1.x86_64.rpm net-snmp-utils-5.5-54.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.x86_64.rpm net-snmp-devel-5.5-54.el6_7.1.i686.rpm net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: net-snmp-5.5-54.el6_7.1.src.rpm i386: net-snmp-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-devel-5.5-54.el6_7.1.i686.rpm net-snmp-libs-5.5-54.el6_7.1.i686.rpm net-snmp-perl-5.5-54.el6_7.1.i686.rpm net-snmp-python-5.5-54.el6_7.1.i686.rpm net-snmp-utils-5.5-54.el6_7.1.i686.rpm ppc64: net-snmp-5.5-54.el6_7.1.ppc64.rpm net-snmp-debuginfo-5.5-54.el6_7.1.ppc.rpm net-snmp-debuginfo-5.5-54.el6_7.1.ppc64.rpm net-snmp-devel-5.5-54.el6_7.1.ppc.rpm net-snmp-devel-5.5-54.el6_7.1.ppc64.rpm net-snmp-libs-5.5-54.el6_7.1.ppc.rpm net-snmp-libs-5.5-54.el6_7.1.ppc64.rpm net-snmp-perl-5.5-54.el6_7.1.ppc64.rpm net-snmp-python-5.5-54.el6_7.1.ppc64.rpm net-snmp-utils-5.5-54.el6_7.1.ppc64.rpm s390x: net-snmp-5.5-54.el6_7.1.s390x.rpm net-snmp-debuginfo-5.5-54.el6_7.1.s390.rpm net-snmp-debuginfo-5.5-54.el6_7.1.s390x.rpm net-snmp-devel-5.5-54.el6_7.1.s390.rpm net-snmp-devel-5.5-54.el6_7.1.s390x.rpm net-snmp-libs-5.5-54.el6_7.1.s390.rpm net-snmp-libs-5.5-54.el6_7.1.s390x.rpm net-snmp-perl-5.5-54.el6_7.1.s390x.rpm net-snmp-python-5.5-54.el6_7.1.s390x.rpm net-snmp-utils-5.5-54.el6_7.1.s390x.rpm x86_64: net-snmp-5.5-54.el6_7.1.x86_64.rpm net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.x86_64.rpm net-snmp-devel-5.5-54.el6_7.1.i686.rpm net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm net-snmp-libs-5.5-54.el6_7.1.i686.rpm net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm net-snmp-perl-5.5-54.el6_7.1.x86_64.rpm net-snmp-python-5.5-54.el6_7.1.x86_64.rpm net-snmp-utils-5.5-54.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: net-snmp-5.5-54.el6_7.1.src.rpm i386: net-snmp-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-devel-5.5-54.el6_7.1.i686.rpm net-snmp-libs-5.5-54.el6_7.1.i686.rpm net-snmp-perl-5.5-54.el6_7.1.i686.rpm net-snmp-python-5.5-54.el6_7.1.i686.rpm net-snmp-utils-5.5-54.el6_7.1.i686.rpm x86_64: net-snmp-5.5-54.el6_7.1.x86_64.rpm net-snmp-debuginfo-5.5-54.el6_7.1.i686.rpm net-snmp-debuginfo-5.5-54.el6_7.1.x86_64.rpm net-snmp-devel-5.5-54.el6_7.1.i686.rpm net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm net-snmp-libs-5.5-54.el6_7.1.i686.rpm net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm net-snmp-perl-5.5-54.el6_7.1.x86_64.rpm net-snmp-python-5.5-54.el6_7.1.x86_64.rpm net-snmp-utils-5.5-54.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: net-snmp-5.7.2-20.el7_1.1.src.rpm x86_64: net-snmp-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.i686.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-utils-5.7.2-20.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: net-snmp-debuginfo-5.7.2-20.el7_1.1.i686.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-devel-5.7.2-20.el7_1.1.i686.rpm net-snmp-devel-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-gui-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-perl-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-python-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-sysvinit-5.7.2-20.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: net-snmp-5.7.2-20.el7_1.1.src.rpm x86_64: net-snmp-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.i686.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-utils-5.7.2-20.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: net-snmp-debuginfo-5.7.2-20.el7_1.1.i686.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-devel-5.7.2-20.el7_1.1.i686.rpm net-snmp-devel-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-gui-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-perl-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-python-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-sysvinit-5.7.2-20.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: net-snmp-5.7.2-20.el7_1.1.src.rpm ppc64: net-snmp-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.ppc.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.ppc.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-devel-5.7.2-20.el7_1.1.ppc.rpm net-snmp-devel-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-libs-5.7.2-20.el7_1.1.ppc.rpm net-snmp-libs-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-utils-5.7.2-20.el7_1.1.ppc64.rpm s390x: net-snmp-5.7.2-20.el7_1.1.s390x.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.s390.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.s390x.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.s390.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.s390x.rpm net-snmp-devel-5.7.2-20.el7_1.1.s390.rpm net-snmp-devel-5.7.2-20.el7_1.1.s390x.rpm net-snmp-libs-5.7.2-20.el7_1.1.s390.rpm net-snmp-libs-5.7.2-20.el7_1.1.s390x.rpm net-snmp-utils-5.7.2-20.el7_1.1.s390x.rpm x86_64: net-snmp-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.i686.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-devel-5.7.2-20.el7_1.1.i686.rpm net-snmp-devel-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-utils-5.7.2-20.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: net-snmp-5.7.2-20.ael7b_1.1.src.rpm ppc64le: net-snmp-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-agent-libs-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-debuginfo-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-devel-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-libs-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-utils-5.7.2-20.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: net-snmp-debuginfo-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-gui-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-perl-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-python-5.7.2-20.el7_1.1.ppc64.rpm net-snmp-sysvinit-5.7.2-20.el7_1.1.ppc64.rpm s390x: net-snmp-debuginfo-5.7.2-20.el7_1.1.s390x.rpm net-snmp-gui-5.7.2-20.el7_1.1.s390x.rpm net-snmp-perl-5.7.2-20.el7_1.1.s390x.rpm net-snmp-python-5.7.2-20.el7_1.1.s390x.rpm net-snmp-sysvinit-5.7.2-20.el7_1.1.s390x.rpm x86_64: net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-gui-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-perl-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-python-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-sysvinit-5.7.2-20.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: net-snmp-debuginfo-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-gui-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-perl-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-python-5.7.2-20.ael7b_1.1.ppc64le.rpm net-snmp-sysvinit-5.7.2-20.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: net-snmp-5.7.2-20.el7_1.1.src.rpm x86_64: net-snmp-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-agent-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.i686.rpm net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-devel-5.7.2-20.el7_1.1.i686.rpm net-snmp-devel-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-libs-5.7.2-20.el7_1.1.i686.rpm net-snmp-libs-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-utils-5.7.2-20.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: net-snmp-debuginfo-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-gui-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-perl-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-python-5.7.2-20.el7_1.1.x86_64.rpm net-snmp-sysvinit-5.7.2-20.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5621 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0jt0XlSAg2UNWIIRAqBkAJwP2dsOMbYFurf1KQLsa40B2fgCOwCdGR77 qw03b5gNORdO6rBcoThZl5I= =BVnS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 18 01:39:07 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Aug 2015 01:39:07 +0000 Subject: [RHSA-2015:1639-01] Important: openstack-glance security update Message-ID: <201508180139.t7I1d76Z023331@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-glance security update Advisory ID: RHSA-2015:1639-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1639 Issue date: 2015-08-18 CVE Names: CVE-2015-5163 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having an Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was found in the OpenStack Image Service (glance) import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw. (CVE-2015-5163) Red Hat thanks the OpenStack team for reporting this issue. Upstream acknowledges Eric Harney of Red Hat as the original reporter. All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1252378 - CVE-2015-5163 openstack-glance: Glance v2 API host file disclosure through qcow2 backing file 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-glance-2015.1.0-6.el7ost.1.src.rpm noarch: openstack-glance-2015.1.0-6.el7ost.1.noarch.rpm openstack-glance-doc-2015.1.0-6.el7ost.1.noarch.rpm python-glance-2015.1.0-6.el7ost.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5163 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0oxfXlSAg2UNWIIRArpgAKCNV8UnL5sHEuyF95XwR3SEVizd9QCfUL4r rbinAxPz9K8jZLF9Ftjf+Nw= =7+lj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 18 19:06:43 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Aug 2015 15:06:43 -0400 Subject: [RHSA-2015:1640-01] Moderate: pam security update Message-ID: <201508181906.t7IJ6hOB011996@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pam security update Advisory ID: RHSA-2015:1640-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1640.html Issue date: 2015-08-18 CVE Names: CVE-2015-3238 ===================================================================== 1. Summary: An updated pam package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system. (CVE-2015-3238) Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs for reporting this issue. All pam users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1228571 - CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: pam-1.1.1-20.el6_7.1.src.rpm i386: pam-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm x86_64: pam-1.1.1-20.el6_7.1.i686.rpm pam-1.1.1-20.el6_7.1.x86_64.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm x86_64: pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: pam-1.1.1-20.el6_7.1.src.rpm x86_64: pam-1.1.1-20.el6_7.1.i686.rpm pam-1.1.1-20.el6_7.1.x86_64.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: pam-1.1.1-20.el6_7.1.src.rpm i386: pam-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm ppc64: pam-1.1.1-20.el6_7.1.ppc.rpm pam-1.1.1-20.el6_7.1.ppc64.rpm pam-debuginfo-1.1.1-20.el6_7.1.ppc.rpm pam-debuginfo-1.1.1-20.el6_7.1.ppc64.rpm pam-devel-1.1.1-20.el6_7.1.ppc.rpm pam-devel-1.1.1-20.el6_7.1.ppc64.rpm s390x: pam-1.1.1-20.el6_7.1.s390.rpm pam-1.1.1-20.el6_7.1.s390x.rpm pam-debuginfo-1.1.1-20.el6_7.1.s390.rpm pam-debuginfo-1.1.1-20.el6_7.1.s390x.rpm pam-devel-1.1.1-20.el6_7.1.s390.rpm pam-devel-1.1.1-20.el6_7.1.s390x.rpm x86_64: pam-1.1.1-20.el6_7.1.i686.rpm pam-1.1.1-20.el6_7.1.x86_64.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: pam-1.1.1-20.el6_7.1.src.rpm i386: pam-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm x86_64: pam-1.1.1-20.el6_7.1.i686.rpm pam-1.1.1-20.el6_7.1.x86_64.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: pam-1.1.8-12.el7_1.1.src.rpm x86_64: pam-1.1.8-12.el7_1.1.i686.rpm pam-1.1.8-12.el7_1.1.x86_64.rpm pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm pam-devel-1.1.8-12.el7_1.1.i686.rpm pam-devel-1.1.8-12.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: pam-1.1.8-12.el7_1.1.src.rpm x86_64: pam-1.1.8-12.el7_1.1.i686.rpm pam-1.1.8-12.el7_1.1.x86_64.rpm pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm pam-devel-1.1.8-12.el7_1.1.i686.rpm pam-devel-1.1.8-12.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: pam-1.1.8-12.el7_1.1.src.rpm ppc64: pam-1.1.8-12.el7_1.1.ppc.rpm pam-1.1.8-12.el7_1.1.ppc64.rpm pam-debuginfo-1.1.8-12.el7_1.1.ppc.rpm pam-debuginfo-1.1.8-12.el7_1.1.ppc64.rpm pam-devel-1.1.8-12.el7_1.1.ppc.rpm pam-devel-1.1.8-12.el7_1.1.ppc64.rpm s390x: pam-1.1.8-12.el7_1.1.s390.rpm pam-1.1.8-12.el7_1.1.s390x.rpm pam-debuginfo-1.1.8-12.el7_1.1.s390.rpm pam-debuginfo-1.1.8-12.el7_1.1.s390x.rpm pam-devel-1.1.8-12.el7_1.1.s390.rpm pam-devel-1.1.8-12.el7_1.1.s390x.rpm x86_64: pam-1.1.8-12.el7_1.1.i686.rpm pam-1.1.8-12.el7_1.1.x86_64.rpm pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm pam-devel-1.1.8-12.el7_1.1.i686.rpm pam-devel-1.1.8-12.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: pam-1.1.8-12.ael7b_1.1.src.rpm ppc64le: pam-1.1.8-12.ael7b_1.1.ppc64le.rpm pam-debuginfo-1.1.8-12.ael7b_1.1.ppc64le.rpm pam-devel-1.1.8-12.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: pam-1.1.8-12.el7_1.1.src.rpm x86_64: pam-1.1.8-12.el7_1.1.i686.rpm pam-1.1.8-12.el7_1.1.x86_64.rpm pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm pam-devel-1.1.8-12.el7_1.1.i686.rpm pam-devel-1.1.8-12.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3238 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFV04JBXlSAg2UNWIIRAqOzAJ9EbtvfQumSyuGIDUvsrz4LuGDaigCXf+Hq jEKopvJJZBS387fy3yznhQ== =7uik -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 18 19:08:52 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Aug 2015 15:08:52 -0400 Subject: [RHSA-2015:1643-01] Moderate: kernel security and bug fix update Message-ID: <201508181908.t7IJ8qEO001903@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2015:1643-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1643.html Issue date: 2015-08-18 CVE Names: CVE-2015-3636 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) This update also fixes the following bugs: * Due to bad memory or memory corruption, an isolated BUG_ON(mm->nr_ptes) was sometimes reported, indicating that not all the page tables allocated could be found and freed when the exit_mmap() function cleared the user address space. As a consequence, a kernel panic occurred. To fix this bug, the BUG_ON() function has been replaced by WARN_ON(), which prevents the kernel from panicking in the aforementioned situation. (BZ#1235929) * Previously, it was for the ext4 driver to read a metadata block and use it without a verification. If the metadata block was corrupted, a kernel panic could occur. With this update, verification is forced on every buffer before it is used, which uncovers possible corruption and prevents further use of the corrupted metadata buffer. (BZ#1242930) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.65.1.el6.src.rpm i386: kernel-2.6.32-358.65.1.el6.i686.rpm kernel-debug-2.6.32-358.65.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.65.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.65.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.65.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.65.1.el6.i686.rpm kernel-devel-2.6.32-358.65.1.el6.i686.rpm kernel-headers-2.6.32-358.65.1.el6.i686.rpm perf-2.6.32-358.65.1.el6.i686.rpm perf-debuginfo-2.6.32-358.65.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.65.1.el6.noarch.rpm kernel-firmware-2.6.32-358.65.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.65.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.65.1.el6.ppc64.rpm kernel-debug-2.6.32-358.65.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.65.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.65.1.el6.ppc64.rpm kernel-devel-2.6.32-358.65.1.el6.ppc64.rpm kernel-headers-2.6.32-358.65.1.el6.ppc64.rpm perf-2.6.32-358.65.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.65.1.el6.s390x.rpm kernel-debug-2.6.32-358.65.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.65.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.65.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.65.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.65.1.el6.s390x.rpm kernel-devel-2.6.32-358.65.1.el6.s390x.rpm kernel-headers-2.6.32-358.65.1.el6.s390x.rpm kernel-kdump-2.6.32-358.65.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.65.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.65.1.el6.s390x.rpm perf-2.6.32-358.65.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.65.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.65.1.el6.x86_64.rpm kernel-debug-2.6.32-358.65.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.65.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.65.1.el6.x86_64.rpm kernel-devel-2.6.32-358.65.1.el6.x86_64.rpm kernel-headers-2.6.32-358.65.1.el6.x86_64.rpm perf-2.6.32-358.65.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.65.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.65.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.65.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.65.1.el6.i686.rpm perf-debuginfo-2.6.32-358.65.1.el6.i686.rpm python-perf-2.6.32-358.65.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.65.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm python-perf-2.6.32-358.65.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.65.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.65.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.65.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.65.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.65.1.el6.s390x.rpm python-perf-2.6.32-358.65.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.65.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm python-perf-2.6.32-358.65.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.65.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3636 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV04LDXlSAg2UNWIIRAtXhAKCYxNQcpcZdMRm2cp8jj4gZMsGaHACghDrC Y+B0vpAcNZNoFTWjjt2kzcU= =Tb/g -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 20 09:04:47 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Aug 2015 09:04:47 +0000 Subject: [RHSA-2015:1646-01] Important: rh-mariadb100-mariadb security update Message-ID: <201508200851.t7K8pWsH027740@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mariadb100-mariadb security update Advisory ID: RHSA-2015:1646-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1646.html Issue date: 2015-08-20 CVE Names: CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 ===================================================================== 1. Summary: Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772) These updated packages upgrade MariaDB to version MariaDB 10.0.20. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244769 - CVE-2015-2611 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244770 - CVE-2015-2617 mysql: unspecified vulnerability related to Server:Partition (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244772 - CVE-2015-2639 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244773 - CVE-2015-2641 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244776 - CVE-2015-2661 mysql: unspecified vulnerability related to Client (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244780 - CVE-2015-4756 mysql: unspecified vulnerability related to Server:InnoDB (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244782 - CVE-2015-4761 mysql: unspecified vulnerability related to Server:Memcached (CPU July 2015) 1244784 - CVE-2015-4767 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244785 - CVE-2015-4769 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244786 - CVE-2015-4771 mysql: unspecified vulnerability related to Server:RBR (CPU July 2015) 1244787 - CVE-2015-4772 mysql: unspecified vulnerability related to Server:Partition (CPU July 2015) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mariadb100-mariadb-10.0.20-1.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mariadb100-mariadb-10.0.20-1.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mariadb100-mariadb-10.0.20-1.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2611 https://access.redhat.com/security/cve/CVE-2015-2617 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2639 https://access.redhat.com/security/cve/CVE-2015-2641 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-2661 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4756 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/cve/CVE-2015-4761 https://access.redhat.com/security/cve/CVE-2015-4767 https://access.redhat.com/security/cve/CVE-2015-4769 https://access.redhat.com/security/cve/CVE-2015-4771 https://access.redhat.com/security/cve/CVE-2015-4772 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV1ZT+XlSAg2UNWIIRApd3AJ9fwSPdqMpD7wOcRHne+aF29BnkKQCgwgMI V4zNFDKROJtMhbewJtXhPwc= =upWD -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 20 09:32:43 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Aug 2015 09:32:43 +0000 Subject: [RHSA-2015:1647-01] Moderate: mariadb55-mariadb security update Message-ID: <201508200919.t7K9JSak010840@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb55-mariadb security update Advisory ID: RHSA-2015:1647-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1647.html Issue date: 2015-08-20 CVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 ===================================================================== 1. Summary: Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: mariadb55-mariadb-5.5.44-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: mariadb55-mariadb-5.5.44-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: mariadb55-mariadb-5.5.44-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb55-mariadb-5.5.44-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.44-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.44-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV1ZuWXlSAg2UNWIIRAp7oAJ9wnlqK62pAVkcjAYyIc52rAMg20gCcD8Jj Uaj+QJE4oDvI6BEK64IyZGM= =VrDe -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 20 19:26:33 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Aug 2015 19:26:33 +0000 Subject: [RHSA-2015:1650-01] Important: openshift security update Message-ID: <201508201926.t7KJQXlg005534@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openshift security update Advisory ID: RHSA-2015:1650-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2015:1650 Issue date: 2015-08-20 CVE Names: CVE-2015-5222 ===================================================================== 1. Summary: Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE 3.0 - x86_64 3. Description: Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. An improper permission check issue was discovered in the server admission control component in OpenShift. A user with build permissions could use this flaw to execute arbitrary shell commands on a build pod with the privileges of the root user. (CVE-2015-5222) This issue was discovered by Cesar Wong of the Red Hat OpenShift Enterprise Team. All OpenShift Enterprise users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1255120 - CVE-2015-5222 OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods 6. Package List: RHOSE 3.0: Source: openshift-3.0.1.0-1.git.527.f8d5fed.el7ose.src.rpm x86_64: openshift-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-clients-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-master-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-node-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-sdn-ovs-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm tuned-profiles-openshift-node-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5222 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV1inUXlSAg2UNWIIRAuobAKCMiKaoYSfe/XbCvrRsax8LnO9g2QCdEBvt GCBc46D+kcZCDnr2IK8zwoM= =uVu6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 14:21:49 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 14:21:49 +0000 Subject: [RHSA-2015:1657-01] Important: rh-ruby22-ruby security update Message-ID: <201508241420.t7OEKsQf003590@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ruby22-ruby security update Advisory ID: RHSA-2015:1657-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1657.html Issue date: 2015-08-24 CVE Names: CVE-2015-3900 ===================================================================== 1. Summary: Updated rh-ruby22-ruby packages that fix one security issue are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain. (CVE-2015-3900) All rh-ruby22-ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of Ruby need to be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1236116 - CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint() 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ruby22-ruby-2.2.2-12.el6.src.rpm noarch: rh-ruby22-ruby-doc-2.2.2-12.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-12.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-12.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-12.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-12.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5-12.el6.noarch.rpm x86_64: rh-ruby22-ruby-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.2-12.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-12.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-12.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1-12.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8-12.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5-12.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: rh-ruby22-ruby-2.2.2-12.el6.src.rpm noarch: rh-ruby22-ruby-doc-2.2.2-12.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-12.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-12.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-12.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-12.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5-12.el6.noarch.rpm x86_64: rh-ruby22-ruby-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.2-12.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-12.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-12.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1-12.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8-12.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5-12.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-ruby22-ruby-2.2.2-12.el6.src.rpm noarch: rh-ruby22-ruby-doc-2.2.2-12.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-12.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-12.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-12.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-12.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5-12.el6.noarch.rpm x86_64: rh-ruby22-ruby-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.2-12.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-12.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-12.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1-12.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8-12.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5-12.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ruby22-ruby-2.2.2-12.el6.src.rpm noarch: rh-ruby22-ruby-doc-2.2.2-12.el6.noarch.rpm rh-ruby22-ruby-irb-2.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-12.el6.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-12.el6.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-12.el6.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-12.el6.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-12.el6.noarch.rpm rh-ruby22-rubygems-devel-2.4.5-12.el6.noarch.rpm x86_64: rh-ruby22-ruby-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-devel-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-libs-2.2.2-12.el6.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.2-12.el6.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-12.el6.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-12.el6.x86_64.rpm rh-ruby22-rubygem-json-1.8.1-12.el6.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8-12.el6.x86_64.rpm rh-ruby22-rubygems-2.4.5-12.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ruby22-ruby-2.2.2-12.el7.src.rpm noarch: rh-ruby22-ruby-doc-2.2.2-12.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.2-12.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-12.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-12.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-12.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-12.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-12.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5-12.el7.noarch.rpm x86_64: rh-ruby22-ruby-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.2-12.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-12.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-12.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1-12.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8-12.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5-12.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-ruby22-ruby-2.2.2-12.el7.src.rpm noarch: rh-ruby22-ruby-doc-2.2.2-12.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.2-12.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-12.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-12.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-12.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-12.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-12.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5-12.el7.noarch.rpm x86_64: rh-ruby22-ruby-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.2-12.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-12.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-12.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1-12.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8-12.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5-12.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ruby22-ruby-2.2.2-12.el7.src.rpm noarch: rh-ruby22-ruby-doc-2.2.2-12.el7.noarch.rpm rh-ruby22-ruby-irb-2.2.2-12.el7.noarch.rpm rh-ruby22-rubygem-minitest-5.4.3-12.el7.noarch.rpm rh-ruby22-rubygem-power_assert-0.2.2-12.el7.noarch.rpm rh-ruby22-rubygem-rake-10.4.2-12.el7.noarch.rpm rh-ruby22-rubygem-rdoc-4.2.0-12.el7.noarch.rpm rh-ruby22-rubygem-test-unit-3.0.8-12.el7.noarch.rpm rh-ruby22-rubygems-devel-2.4.5-12.el7.noarch.rpm x86_64: rh-ruby22-ruby-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-debuginfo-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-devel-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-libs-2.2.2-12.el7.x86_64.rpm rh-ruby22-ruby-tcltk-2.2.2-12.el7.x86_64.rpm rh-ruby22-rubygem-bigdecimal-1.2.6-12.el7.x86_64.rpm rh-ruby22-rubygem-io-console-0.4.3-12.el7.x86_64.rpm rh-ruby22-rubygem-json-1.8.1-12.el7.x86_64.rpm rh-ruby22-rubygem-psych-2.0.8-12.el7.x86_64.rpm rh-ruby22-rubygems-2.4.5-12.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3900 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV2ygiXlSAg2UNWIIRAkNzAJ9hEIj/DD4HqQZqqhNHP/GKkosn3gCfdyz5 7LZ3wZgNOylWkH+O2JIv4zw= =O+iR -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 18:47:14 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 14:47:14 -0400 Subject: [RHSA-2015:1664-01] Moderate: nss security, bug fix, and enhancement update Message-ID: <201508241847.t7OIlEGG017286@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss security, bug fix, and enhancement update Advisory ID: RHSA-2015:1664-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1664.html Issue date: 2015-08-24 CVE Names: CVE-2015-2721 CVE-2015-2730 ===================================================================== 1. Summary: Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721) A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan as the original reporter of CVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730. The nss packages have been upgraded to upstream version 3.19.1, which provides a number of bug fixes and enhancements over the previous version. All nss users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64) 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: nss-3.19.1-1.el5_11.src.rpm i386: nss-3.19.1-1.el5_11.i386.rpm nss-debuginfo-3.19.1-1.el5_11.i386.rpm nss-tools-3.19.1-1.el5_11.i386.rpm x86_64: nss-3.19.1-1.el5_11.i386.rpm nss-3.19.1-1.el5_11.x86_64.rpm nss-debuginfo-3.19.1-1.el5_11.i386.rpm nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm nss-tools-3.19.1-1.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: nss-3.19.1-1.el5_11.src.rpm i386: nss-debuginfo-3.19.1-1.el5_11.i386.rpm nss-devel-3.19.1-1.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm x86_64: nss-debuginfo-3.19.1-1.el5_11.i386.rpm nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm nss-devel-3.19.1-1.el5_11.i386.rpm nss-devel-3.19.1-1.el5_11.x86_64.rpm nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: nss-3.19.1-1.el5_11.src.rpm i386: nss-3.19.1-1.el5_11.i386.rpm nss-debuginfo-3.19.1-1.el5_11.i386.rpm nss-devel-3.19.1-1.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm nss-tools-3.19.1-1.el5_11.i386.rpm ia64: nss-3.19.1-1.el5_11.i386.rpm nss-3.19.1-1.el5_11.ia64.rpm nss-debuginfo-3.19.1-1.el5_11.i386.rpm nss-debuginfo-3.19.1-1.el5_11.ia64.rpm nss-devel-3.19.1-1.el5_11.ia64.rpm nss-pkcs11-devel-3.19.1-1.el5_11.ia64.rpm nss-tools-3.19.1-1.el5_11.ia64.rpm ppc: nss-3.19.1-1.el5_11.ppc.rpm nss-3.19.1-1.el5_11.ppc64.rpm nss-debuginfo-3.19.1-1.el5_11.ppc.rpm nss-debuginfo-3.19.1-1.el5_11.ppc64.rpm nss-devel-3.19.1-1.el5_11.ppc.rpm nss-devel-3.19.1-1.el5_11.ppc64.rpm nss-pkcs11-devel-3.19.1-1.el5_11.ppc.rpm nss-pkcs11-devel-3.19.1-1.el5_11.ppc64.rpm nss-tools-3.19.1-1.el5_11.ppc.rpm s390x: nss-3.19.1-1.el5_11.s390.rpm nss-3.19.1-1.el5_11.s390x.rpm nss-debuginfo-3.19.1-1.el5_11.s390.rpm nss-debuginfo-3.19.1-1.el5_11.s390x.rpm nss-devel-3.19.1-1.el5_11.s390.rpm nss-devel-3.19.1-1.el5_11.s390x.rpm nss-pkcs11-devel-3.19.1-1.el5_11.s390.rpm nss-pkcs11-devel-3.19.1-1.el5_11.s390x.rpm nss-tools-3.19.1-1.el5_11.s390x.rpm x86_64: nss-3.19.1-1.el5_11.i386.rpm nss-3.19.1-1.el5_11.x86_64.rpm nss-debuginfo-3.19.1-1.el5_11.i386.rpm nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm nss-devel-3.19.1-1.el5_11.i386.rpm nss-devel-3.19.1-1.el5_11.x86_64.rpm nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-1.el5_11.x86_64.rpm nss-tools-3.19.1-1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-2721 https://access.redhat.com/security/cve/CVE-2015-2730 https://access.redhat.com/security/updates/classification/#moderate https://www.mozilla.org/security/announce/2015/mfsa2015-64.html https://www.mozilla.org/security/announce/2015/mfsa2015-71.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV22awXlSAg2UNWIIRAoBhAJ0S2lsK99aU0Ooky0MT8PciFseXdgCeLUSs Crj+GQu6Hf1ciVbvOqH5QWI= =VSBH -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 19:23:13 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 19:23:13 +0000 Subject: [RHSA-2015:1665-01] Moderate: mariadb security update Message-ID: <201508241923.t7OJNDFr003898@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb security update Advisory ID: RHSA-2015:1665-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1665.html Issue date: 2015-08-24 CVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 ===================================================================== 1. Summary: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm ppc64: mariadb-5.5.44-1.el7_1.ppc64.rpm mariadb-bench-5.5.44-1.el7_1.ppc64.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-devel-5.5.44-1.el7_1.ppc.rpm mariadb-devel-5.5.44-1.el7_1.ppc64.rpm mariadb-libs-5.5.44-1.el7_1.ppc.rpm mariadb-libs-5.5.44-1.el7_1.ppc64.rpm mariadb-server-5.5.44-1.el7_1.ppc64.rpm mariadb-test-5.5.44-1.el7_1.ppc64.rpm s390x: mariadb-5.5.44-1.el7_1.s390x.rpm mariadb-bench-5.5.44-1.el7_1.s390x.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-devel-5.5.44-1.el7_1.s390.rpm mariadb-devel-5.5.44-1.el7_1.s390x.rpm mariadb-libs-5.5.44-1.el7_1.s390.rpm mariadb-libs-5.5.44-1.el7_1.s390x.rpm mariadb-server-5.5.44-1.el7_1.s390x.rpm mariadb-test-5.5.44-1.el7_1.s390x.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.44-1.ael7b_1.src.rpm ppc64le: mariadb-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-bench-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-devel-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-libs-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-server-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-test-5.5.44-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc64.rpm s390x: mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-5.5.44-1.el7_1.s390.rpm mariadb-embedded-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390x.rpm x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-devel-5.5.44-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV228TXlSAg2UNWIIRAm1mAJ0bzbWNcno0Sy/+xCRBh61u0Og5LQCfYvOB tzK/FpD+vNcUAhqnRuiFgiM= =BpLD -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 18:47:45 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 14:47:45 -0400 Subject: [RHSA-2015:1666-01] Moderate: httpd24-httpd security update Message-ID: <201508241847.t7OIljwG000661@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd security update Advisory ID: RHSA-2015:1666-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html Issue date: 2015-08-24 CVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 ===================================================================== 1. Summary: Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185) Note: This update introduces new a new API function, ap_some_authn_required(), which correctly indicates if a request is authenticated. External httpd modules using the old API function should be modified to use the new one to completely resolve this issue. A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash. (CVE-2015-0228) A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. (CVE-2015-0253) All httpd24-httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0228 https://access.redhat.com/security/cve/CVE-2015-0253 https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H y5DWl0MjeqKeAOHiddwyDdU= =yzQP -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 18:47:59 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 14:47:59 -0400 Subject: [RHSA-2015:1667-01] Moderate: httpd security update Message-ID: <201508241847.t7OIlxv8000764@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2015:1667-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1667.html Issue date: 2015-08-24 CVE Names: CVE-2015-3183 CVE-2015-3185 ===================================================================== 1. Summary: Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm ppc64: httpd-2.4.6-31.el7_1.1.ppc64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.ppc64.rpm httpd-devel-2.4.6-31.el7_1.1.ppc64.rpm httpd-tools-2.4.6-31.el7_1.1.ppc64.rpm mod_ssl-2.4.6-31.el7_1.1.ppc64.rpm s390x: httpd-2.4.6-31.el7_1.1.s390x.rpm httpd-debuginfo-2.4.6-31.el7_1.1.s390x.rpm httpd-devel-2.4.6-31.el7_1.1.s390x.rpm httpd-tools-2.4.6-31.el7_1.1.s390x.rpm mod_ssl-2.4.6-31.el7_1.1.s390x.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-31.ael7b_1.1.src.rpm noarch: httpd-manual-2.4.6-31.ael7b_1.1.noarch.rpm ppc64le: httpd-2.4.6-31.ael7b_1.1.ppc64le.rpm httpd-debuginfo-2.4.6-31.ael7b_1.1.ppc64le.rpm httpd-devel-2.4.6-31.ael7b_1.1.ppc64le.rpm httpd-tools-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_ssl-2.4.6-31.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-31.el7_1.1.ppc64.rpm mod_ldap-2.4.6-31.el7_1.1.ppc64.rpm mod_proxy_html-2.4.6-31.el7_1.1.ppc64.rpm mod_session-2.4.6-31.el7_1.1.ppc64.rpm s390x: httpd-debuginfo-2.4.6-31.el7_1.1.s390x.rpm mod_ldap-2.4.6-31.el7_1.1.s390x.rpm mod_proxy_html-2.4.6-31.el7_1.1.s390x.rpm mod_session-2.4.6-31.el7_1.1.s390x.rpm x86_64: httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: httpd-debuginfo-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_ldap-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_proxy_html-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_session-2.4.6-31.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV22bdXlSAg2UNWIIRAtlWAKCRoS+swsPU7SFVjoNK5nifbipGPACfbnGp vg4WkQFOi6OeD9X4Kiuo2gA= =LQPk -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 18:48:13 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 14:48:13 -0400 Subject: [RHSA-2015:1668-01] Moderate: httpd security update Message-ID: <201508241848.t7OImDbq016749@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2015:1668-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1668.html Issue date: 2015-08-24 CVE Names: CVE-2015-3183 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) All httpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: httpd-2.2.15-47.el6_7.src.rpm i386: httpd-2.2.15-47.el6_7.i686.rpm httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-tools-2.2.15-47.el6_7.i686.rpm x86_64: httpd-2.2.15-47.el6_7.x86_64.rpm httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm httpd-tools-2.2.15-47.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-devel-2.2.15-47.el6_7.i686.rpm mod_ssl-2.2.15-47.el6_7.i686.rpm noarch: httpd-manual-2.2.15-47.el6_7.noarch.rpm x86_64: httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm httpd-devel-2.2.15-47.el6_7.i686.rpm httpd-devel-2.2.15-47.el6_7.x86_64.rpm mod_ssl-2.2.15-47.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: httpd-2.2.15-47.el6_7.src.rpm x86_64: httpd-2.2.15-47.el6_7.x86_64.rpm httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm httpd-tools-2.2.15-47.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: httpd-manual-2.2.15-47.el6_7.noarch.rpm x86_64: httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm httpd-devel-2.2.15-47.el6_7.i686.rpm httpd-devel-2.2.15-47.el6_7.x86_64.rpm mod_ssl-2.2.15-47.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: httpd-2.2.15-47.el6_7.src.rpm i386: httpd-2.2.15-47.el6_7.i686.rpm httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-devel-2.2.15-47.el6_7.i686.rpm httpd-tools-2.2.15-47.el6_7.i686.rpm mod_ssl-2.2.15-47.el6_7.i686.rpm noarch: httpd-manual-2.2.15-47.el6_7.noarch.rpm ppc64: httpd-2.2.15-47.el6_7.ppc64.rpm httpd-debuginfo-2.2.15-47.el6_7.ppc.rpm httpd-debuginfo-2.2.15-47.el6_7.ppc64.rpm httpd-devel-2.2.15-47.el6_7.ppc.rpm httpd-devel-2.2.15-47.el6_7.ppc64.rpm httpd-tools-2.2.15-47.el6_7.ppc64.rpm mod_ssl-2.2.15-47.el6_7.ppc64.rpm s390x: httpd-2.2.15-47.el6_7.s390x.rpm httpd-debuginfo-2.2.15-47.el6_7.s390.rpm httpd-debuginfo-2.2.15-47.el6_7.s390x.rpm httpd-devel-2.2.15-47.el6_7.s390.rpm httpd-devel-2.2.15-47.el6_7.s390x.rpm httpd-tools-2.2.15-47.el6_7.s390x.rpm mod_ssl-2.2.15-47.el6_7.s390x.rpm x86_64: httpd-2.2.15-47.el6_7.x86_64.rpm httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm httpd-devel-2.2.15-47.el6_7.i686.rpm httpd-devel-2.2.15-47.el6_7.x86_64.rpm httpd-tools-2.2.15-47.el6_7.x86_64.rpm mod_ssl-2.2.15-47.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: httpd-2.2.15-47.el6_7.src.rpm i386: httpd-2.2.15-47.el6_7.i686.rpm httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-devel-2.2.15-47.el6_7.i686.rpm httpd-tools-2.2.15-47.el6_7.i686.rpm mod_ssl-2.2.15-47.el6_7.i686.rpm noarch: httpd-manual-2.2.15-47.el6_7.noarch.rpm x86_64: httpd-2.2.15-47.el6_7.x86_64.rpm httpd-debuginfo-2.2.15-47.el6_7.i686.rpm httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm httpd-devel-2.2.15-47.el6_7.i686.rpm httpd-devel-2.2.15-47.el6_7.x86_64.rpm httpd-tools-2.2.15-47.el6_7.x86_64.rpm mod_ssl-2.2.15-47.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV22bsXlSAg2UNWIIRAsf9AKCQ0DcOcLEWhJk/EinkKJk0JaGSiQCgpIpO zda8qUMDnUSGbNf6QbYNDpI= =yF3F -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 20:21:42 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 16:21:42 -0400 Subject: [RHSA-2015:1674-01] Moderate: qemu-kvm-rhev security update Message-ID: <201508242021.t7OKLg2m010756@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2015:1674-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1674.html Issue date: 2015-08-24 CVE Names: CVE-2015-5165 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw, while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read upto 65KB of uninitialised Qemu heap memory. (CVE-2015-5165) Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Donghai Zhu of Alibaba as the original reporter. All qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: qemu-kvm-rhev-2.1.2-23.el7_1.8.src.rpm x86_64: libcacard-devel-rhev-2.1.2-23.el7_1.8.x86_64.rpm libcacard-rhev-2.1.2-23.el7_1.8.x86_64.rpm libcacard-tools-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-img-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-common-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-rhev-debuginfo-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-tools-rhev-2.1.2-23.el7_1.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5165 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV23zUXlSAg2UNWIIRAtNHAJ4zeT0/SAfkpIL9WlGwNNl9NbabOwCfewnS VTw4BaXu8WBsS8L4gWkL1q8= =B1y3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 20:21:49 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 16:21:49 -0400 Subject: [RHSA-2015:1675-01] Low: libunwind security update Message-ID: <201508242021.t7OKLnWI005053@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: libunwind security update Advisory ID: RHSA-2015:1675-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1675.html Issue date: 2015-08-24 CVE Names: CVE-2015-3239 ===================================================================== 1. Summary: Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64 3. Description: Libunwind provides a C ABI to determine the call-chain of a program. An off by one array indexing error was found in libunwind. It is unlikely that any exploitable attack vector exists in current builds or supported usage. (CVE-2015-3239) This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232265 - CVE-2015-3239 libunwind: off-by-one in dwarf_to_unw_regnum() 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: libunwind-1.1-4.1.el7ost.src.rpm x86_64: libunwind-1.1-4.1.el7ost.x86_64.rpm libunwind-debuginfo-1.1-4.1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3239 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV23zcXlSAg2UNWIIRAvYsAJ9ye9xmfwm5nlFL5KgQD7eD3Zsi8QCfXGo5 bW0Lt5R9PTLikHX2uuxqZZk= =gtzW -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 20:21:56 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 16:21:56 -0400 Subject: [RHSA-2015:1676-01] Moderate: redis security advisory Message-ID: <201508242021.t7OKLuWS022949@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: redis security advisory Advisory ID: RHSA-2015:1676-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1676.html Issue date: 2015-08-24 CVE Names: CVE-2015-4335 ===================================================================== 1. Summary: Updated redis packages that fix a security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64 3. Description: Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. (CVE-2015-4335) All users of redis are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1228327 - CVE-2015-4335 redis: Lua sandbox escape and arbitrary code execution 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: redis-2.8.21-1.el7ost.src.rpm x86_64: redis-2.8.21-1.el7ost.x86_64.rpm redis-debuginfo-2.8.21-1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4335 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV23zjXlSAg2UNWIIRAiiVAKClCAqHE4BdrtYzmQBLZD37Cwf4HACglzgm J5LQRTIxn8TDg65g8uhXTmI= =VSTj -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 20:22:11 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 16:22:11 -0400 Subject: [RHSA-2015:1677-01] Moderate: python-keystoneclient and python-keystonemiddlware security update Message-ID: <201508242022.t7OKMBxo006124@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-keystoneclient and python-keystonemiddlware security update Advisory ID: RHSA-2015:1677-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1677.html Issue date: 2015-08-24 CVE Names: CVE-2015-1852 ===================================================================== 1. Summary: Updated python-keystoneclient and python-keystonemiddleware packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: Python-keystonemiddleware (formely python-keystoneclient) is a client library and a command line utility for interacting with the OpenStack Identity API. Red Hat Enterprise OpenStack Platform 6.0 contains and uses both the python-keystonemiddleware and python-keystoneclient versions of this package. It was discovered that some items in the the S3Token configuration as used by python-keystonemiddleware and python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. This would result in a setting for 'insecure=false' to evaluate as true and leave TLS connections open to MITM. (CVE-2015-1852) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Brant Knudson from IBM as the original reporter. Note: "insecure" defaults to false, so setups that do not specifically define "insecure=false" are unaffected. All python-keystoneclient users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1209527 - CVE-2015-1852 OpenStack keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: python-keystoneclient-0.11.1-2.el7ost.src.rpm python-keystonemiddleware-1.3.2-1.el7ost.src.rpm noarch: python-keystoneclient-0.11.1-2.el7ost.noarch.rpm python-keystoneclient-doc-0.11.1-2.el7ost.noarch.rpm python-keystonemiddleware-1.3.2-1.el7ost.noarch.rpm python-keystonemiddleware-doc-1.3.2-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1852 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV23zyXlSAg2UNWIIRAlKRAJ4+B0IhBtnQa1T24UwWD41iIUvjlQCgoSDQ K1xyXUd2uD8LHAxJFO6DxfA= =QCR2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 20:22:18 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 16:22:18 -0400 Subject: [RHSA-2015:1678-01] Moderate: python-django security update Message-ID: <201508242022.t7OKMIMi006176@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2015:1678-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1678.html Issue date: 2015-08-24 CVE Names: CVE-2015-5143 ===================================================================== 1. Summary: Updated python-django packages that fix a security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. A flaw was found in the Django session backends whereby an unauthenticated attacker could cause session records to be created in the configured session store, leading to a Denial of Service. (CVE-2015-5143) Red Hat would like to thank the upstream Django project for reporting this issue. All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1239010 - CVE-2015-5143 Django: possible DoS by filling session store 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: python-django-1.6.11-2.el7ost.src.rpm noarch: python-django-1.6.11-2.el7ost.noarch.rpm python-django-bash-completion-1.6.11-2.el7ost.noarch.rpm python-django-doc-1.6.11-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5143 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV23z5XlSAg2UNWIIRAjzEAJ93uayNd6YSnys5EPQD1yOixHdpeQCfViqW 5Ia0eMJ0/1nT6EPBqVNez8Q= =GXtf -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 20:22:26 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 16:22:26 -0400 Subject: [RHSA-2015:1679-01] Moderate: python-django-horizon security and bug fix update Message-ID: <201508242022.t7OKMQMw005240@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django-horizon security and bug fix update Advisory ID: RHSA-2015:1679-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1679.html Issue date: 2015-08-24 CVE Names: CVE-2015-3219 CVE-2015-3988 ===================================================================== 1. Summary: Updated python-django-horizon packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Dashboard (Horizon) provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: * A cross-site scripting (XSS) flaw was found in the Horizon Orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user. (CVE-2015-3219) Red Hat would like to thank the OpenStack Project for reporting the CVE-2015-3219 issue. Upstream acknowledges Nikita Konovalov from Mirantis as the original reporter of CVE-2015-3219. * A flaw was discovered in the Horizon metadata dashboard whereby potentially untrusted data was displayed from Glance images, Nova flavors, or host aggregates without correct clean up. An attacker could use this flaw to conduct an XSS attack.(CVE-2015-3988) Additionally, the following non-security issues are addressed: * It was impossible to associate a floating IP address to a port for an instance. This occurred if the gateway router was not in the same tenant as the instance but was attached to a network shared across tenants because only ports within the tenant were used to find reachable gateway routers. (BZ#1187992) * If two or more regions were configured in Horizon, then the User, Help, and Current Project links would no longer work and the region selector was in the wrong location in the UI. (BZ#1189887) * A load balancer monitor was erroneously displayed as associated with every tenant in every pool. The load balancer monitor was not actually associated with any tenants, but the improper display prevented users from using the Horizon dashboard to create a tenant association. (BZ#1196249) * When logging into the Horizon dashboard, Horizon sends a query to Nova to update usage statistics. One of the calls would erroneously query deleted virtual machines; if there were thousands of deleted virtual machines, the CPU usage for Nova would spike and the Nova process could crash. (BZ#1243301) * The network profile was not supported by Cisco N1KV ML2 drivers. This profile has been removed to maintain Horizon compatibility with the Cisco driver. (BZ#1246690) * A neutron attribute extension was renamed from profile_id to profile for networks and ports. This caused create operations for networks and ports to fail from the dashboard since the dashboard was still using the attribute name n1kv:profile_id rather than n1kv:profile.(BZ#1248367) * If a virtual machine instance failed to launch, then the stale port assignments were left in the configuration rather than being cleaned up. (BZ#1249228) All python-django-horizon users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1187992 - [Horizon] Fix display of ports when associating floating IP 1196249 - LBaaS health monitor created from horizon shows associated with all pools 1222871 - CVE-2015-3988 python-django-horizon: persistent XSS in Horizon metadata dashboard 1228534 - CVE-2015-3219 python-django-horizon: XSS in Heat stack creation 1243301 - nova API cannot allocate memory due to horizon os-simple-tenant-usage calls 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: python-django-horizon-2014.2.3-7.el7ost.src.rpm noarch: openstack-dashboard-2014.2.3-7.el7ost.noarch.rpm openstack-dashboard-theme-2014.2.3-7.el7ost.noarch.rpm python-django-horizon-2014.2.3-7.el7ost.noarch.rpm python-django-horizon-doc-2014.2.3-7.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3219 https://access.redhat.com/security/cve/CVE-2015-3988 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV230AXlSAg2UNWIIRAn/lAKCuFqSiXKmhVoS+EaUZ58HjRAQoqgCgvrZf 8RwYnKPTmqyGHg8TwinHZSg= =yb0o -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 20:39:21 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 20:39:21 +0000 Subject: [RHSA-2015:1680-01] Moderate: openstack-neutron security and bug fix update Message-ID: <201508242039.t7OKdLDJ007914@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security and bug fix update Advisory ID: RHSA-2015:1680-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1680.html Issue date: 2015-08-24 CVE Names: CVE-2015-3221 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Red Hat Product Security has rated this update as having a Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Networking (Neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A Denial of Service flaw was found in the L2 agent when using the IPTables firewall driver. By submitting an address pair that will be rejected as invalid by the ipset tool, an attacker may cause the agent to crash. (CVE-2015-3221) Red Hat would like to thank the OpenStack upstream for reporting this issue. Upstream acknowledges Darragh O'Reilly (HP) as the original reporter. Additionally, the packages address the following issues: * Neutron failed to load multiple configuration files. The Puppet recipe hard-coded the --config-file parameter to a set list of configuration files and additional files were not loaded, even if specified. This fix creates a new Neutron configuration directory, /etc/neutron/conf.d, and any .conf files in that directory are loaded by Puppet and applied to all services. (BZ#1188480) * When configuring load balancer as a service, the Neutron configuration used no group as the default system user group. This group does not exist in the default Red Hat Enterprise Linux 7 configuration, which caused the virtual IP address creation to fail with the error "cannot find group id for 'nogroup'." (BZ#1208002) * Log rotation was set to one week for Neutron, but that could allow the log file to grow to be very large before rotating. The default log rotation policy has been updated to include a size limit of 10MB as well as a time limit to rotate daily. (BZ#1212442) * Previously, dnsmasq did not save lease information in persistent storage. When it was restarted, the lease information was lost. This behavior resulted from removing the '--dhcp-script' option as part of fixing BZ#1202392. As a result, instances were stuck in the network boot process for a long period of time. In addition, NACK messages were noted in the dnsmasq log. This update removes the authoritative option, so that NAKs are not sent in response to DHCPREQUESTs to other servers. This change is expected to prevent dnsmasq from NAKing clients renewing leases issued before it was restarted/rescheduled. DHCPNAK messages should no longer be found in the log files. (BZ#1227635) * Conflict tags were included in the python-neutron package spec that resulted in Neutron unnecessarily blocking the python-oslo-db package. These conflicts have been removed from the spec, so the python-oslo-db package can be successfully installed. (BZ#1250056) All openstack-neutron users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1208002 - LBASS VIP creation fails because system group "nogroup" doesn't exist 1227635 - DHCPNAK after neutron-dhcp-agent restart 1232284 - CVE-2015-3221 openstack-neutron: L2 agent DoS through incorrect allowed address pairs 1250056 - neutron unnecessarily blocks python-oslo-db >= 1.1.0 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-neutron-2014.2.3-9.el7ost.src.rpm noarch: openstack-neutron-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-bigswitch-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-brocade-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-cisco-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-common-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-embrane-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-hyperv-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-ibm-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-linuxbridge-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-mellanox-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-metaplugin-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-metering-agent-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-midonet-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-ml2-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-nec-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-nuage-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-ofagent-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-opencontrail-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-openvswitch-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-plumgrid-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-ryu-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-vmware-2014.2.3-9.el7ost.noarch.rpm openstack-neutron-vpn-agent-2014.2.3-9.el7ost.noarch.rpm python-neutron-2014.2.3-9.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3221 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV24DmXlSAg2UNWIIRAtw+AJ47pjJUnKvfYWGsr6ZaMMv81MNAlACfZjmg 2s+mKDNe+zm01jvGLveJtKc= =DI/K -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 24 22:40:12 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Aug 2015 18:40:12 -0400 Subject: [RHSA-2015:1681-01] Moderate: openstack-swift security update Message-ID: <201508242240.t7OMeCBe004176@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2015:1681-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1681.html Issue date: 2015-08-24 CVE Names: CVE-2015-1856 ===================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in openstack-swift where an authenticated user may delete the most recent version of a versioned object regardless of ownership. To exploit this flaw an attacker most know the name of the object and have listing access to the x-versions-location container. (CVE-2015-1856) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Clay Gerrard of SwiftStack as the original reporter. All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1209994 - CVE-2015-1856 OpenStack Swift: unauthorized deletion of versioned Swift object 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-swift-2.2.0-4.el7ost.src.rpm noarch: openstack-swift-2.2.0-4.el7ost.noarch.rpm openstack-swift-account-2.2.0-4.el7ost.noarch.rpm openstack-swift-container-2.2.0-4.el7ost.noarch.rpm openstack-swift-doc-2.2.0-4.el7ost.noarch.rpm openstack-swift-object-2.2.0-4.el7ost.noarch.rpm openstack-swift-proxy-2.2.0-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1856 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV251KXlSAg2UNWIIRAtWlAKDA6zAkOV4UPJUKNDGQ+0WSBBpbDwCgwaFy XtSM4QngCYEOJcjwXwL7tZQ= =lPYq -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 25 06:07:25 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Aug 2015 06:07:25 +0000 Subject: [RHSA-2015:1683-01] Moderate: qemu-kvm-rhev security update Message-ID: <201508250607.t7P67SBr014596@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2015:1683-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1683.html Issue date: 2015-08-25 CVE Names: CVE-2015-5165 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. (CVE-2015-5165) Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Donghai Zhu of Alibaba as the original reporter. All qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.479.el6_7.1.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.479.el6_7.1.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.479.el6_7.1.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.1.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.1.x86_64.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: qemu-kvm-rhev-2.1.2-23.el7_1.8.src.rpm x86_64: libcacard-devel-rhev-2.1.2-23.el7_1.8.x86_64.rpm libcacard-rhev-2.1.2-23.el7_1.8.x86_64.rpm libcacard-tools-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-img-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-common-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-rhev-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-rhev-debuginfo-2.1.2-23.el7_1.8.x86_64.rpm qemu-kvm-tools-rhev-2.1.2-23.el7_1.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5165 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV3AYOXlSAg2UNWIIRAgM/AJ4qGYLkHhDe7+p+GL/kyACu6cdpugCff7Az jjdHrPVfBWbIKzDtV5DV9Pw= =Qvlt -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 25 06:08:22 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Aug 2015 06:08:22 +0000 Subject: [RHSA-2015:1684-01] Moderate: openstack-swift security update Message-ID: <201508250608.t7P68SaM014877@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2015:1684-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1684.html Issue date: 2015-08-25 CVE Names: CVE-2015-1856 ===================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container. (CVE-2015-1856) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Clay Gerrard of SwiftStack as the original reporter. All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1209994 - CVE-2015-1856 OpenStack Swift: unauthorized deletion of versioned Swift object 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-swift-1.13.1-6.el6ost.src.rpm noarch: openstack-swift-1.13.1-6.el6ost.noarch.rpm openstack-swift-account-1.13.1-6.el6ost.noarch.rpm openstack-swift-container-1.13.1-6.el6ost.noarch.rpm openstack-swift-doc-1.13.1-6.el6ost.noarch.rpm openstack-swift-object-1.13.1-6.el6ost.noarch.rpm openstack-swift-proxy-1.13.1-6.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-swift-1.13.1-5.el7ost.src.rpm noarch: openstack-swift-1.13.1-5.el7ost.noarch.rpm openstack-swift-account-1.13.1-5.el7ost.noarch.rpm openstack-swift-container-1.13.1-5.el7ost.noarch.rpm openstack-swift-doc-1.13.1-5.el7ost.noarch.rpm openstack-swift-object-1.13.1-5.el7ost.noarch.rpm openstack-swift-proxy-1.13.1-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1856 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV3AZHXlSAg2UNWIIRAo28AJ9WMiIwn/AGQDazk+/Hd63cL9eN3gCeJEQJ RT7cD0uvLaClPHU5DflUTgk= =UYrs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 25 06:09:22 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Aug 2015 06:09:22 +0000 Subject: [RHSA-2015:1685-01] Moderate: python-keystoneclient security update Message-ID: <201508250609.t7P69NQp012159@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-keystoneclient security update Advisory ID: RHSA-2015:1685-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1685.html Issue date: 2015-08-25 CVE Names: CVE-2015-1852 ===================================================================== 1. Summary: Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: Python-keystoneclient is a client library and a command-line utility for interacting with the OpenStack Identity API. It was discovered that some items in the S3Token configuration as used by python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option was set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note: The "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected. (CVE-2015-1852) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Brant Knudson from IBM as the original reporter. All python-keystoneclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1209527 - CVE-2015-1852 OpenStack keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: python-keystoneclient-0.9.0-6.el6ost.src.rpm noarch: python-keystoneclient-0.9.0-6.el6ost.noarch.rpm python-keystoneclient-doc-0.9.0-6.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: python-keystoneclient-0.9.0-6.el7ost.src.rpm noarch: python-keystoneclient-0.9.0-6.el7ost.noarch.rpm python-keystoneclient-doc-0.9.0-6.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1852 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV3AZ7XlSAg2UNWIIRAmUbAJ4vBjuPgw1V7/ayb5Ln4UnQG4fJgwCfas51 plR5ohF8yP5+RM8CVfyTcKA= =i8zU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 25 06:10:14 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Aug 2015 06:10:14 +0000 Subject: [RHSA-2015:1686-01] Moderate: python-django security update Message-ID: <201508250610.t7P6AF8q015504@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2015:1686-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1686.html Issue date: 2015-08-25 CVE Names: CVE-2015-5143 ===================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store. (CVE-2015-5143) Red Hat would like to thank the upstream Django project for reporting this issue. All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1239010 - CVE-2015-5143 Django: possible DoS by filling session store 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: python-django-1.6.11-1.el6ost.src.rpm noarch: python-django-1.6.11-1.el6ost.noarch.rpm python-django-bash-completion-1.6.11-1.el6ost.noarch.rpm python-django-doc-1.6.11-1.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: python-django-1.6.11-2.el7ost.src.rpm noarch: python-django-1.6.11-2.el7ost.noarch.rpm python-django-bash-completion-1.6.11-2.el7ost.noarch.rpm python-django-doc-1.6.11-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5143 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV3Aa6XlSAg2UNWIIRArObAJ0Y9rfNMzD/zo77e7D9HlDrwYyE3gCeLa7Q 4roB1CFXRfVzvdtytTi0IBg= =4zSt -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 25 07:50:52 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Aug 2015 07:50:52 +0000 Subject: [RHSA-2015:1682-01] Important: thunderbird security update Message-ID: <201508250737.t7P7bX4q024072@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2015:1682-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1682.html Issue date: 2015-08-25 CVE Names: CVE-2015-4473 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1252271 - CVE-2015-4473 Mozilla: Miscellaneous memory safety hazards (rv:38.2) (MFSA 2015-79) 1252290 - CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88) 1252293 - CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-38.2.0-4.el5_11.src.rpm i386: thunderbird-38.2.0-4.el5_11.i386.rpm thunderbird-debuginfo-38.2.0-4.el5_11.i386.rpm x86_64: thunderbird-38.2.0-4.el5_11.x86_64.rpm thunderbird-debuginfo-38.2.0-4.el5_11.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: thunderbird-38.2.0-4.el5_11.src.rpm i386: thunderbird-38.2.0-4.el5_11.i386.rpm thunderbird-debuginfo-38.2.0-4.el5_11.i386.rpm x86_64: thunderbird-38.2.0-4.el5_11.x86_64.rpm thunderbird-debuginfo-38.2.0-4.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-38.2.0-4.el6_7.src.rpm i386: thunderbird-38.2.0-4.el6_7.i686.rpm thunderbird-debuginfo-38.2.0-4.el6_7.i686.rpm x86_64: thunderbird-38.2.0-4.el6_7.x86_64.rpm thunderbird-debuginfo-38.2.0-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-38.2.0-4.el6_7.src.rpm i386: thunderbird-38.2.0-4.el6_7.i686.rpm thunderbird-debuginfo-38.2.0-4.el6_7.i686.rpm ppc64: thunderbird-38.2.0-4.el6_7.ppc64.rpm thunderbird-debuginfo-38.2.0-4.el6_7.ppc64.rpm s390x: thunderbird-38.2.0-4.el6_7.s390x.rpm thunderbird-debuginfo-38.2.0-4.el6_7.s390x.rpm x86_64: thunderbird-38.2.0-4.el6_7.x86_64.rpm thunderbird-debuginfo-38.2.0-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-38.2.0-4.el6_7.src.rpm i386: thunderbird-38.2.0-4.el6_7.i686.rpm thunderbird-debuginfo-38.2.0-4.el6_7.i686.rpm x86_64: thunderbird-38.2.0-4.el6_7.x86_64.rpm thunderbird-debuginfo-38.2.0-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-38.2.0-1.el7_1.src.rpm x86_64: thunderbird-38.2.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-38.2.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-38.2.0-1.el7_1.src.rpm x86_64: thunderbird-38.2.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-38.2.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-38.2.0-1.ael7b_1.src.rpm ppc64le: thunderbird-38.2.0-1.ael7b_1.ppc64le.rpm thunderbird-debuginfo-38.2.0-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-38.2.0-1.el7_1.src.rpm x86_64: thunderbird-38.2.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-38.2.0-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4473 https://access.redhat.com/security/cve/CVE-2015-4487 https://access.redhat.com/security/cve/CVE-2015-4488 https://access.redhat.com/security/cve/CVE-2015-4489 https://access.redhat.com/security/cve/CVE-2015-4491 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.2 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV3BsrXlSAg2UNWIIRAlanAJ97+BV8IcQaIuaAvZ9O15X3fVbZdACfZVkN Y0Ek8xGp6iGOFzN1dvQBQg4= =f/ZK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 27 14:03:20 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Aug 2015 14:03:20 +0000 Subject: [RHSA-2015:1691-01] Low: Red Hat Enterprise Developer Toolset Version 2 One-Month Retirement Notice Message-ID: <201508271403.t7RE3KBh013688@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Developer Toolset Version 2 One-Month Retirement Notice Advisory ID: RHSA-2015:1691-01 Product: Red Hat Developer Toolset Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1691.html Issue date: 2015-08-27 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Developer Toolset Version 2. This notification applies only to those customers subscribed to the channel for Red Hat Developer Toolset Version 2. 2. Description: In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering will be retired as of September 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 2 after September 30, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 2 after this date. We encourage customers using Red Hat Enterprise Linux 6 to plan their migration from Red Hat Enterprise Developer Toolset Version 2 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product. Details of the Red Hat Enterprise Developer Toolset life cycle can be found here: https://access.redhat.com/support/policy/updates/dts/ 3. Solution: Red Hat Enterprise Developer Toolset Version 2 will be retired on September 30, 2015. Customers using Red Hat Enterprise 6 are encouraged to migrate to a newer release of Red Hat Enterprise Developer Toolset, and can find additional details on the Red Hat Enterprise Developer Toolset life cycle at https://access.redhat.com/support/policy/updates/dts/ Customers using Red Hat Enterprise Developer Toolset Version 2 with Red Hat Enterprise Linux 5 are encouraged to move to Red Hat Enterprise Linux 7 for all new development in order to take advantage of newer versions of the Red Hat Enterprise Developer Toolset. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/dts/ 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV3xh7XlSAg2UNWIIRAhfUAKDCcSFu460EnYYaV2bPlFlQMwal6ACfTGiy LwJB7vLW1n7TrDhk6tig7ao= =2uVV -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 27 21:19:25 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Aug 2015 17:19:25 -0400 Subject: [RHSA-2015:1693-01] Critical: firefox security update Message-ID: <201508272119.t7RLJPlF029178@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2015:1693-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1693.html Issue date: 2015-08-27 CVE Names: CVE-2015-4497 CVE-2015-4498 ===================================================================== 1. Summary: Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4497) A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user inso installing an add-on from a malicious source. (CVE-2015-4498) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jean-Max Reymond, Ucha Gobejishvili, and Bas Venis as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1257276 - CVE-2015-4497 Mozilla: Use-after-free when resizing canvas element during restyling (MFSA 2015-94) 1257278 - CVE-2015-4498 Mozilla: Add-on notification bypass through data URLs (MFSA 2015-95) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-38.2.1-1.el5_11.src.rpm i386: firefox-38.2.1-1.el5_11.i386.rpm firefox-debuginfo-38.2.1-1.el5_11.i386.rpm x86_64: firefox-38.2.1-1.el5_11.i386.rpm firefox-38.2.1-1.el5_11.x86_64.rpm firefox-debuginfo-38.2.1-1.el5_11.i386.rpm firefox-debuginfo-38.2.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-38.2.1-1.el5_11.src.rpm i386: firefox-38.2.1-1.el5_11.i386.rpm firefox-debuginfo-38.2.1-1.el5_11.i386.rpm ppc: firefox-38.2.1-1.el5_11.ppc64.rpm firefox-debuginfo-38.2.1-1.el5_11.ppc64.rpm s390x: firefox-38.2.1-1.el5_11.s390.rpm firefox-38.2.1-1.el5_11.s390x.rpm firefox-debuginfo-38.2.1-1.el5_11.s390.rpm firefox-debuginfo-38.2.1-1.el5_11.s390x.rpm x86_64: firefox-38.2.1-1.el5_11.i386.rpm firefox-38.2.1-1.el5_11.x86_64.rpm firefox-debuginfo-38.2.1-1.el5_11.i386.rpm firefox-debuginfo-38.2.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-38.2.1-1.el6_7.src.rpm i386: firefox-38.2.1-1.el6_7.i686.rpm firefox-debuginfo-38.2.1-1.el6_7.i686.rpm x86_64: firefox-38.2.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.2.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-38.2.1-1.el6_7.i686.rpm firefox-debuginfo-38.2.1-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-38.2.1-1.el6_7.src.rpm x86_64: firefox-38.2.1-1.el6_7.i686.rpm firefox-38.2.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.2.1-1.el6_7.i686.rpm firefox-debuginfo-38.2.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-38.2.1-1.el6_7.src.rpm i386: firefox-38.2.1-1.el6_7.i686.rpm firefox-debuginfo-38.2.1-1.el6_7.i686.rpm ppc64: firefox-38.2.1-1.el6_7.ppc64.rpm firefox-debuginfo-38.2.1-1.el6_7.ppc64.rpm s390x: firefox-38.2.1-1.el6_7.s390x.rpm firefox-debuginfo-38.2.1-1.el6_7.s390x.rpm x86_64: firefox-38.2.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.2.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-38.2.1-1.el6_7.ppc.rpm firefox-debuginfo-38.2.1-1.el6_7.ppc.rpm s390x: firefox-38.2.1-1.el6_7.s390.rpm firefox-debuginfo-38.2.1-1.el6_7.s390.rpm x86_64: firefox-38.2.1-1.el6_7.i686.rpm firefox-debuginfo-38.2.1-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-38.2.1-1.el6_7.src.rpm i386: firefox-38.2.1-1.el6_7.i686.rpm firefox-debuginfo-38.2.1-1.el6_7.i686.rpm x86_64: firefox-38.2.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.2.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-38.2.1-1.el6_7.i686.rpm firefox-debuginfo-38.2.1-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-38.2.1-1.el7_1.src.rpm x86_64: firefox-38.2.1-1.el7_1.x86_64.rpm firefox-debuginfo-38.2.1-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-38.2.1-1.el7_1.i686.rpm firefox-debuginfo-38.2.1-1.el7_1.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.2.1-1.el7_1.src.rpm ppc64: firefox-38.2.1-1.el7_1.ppc64.rpm firefox-debuginfo-38.2.1-1.el7_1.ppc64.rpm s390x: firefox-38.2.1-1.el7_1.s390x.rpm firefox-debuginfo-38.2.1-1.el7_1.s390x.rpm x86_64: firefox-38.2.1-1.el7_1.x86_64.rpm firefox-debuginfo-38.2.1-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.2.1-1.ael7b_1.src.rpm ppc64le: firefox-38.2.1-1.ael7b_1.ppc64le.rpm firefox-debuginfo-38.2.1-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-38.2.1-1.el7_1.ppc.rpm firefox-debuginfo-38.2.1-1.el7_1.ppc.rpm s390x: firefox-38.2.1-1.el7_1.s390.rpm firefox-debuginfo-38.2.1-1.el7_1.s390.rpm x86_64: firefox-38.2.1-1.el7_1.i686.rpm firefox-debuginfo-38.2.1-1.el7_1.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-38.2.1-1.el7_1.src.rpm x86_64: firefox-38.2.1-1.el7_1.x86_64.rpm firefox-debuginfo-38.2.1-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-38.2.1-1.el7_1.i686.rpm firefox-debuginfo-38.2.1-1.el7_1.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4497 https://access.redhat.com/security/cve/CVE-2015-4498 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.2.1 https://access.redhat.com/articles/1590693 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV337bXlSAg2UNWIIRAnZCAJ4jFvr5iwtHnWCfcDfQ9/W2t6YkHACgp5xt TR517Fa0HHLOTOq3FJY1lbI= =TIa5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 31 09:17:42 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Aug 2015 09:17:42 +0000 Subject: [RHSA-2015:1694-01] Moderate: gdk-pixbuf2 security update Message-ID: <201508310904.t7V94HsD011157@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gdk-pixbuf2 security update Advisory ID: RHSA-2015:1694-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1694.html Issue date: 2015-08-31 CVE Names: CVE-2015-4491 ===================================================================== 1. Summary: Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1252290 - CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: gdk-pixbuf2-2.24.1-6.el6_7.src.rpm i386: gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm x86_64: gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm x86_64: gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: gdk-pixbuf2-2.24.1-6.el6_7.src.rpm x86_64: gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: gdk-pixbuf2-2.24.1-6.el6_7.src.rpm i386: gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm ppc64: gdk-pixbuf2-2.24.1-6.el6_7.ppc.rpm gdk-pixbuf2-2.24.1-6.el6_7.ppc64.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.ppc.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.ppc64.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.ppc.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.ppc64.rpm s390x: gdk-pixbuf2-2.24.1-6.el6_7.s390.rpm gdk-pixbuf2-2.24.1-6.el6_7.s390x.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.s390.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.s390x.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.s390.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.s390x.rpm x86_64: gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: gdk-pixbuf2-2.24.1-6.el6_7.src.rpm i386: gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm x86_64: gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-debuginfo-2.24.1-6.el6_7.x86_64.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm gdk-pixbuf2-devel-2.24.1-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: gdk-pixbuf2-2.28.2-5.el7_1.src.rpm x86_64: gdk-pixbuf2-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: gdk-pixbuf2-2.28.2-5.el7_1.src.rpm x86_64: gdk-pixbuf2-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gdk-pixbuf2-2.28.2-5.el7_1.src.rpm ppc64: gdk-pixbuf2-2.28.2-5.el7_1.ppc.rpm gdk-pixbuf2-2.28.2-5.el7_1.ppc64.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.ppc.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.ppc64.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.ppc.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.ppc64.rpm s390x: gdk-pixbuf2-2.28.2-5.el7_1.s390.rpm gdk-pixbuf2-2.28.2-5.el7_1.s390x.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.s390.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.s390x.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.s390.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.s390x.rpm x86_64: gdk-pixbuf2-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gdk-pixbuf2-2.28.2-5.ael7b_1.src.rpm ppc64le: gdk-pixbuf2-2.28.2-5.ael7b_1.ppc64le.rpm gdk-pixbuf2-debuginfo-2.28.2-5.ael7b_1.ppc64le.rpm gdk-pixbuf2-devel-2.28.2-5.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gdk-pixbuf2-2.28.2-5.el7_1.src.rpm x86_64: gdk-pixbuf2-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-debuginfo-2.28.2-5.el7_1.x86_64.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.i686.rpm gdk-pixbuf2-devel-2.28.2-5.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4491 https://access.redhat.com/security/updates/classification/#moderate https://www.mozilla.org/security/announce/2015/mfsa2015-88.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV5Bh3XlSAg2UNWIIRAs23AKDCNHztO23nx2OKeNNemwxjtsglgQCeOMfi Ac/G76QUzIbS5x2Yp5rzBa4= =UIAv -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 31 09:20:22 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Aug 2015 09:20:22 +0000 Subject: [RHSA-2015:1695-01] Important: jakarta-taglibs-standard security update Message-ID: <201508310906.t7V96vmn012729@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: jakarta-taglibs-standard security update Advisory ID: RHSA-2015:1695-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1695.html Issue date: 2015-08-31 CVE Names: CVE-2015-0254 ===================================================================== 1. Summary: Updated jakarta-taglibs-standard packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: jakarta-taglibs-standard is the Java Standard Tag Library (JSTL). This library is used in conjunction with Tomcat and Java Server Pages (JSP). It was found that the Java Standard Tag Library (JSTL) allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution. (CVE-2015-0254) Note: jakarta-taglibs-standard users may need to take additional steps after applying this update. Detailed instructions on the additional steps can be found here: https://access.redhat.com/solutions/1584363 All jakarta-taglibs-standard users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1198606 - CVE-2015-0254 jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: jakarta-taglibs-standard-1.1.1-11.7.el6_7.src.rpm noarch: jakarta-taglibs-standard-1.1.1-11.7.el6_7.noarch.rpm jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: jakarta-taglibs-standard-1.1.1-11.7.el6_7.src.rpm noarch: jakarta-taglibs-standard-1.1.1-11.7.el6_7.noarch.rpm jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: jakarta-taglibs-standard-1.1.1-11.7.el6_7.src.rpm noarch: jakarta-taglibs-standard-1.1.1-11.7.el6_7.noarch.rpm jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: jakarta-taglibs-standard-1.1.1-11.7.el6_7.src.rpm noarch: jakarta-taglibs-standard-1.1.1-11.7.el6_7.noarch.rpm jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: jakarta-taglibs-standard-1.1.2-14.el7_1.src.rpm noarch: jakarta-taglibs-standard-1.1.2-14.el7_1.noarch.rpm jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: jakarta-taglibs-standard-1.1.2-14.el7_1.src.rpm noarch: jakarta-taglibs-standard-1.1.2-14.el7_1.noarch.rpm jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: jakarta-taglibs-standard-1.1.2-14.el7_1.src.rpm noarch: jakarta-taglibs-standard-1.1.2-14.el7_1.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: jakarta-taglibs-standard-1.1.2-14.ael7b_1.src.rpm noarch: jakarta-taglibs-standard-1.1.2-14.ael7b_1.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: jakarta-taglibs-standard-1.1.2-14.el7_1.src.rpm noarch: jakarta-taglibs-standard-1.1.2-14.el7_1.noarch.rpm jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: jakarta-taglibs-standard-javadoc-1.1.2-14.ael7b_1.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: jakarta-taglibs-standard-1.1.2-14.el7_1.src.rpm noarch: jakarta-taglibs-standard-1.1.2-14.el7_1.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0254 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/solutions/1584363 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV5BkVXlSAg2UNWIIRAm1YAJ9/wxvV/ERB3SrNKT0pIpMr9uzVDACfZKm6 hryqsStUmX0ibEDtMXk2HN0= =gTj7 -----END PGP SIGNATURE-----