From bugzilla at redhat.com Mon Feb 2 19:21:08 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Feb 2015 19:21:08 +0000 Subject: [RHSA-2015:0112-01] Moderate: libyaml security update Message-ID: <201502021921.t12JL89s009077@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libyaml security update Advisory ID: RHSA-2015:0112-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0112.html Issue date: 2015-02-02 CVE Names: CVE-2014-9130 ===================================================================== 1. Summary: Updated libyaml packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 3. Description: YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130) All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9130 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUz84HXlSAg2UNWIIRAh4uAJ9H6PCdkcCKZt7RbmhUm6MQAsC1CQCfZUhS Bik0A0v7YzLIRWO7jWs6FRI= =yF9r -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 2 19:22:23 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Feb 2015 19:22:23 +0000 Subject: [RHSA-2015:0113-01] Moderate: libvncserver security update Message-ID: <201502021922.t12JMOkQ030963@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvncserver security update Advisory ID: RHSA-2015:0113-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0113.html Issue date: 2015-02-02 CVE Names: CVE-2014-6051 CVE-2014-6055 ===================================================================== 1. Summary: Updated libvncserver packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. (CVE-2014-6051) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. All libvncserver users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libvncserver must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1144287 - CVE-2014-6051 libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling 1144293 - CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.5): Source: libvncserver-0.9.7-7.el6_5.1.src.rpm i386: libvncserver-0.9.7-7.el6_5.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.i686.rpm ppc64: libvncserver-0.9.7-7.el6_5.1.ppc64.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.ppc64.rpm s390x: libvncserver-0.9.7-7.el6_5.1.s390x.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.s390x.rpm x86_64: libvncserver-0.9.7-7.el6_5.1.x86_64.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: libvncserver-0.9.7-7.el6_5.1.src.rpm i386: libvncserver-debuginfo-0.9.7-7.el6_5.1.i686.rpm libvncserver-devel-0.9.7-7.el6_5.1.i686.rpm ppc64: libvncserver-0.9.7-7.el6_5.1.ppc.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.ppc.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.ppc64.rpm libvncserver-devel-0.9.7-7.el6_5.1.ppc.rpm libvncserver-devel-0.9.7-7.el6_5.1.ppc64.rpm s390x: libvncserver-0.9.7-7.el6_5.1.s390.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.s390.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.s390x.rpm libvncserver-devel-0.9.7-7.el6_5.1.s390.rpm libvncserver-devel-0.9.7-7.el6_5.1.s390x.rpm x86_64: libvncserver-0.9.7-7.el6_5.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_5.1.x86_64.rpm libvncserver-devel-0.9.7-7.el6_5.1.i686.rpm libvncserver-devel-0.9.7-7.el6_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6051 https://access.redhat.com/security/cve/CVE-2014-6055 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUz84yXlSAg2UNWIIRAqj2AJ9+258UXrmpj8L5l1bGbTfrXYRSRgCgul3Z lrmn0f27PKwrLSoijaZwF28= =V43Z -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 3 18:17:09 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Feb 2015 18:17:09 +0000 Subject: [RHSA-2015:0115-01] Important: kernel security update Message-ID: <201502031817.t13IH990016736@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2015:0115-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0115.html Issue date: 2015-02-03 CVE Names: CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks 1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks 1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing 6. Package List: Red Hat Enterprise Linux AUS (v. 6.2 server): Source: kernel-2.6.32-220.58.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.58.1.el6.noarch.rpm kernel-firmware-2.6.32-220.58.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.58.1.el6.x86_64.rpm kernel-debug-2.6.32-220.58.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.58.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.58.1.el6.x86_64.rpm kernel-devel-2.6.32-220.58.1.el6.x86_64.rpm kernel-headers-2.6.32-220.58.1.el6.x86_64.rpm perf-2.6.32-220.58.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.58.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.58.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm python-perf-2.6.32-220.58.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.58.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3673 https://access.redhat.com/security/cve/CVE-2014-3687 https://access.redhat.com/security/cve/CVE-2014-3688 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU0RBeXlSAg2UNWIIRApb8AJ0ZRWRFKzng5mDm/C8tfJ5s4/FwPQCfXM+C UU+Ei4yQmo/ao+kUkW8BhVk= =qd3y -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 3 18:17:38 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Feb 2015 18:17:38 +0000 Subject: [RHSA-2015:0116-01] Moderate: mysql55-mysql security update Message-ID: <201502031817.t13IHchC006894@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql55-mysql security update Advisory ID: RHSA-2015:0116-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0116.html Issue date: 2015-02-03 CVE Names: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MySQL to version 5.5.41. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1184552 - CVE-2014-6568 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015) 1184553 - CVE-2015-0374 mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015) 1184554 - CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184555 - CVE-2015-0382 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184557 - CVE-2015-0391 mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015) 1184560 - CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015) 1184561 - CVE-2015-0432 mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015) 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: mysql55-mysql-5.5.41-2.el6.src.rpm x86_64: mysql55-mysql-5.5.41-2.el6.x86_64.rpm mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: mysql55-mysql-5.5.41-2.el6.src.rpm x86_64: mysql55-mysql-5.5.41-2.el6.x86_64.rpm mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: mysql55-mysql-5.5.41-2.el6.src.rpm x86_64: mysql55-mysql-5.5.41-2.el6.x86_64.rpm mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mysql55-mysql-5.5.41-2.el6.src.rpm x86_64: mysql55-mysql-5.5.41-2.el6.x86_64.rpm mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: mysql55-mysql-5.5.41-2.el6.src.rpm x86_64: mysql55-mysql-5.5.41-2.el6.x86_64.rpm mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: mysql55-mysql-5.5.41-2.el7.src.rpm x86_64: mysql55-mysql-5.5.41-2.el7.x86_64.rpm mysql55-mysql-bench-5.5.41-2.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.41-2.el7.x86_64.rpm mysql55-mysql-devel-5.5.41-2.el7.x86_64.rpm mysql55-mysql-libs-5.5.41-2.el7.x86_64.rpm mysql55-mysql-server-5.5.41-2.el7.x86_64.rpm mysql55-mysql-test-5.5.41-2.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: mysql55-mysql-5.5.41-2.el7.src.rpm x86_64: mysql55-mysql-5.5.41-2.el7.x86_64.rpm mysql55-mysql-bench-5.5.41-2.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.41-2.el7.x86_64.rpm mysql55-mysql-devel-5.5.41-2.el7.x86_64.rpm mysql55-mysql-libs-5.5.41-2.el7.x86_64.rpm mysql55-mysql-server-5.5.41-2.el7.x86_64.rpm mysql55-mysql-test-5.5.41-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6568 https://access.redhat.com/security/cve/CVE-2015-0374 https://access.redhat.com/security/cve/CVE-2015-0381 https://access.redhat.com/security/cve/CVE-2015-0382 https://access.redhat.com/security/cve/CVE-2015-0391 https://access.redhat.com/security/cve/CVE-2015-0411 https://access.redhat.com/security/cve/CVE-2015-0432 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU0RC2XlSAg2UNWIIRApnsAJ95So54fSlLom6Pel1+kn9Ac9TflwCfQxJY hZuPwk3ftXal7P9iN1/BK8s= =qfHH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 3 18:19:51 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Feb 2015 18:19:51 +0000 Subject: [RHSA-2015:0117-01] Moderate: mariadb55-mariadb security update Message-ID: <201502031819.t13IJpVI024791@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb55-mariadb security update Advisory ID: RHSA-2015:0117-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0117.html Issue date: 2015-02-03 CVE Names: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 ===================================================================== 1. Summary: Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1184552 - CVE-2014-6568 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015) 1184553 - CVE-2015-0374 mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015) 1184554 - CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184555 - CVE-2015-0382 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184557 - CVE-2015-0391 mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015) 1184560 - CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015) 1184561 - CVE-2015-0432 mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015) 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: mariadb55-mariadb-5.5.41-12.el6.src.rpm x86_64: mariadb55-mariadb-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-server-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-test-5.5.41-12.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: mariadb55-mariadb-5.5.41-12.el6.src.rpm x86_64: mariadb55-mariadb-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-server-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-test-5.5.41-12.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: mariadb55-mariadb-5.5.41-12.el6.src.rpm x86_64: mariadb55-mariadb-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-server-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-test-5.5.41-12.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mariadb55-mariadb-5.5.41-12.el6.src.rpm x86_64: mariadb55-mariadb-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-server-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-test-5.5.41-12.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: mariadb55-mariadb-5.5.41-12.el6.src.rpm x86_64: mariadb55-mariadb-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-server-5.5.41-12.el6.x86_64.rpm mariadb55-mariadb-test-5.5.41-12.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: mariadb55-mariadb-5.5.41-12.el7.src.rpm x86_64: mariadb55-mariadb-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-server-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-test-5.5.41-12.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb55-mariadb-5.5.41-12.el7.src.rpm x86_64: mariadb55-mariadb-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-server-5.5.41-12.el7.x86_64.rpm mariadb55-mariadb-test-5.5.41-12.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6568 https://access.redhat.com/security/cve/CVE-2015-0374 https://access.redhat.com/security/cve/CVE-2015-0381 https://access.redhat.com/security/cve/CVE-2015-0382 https://access.redhat.com/security/cve/CVE-2015-0391 https://access.redhat.com/security/cve/CVE-2015-0411 https://access.redhat.com/security/cve/CVE-2015-0432 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU0RDxXlSAg2UNWIIRAsGNAJ9vBHCHZBaCgbZZhHSmEnwwUOd2kwCgs5vh 9P/Xe3mwgxdm5buhP3Fl81A= =nC9y -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 3 18:20:33 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Feb 2015 18:20:33 +0000 Subject: [RHSA-2015:0118-01] Moderate: mariadb security update Message-ID: <201502031820.t13IKXZd025153@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb security update Advisory ID: RHSA-2015:0118-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0118.html Issue date: 2015-02-03 CVE Names: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 ===================================================================== 1. Summary: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1184552 - CVE-2014-6568 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015) 1184553 - CVE-2015-0374 mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015) 1184554 - CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184555 - CVE-2015-0382 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015) 1184557 - CVE-2015-0391 mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015) 1184560 - CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015) 1184561 - CVE-2015-0432 mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.41-2.el7_0.src.rpm x86_64: mariadb-5.5.41-2.el7_0.x86_64.rpm mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-libs-5.5.41-2.el7_0.i686.rpm mariadb-libs-5.5.41-2.el7_0.x86_64.rpm mariadb-server-5.5.41-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.41-2.el7_0.x86_64.rpm mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-devel-5.5.41-2.el7_0.i686.rpm mariadb-devel-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-5.5.41-2.el7_0.i686.rpm mariadb-embedded-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.41-2.el7_0.i686.rpm mariadb-embedded-devel-5.5.41-2.el7_0.x86_64.rpm mariadb-test-5.5.41-2.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.41-2.el7_0.src.rpm x86_64: mariadb-5.5.41-2.el7_0.x86_64.rpm mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-libs-5.5.41-2.el7_0.i686.rpm mariadb-libs-5.5.41-2.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.41-2.el7_0.x86_64.rpm mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-devel-5.5.41-2.el7_0.i686.rpm mariadb-devel-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-5.5.41-2.el7_0.i686.rpm mariadb-embedded-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.41-2.el7_0.i686.rpm mariadb-embedded-devel-5.5.41-2.el7_0.x86_64.rpm mariadb-server-5.5.41-2.el7_0.x86_64.rpm mariadb-test-5.5.41-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.41-2.el7_0.src.rpm ppc64: mariadb-5.5.41-2.el7_0.ppc64.rpm mariadb-bench-5.5.41-2.el7_0.ppc64.rpm mariadb-debuginfo-5.5.41-2.el7_0.ppc.rpm mariadb-debuginfo-5.5.41-2.el7_0.ppc64.rpm mariadb-devel-5.5.41-2.el7_0.ppc.rpm mariadb-devel-5.5.41-2.el7_0.ppc64.rpm mariadb-libs-5.5.41-2.el7_0.ppc.rpm mariadb-libs-5.5.41-2.el7_0.ppc64.rpm mariadb-server-5.5.41-2.el7_0.ppc64.rpm mariadb-test-5.5.41-2.el7_0.ppc64.rpm s390x: mariadb-5.5.41-2.el7_0.s390x.rpm mariadb-bench-5.5.41-2.el7_0.s390x.rpm mariadb-debuginfo-5.5.41-2.el7_0.s390.rpm mariadb-debuginfo-5.5.41-2.el7_0.s390x.rpm mariadb-devel-5.5.41-2.el7_0.s390.rpm mariadb-devel-5.5.41-2.el7_0.s390x.rpm mariadb-libs-5.5.41-2.el7_0.s390.rpm mariadb-libs-5.5.41-2.el7_0.s390x.rpm mariadb-server-5.5.41-2.el7_0.s390x.rpm mariadb-test-5.5.41-2.el7_0.s390x.rpm x86_64: mariadb-5.5.41-2.el7_0.x86_64.rpm mariadb-bench-5.5.41-2.el7_0.x86_64.rpm mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-devel-5.5.41-2.el7_0.i686.rpm mariadb-devel-5.5.41-2.el7_0.x86_64.rpm mariadb-libs-5.5.41-2.el7_0.i686.rpm mariadb-libs-5.5.41-2.el7_0.x86_64.rpm mariadb-server-5.5.41-2.el7_0.x86_64.rpm mariadb-test-5.5.41-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.41-2.el7_0.ppc.rpm mariadb-debuginfo-5.5.41-2.el7_0.ppc64.rpm mariadb-embedded-5.5.41-2.el7_0.ppc.rpm mariadb-embedded-5.5.41-2.el7_0.ppc64.rpm mariadb-embedded-devel-5.5.41-2.el7_0.ppc.rpm mariadb-embedded-devel-5.5.41-2.el7_0.ppc64.rpm s390x: mariadb-debuginfo-5.5.41-2.el7_0.s390.rpm mariadb-debuginfo-5.5.41-2.el7_0.s390x.rpm mariadb-embedded-5.5.41-2.el7_0.s390.rpm mariadb-embedded-5.5.41-2.el7_0.s390x.rpm mariadb-embedded-devel-5.5.41-2.el7_0.s390.rpm mariadb-embedded-devel-5.5.41-2.el7_0.s390x.rpm x86_64: mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-5.5.41-2.el7_0.i686.rpm mariadb-embedded-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.41-2.el7_0.i686.rpm mariadb-embedded-devel-5.5.41-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.41-2.el7_0.src.rpm x86_64: mariadb-5.5.41-2.el7_0.x86_64.rpm mariadb-bench-5.5.41-2.el7_0.x86_64.rpm mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-devel-5.5.41-2.el7_0.i686.rpm mariadb-devel-5.5.41-2.el7_0.x86_64.rpm mariadb-libs-5.5.41-2.el7_0.i686.rpm mariadb-libs-5.5.41-2.el7_0.x86_64.rpm mariadb-server-5.5.41-2.el7_0.x86_64.rpm mariadb-test-5.5.41-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.41-2.el7_0.i686.rpm mariadb-debuginfo-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-5.5.41-2.el7_0.i686.rpm mariadb-embedded-5.5.41-2.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.41-2.el7_0.i686.rpm mariadb-embedded-devel-5.5.41-2.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6568 https://access.redhat.com/security/cve/CVE-2015-0374 https://access.redhat.com/security/cve/CVE-2015-0381 https://access.redhat.com/security/cve/CVE-2015-0382 https://access.redhat.com/security/cve/CVE-2015-0391 https://access.redhat.com/security/cve/CVE-2015-0411 https://access.redhat.com/security/cve/CVE-2015-0432 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU0RFoXlSAg2UNWIIRAhbrAJ0Zyb/W15OHFDHUVCqdFMAEgVUDGwCgjEV5 d5cxl2wJ0bK4fx5ttvkkgRw= =OOnK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 5 19:39:20 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Feb 2015 19:39:20 +0000 Subject: [RHSA-2015:0133-01] Critical: java-1.7.1-ibm security update Message-ID: <201502051939.t15JdKid021527@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2015:0133-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0133.html Issue date: 2015-02-05 CVE Names: CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-8891 CVE-2014-8892 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 ===================================================================== 1. Summary: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2-FP10 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183660 - CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1189142 - CVE-2014-8891 IBM JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update 1189145 - CVE-2014-8892 IBM JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el7_0.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el7_0.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.10-1jpp.3.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6549 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-8891 https://access.redhat.com/security/cve/CVE-2014-8892 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU08bZXlSAg2UNWIIRArh4AKCRQB5CyKBnsCLpCTlBecf24UV5gACgiY1e T0txqmM42WugT7Nx628tBMs= =eej3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 5 19:39:39 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Feb 2015 19:39:39 +0000 Subject: [RHSA-2015:0134-01] Critical: java-1.7.0-ibm security update Message-ID: <201502051939.t15Jdeuw014428@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2015:0134-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0134.html Issue date: 2015-02-05 CVE Names: CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-8891 CVE-2014-8892 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8-FP10 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183660 - CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1189142 - CVE-2014-8891 IBM JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update 1189145 - CVE-2014-8892 IBM JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.i386.rpm ppc: java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.ppc.rpm java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.ppc.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.ppc.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.8.10-1jpp.4.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.s390.rpm java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.s390.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.s390.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.s390x.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.s390.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.10-1jpp.4.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.10-1jpp.4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6549 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-8891 https://access.redhat.com/security/cve/CVE-2014-8892 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU08b1XlSAg2UNWIIRAn39AKCald3xvdcTAb2ZMimo8K8SVyZBvACfUrbL R3pGso8sZaXf2OQD3OkgtSY= =k9XX -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 5 19:40:19 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Feb 2015 19:40:19 +0000 Subject: [RHSA-2015:0135-01] Critical: java-1.6.0-ibm security update Message-ID: <201502051940.t15JeJc3030120@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2015:0135-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0135.html Issue date: 2015-02-05 CVE Names: CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-8891 CVE-2014-8892 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP3 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1189142 - CVE-2014-8891 IBM JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update 1189145 - CVE-2014-8892 IBM JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.3-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el6_6.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.3-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-8891 https://access.redhat.com/security/cve/CVE-2014-8892 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU08ccXlSAg2UNWIIRArwqAJwIn+wMBOJQ5OIJPiRo8iWEVurRRQCgntc1 OYTk9LfKZLQm9kZesvRTD2A= =PMTL -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 5 19:41:21 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Feb 2015 19:41:21 +0000 Subject: [RHSA-2015:0136-01] Important: java-1.5.0-ibm security update Message-ID: <201502051941.t15JfLmE031253@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2015:0136-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0136.html Issue date: 2015-02-05 CVE Names: CVE-2014-6585 CVE-2014-6591 CVE-2014-6593 CVE-2014-8891 CVE-2014-8892 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6585, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP9 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1189142 - CVE-2014-8891 IBM JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update 1189145 - CVE-2014-8892 IBM JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-8891 https://access.redhat.com/security/cve/CVE-2014-8892 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU08c8XlSAg2UNWIIRAsvfAJ4pkIgkbu8Iy6Fvq+KY84O+G+UkSQCfVj1Q DMGOO3AniQeDlgUzvDSuZXY= =Y+zq -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 6 14:42:33 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 6 Feb 2015 14:42:33 +0000 Subject: [RHSA-2015:0140-01] Critical: flash-plugin security update Message-ID: <201502061442.t16EgXPs029676@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:0140-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0140.html Issue date: 2015-02-06 CVE Names: CVE-2015-0314 CVE-2015-0315 CVE-2015-0316 CVE-2015-0317 CVE-2015-0318 CVE-2015-0319 CVE-2015-0320 CVE-2015-0321 CVE-2015-0322 CVE-2015-0323 CVE-2015-0324 CVE-2015-0325 CVE-2015-0326 CVE-2015-0327 CVE-2015-0328 CVE-2015-0329 CVE-2015-0330 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-04 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.442. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1190068 - flash-plugin: multiple code execution flaws (APSB15-04) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.442-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.442-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.442-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.442-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.442-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.442-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.442-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.442-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.442-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.442-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0314 https://access.redhat.com/security/cve/CVE-2015-0315 https://access.redhat.com/security/cve/CVE-2015-0316 https://access.redhat.com/security/cve/CVE-2015-0317 https://access.redhat.com/security/cve/CVE-2015-0318 https://access.redhat.com/security/cve/CVE-2015-0319 https://access.redhat.com/security/cve/CVE-2015-0320 https://access.redhat.com/security/cve/CVE-2015-0321 https://access.redhat.com/security/cve/CVE-2015-0322 https://access.redhat.com/security/cve/CVE-2015-0323 https://access.redhat.com/security/cve/CVE-2015-0324 https://access.redhat.com/security/cve/CVE-2015-0325 https://access.redhat.com/security/cve/CVE-2015-0326 https://access.redhat.com/security/cve/CVE-2015-0327 https://access.redhat.com/security/cve/CVE-2015-0328 https://access.redhat.com/security/cve/CVE-2015-0329 https://access.redhat.com/security/cve/CVE-2015-0330 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-04.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU1NKPXlSAg2UNWIIRAuaMAKCrTaZA9Qbqdqmms8W0dscYkNvkiQCeIiHs Rb1nXRLO0fFKuancn8e1EKw= =IZLG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 10 22:33:47 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Feb 2015 22:33:47 +0000 Subject: [RHSA-2015:0163-01] Important: chromium-browser security update Message-ID: <201502102233.t1AMXlQf031004@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2015:0163-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0163.html Issue date: 2015-02-10 CVE Names: CVE-2015-1209 CVE-2015-1210 CVE-2015-1211 CVE-2015-1212 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212) All Chromium users should upgrade to these updated packages, which contain Chromium version 40.0.2214.111, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1190123 - CVE-2015-1209 chromium-browser: use-after-free in DOM 1190124 - CVE-2015-1210 chromium-browser: cross-origin-bypass in V8 bindings 1190125 - CVE-2015-1211 chromium-browser: privilege escalation in service workers 1190158 - CVE-2015-1212 chromium-browser: various security fixes in Chrome 40.0.2214.111 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-40.0.2214.111-1.el6_6.src.rpm i386: chromium-browser-40.0.2214.111-1.el6_6.i686.rpm chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm x86_64: chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-40.0.2214.111-1.el6_6.src.rpm i386: chromium-browser-40.0.2214.111-1.el6_6.i686.rpm chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm x86_64: chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-40.0.2214.111-1.el6_6.src.rpm i386: chromium-browser-40.0.2214.111-1.el6_6.i686.rpm chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm x86_64: chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1209 https://access.redhat.com/security/cve/CVE-2015-1210 https://access.redhat.com/security/cve/CVE-2015-1211 https://access.redhat.com/security/cve/CVE-2015-1212 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2oc6XlSAg2UNWIIRArgRAJ0UDk0z8qCzqVFIRSEuiIgr3tP9swCfdFO2 59ank3BbCLmfdBRtQ9lpFz4= =mT/S -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 10 22:34:41 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Feb 2015 22:34:41 +0000 Subject: [RHSA-2015:0164-01] Moderate: kernel security and bug fix update Message-ID: <201502102234.t1AMYkJR031320@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2015:0164-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0164.html Issue date: 2015-02-10 CVE Names: CVE-2014-7822 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) Red Hat would like to thank Akira Fujita of NEC for reporting this issue. This update also fixes the following bugs: * Previously, hot-unplugging of a virtio-blk device could in some cases lead to a kernel panic, for example during in-flight I/O requests. This update fixes race condition in the hot-unplug code in the virtio_blk.ko module. As a result, hot unplugging of the virtio-blk device no longer causes the guest kernel oops when there are in-flight I/O requests. (BZ#1006536) * Before this update, due to a bug in the error-handling path, a corrupted metadata block could be used as a valid block. With this update, the error handling path has been fixed and more checks have been added to verify the metadata block. Now, when a corrupted metadata block is encountered, it is properly marked as corrupted and handled accordingly. (BZ#1034403) * Previously, an incorrectly initialized variable resulted in a random value being stored in the variable that holds the number of default ACLs, and is sent in the SET_PATH_INFO data structure. Consequently, the setfacl command could, under certain circumstances, fail with an "Invalid argument" error. With this update, the variable is correctly initialized to zero, thus fixing the bug. (BZ#1105625) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1163792 - CVE-2014-7822 kernel: splice: lack of generic write checks 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-402.el5.src.rpm i386: kernel-2.6.18-402.el5.i686.rpm kernel-PAE-2.6.18-402.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-402.el5.i686.rpm kernel-PAE-devel-2.6.18-402.el5.i686.rpm kernel-debug-2.6.18-402.el5.i686.rpm kernel-debug-debuginfo-2.6.18-402.el5.i686.rpm kernel-debug-devel-2.6.18-402.el5.i686.rpm kernel-debuginfo-2.6.18-402.el5.i686.rpm kernel-debuginfo-common-2.6.18-402.el5.i686.rpm kernel-devel-2.6.18-402.el5.i686.rpm kernel-headers-2.6.18-402.el5.i386.rpm kernel-xen-2.6.18-402.el5.i686.rpm kernel-xen-debuginfo-2.6.18-402.el5.i686.rpm kernel-xen-devel-2.6.18-402.el5.i686.rpm noarch: kernel-doc-2.6.18-402.el5.noarch.rpm x86_64: kernel-2.6.18-402.el5.x86_64.rpm kernel-debug-2.6.18-402.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-402.el5.x86_64.rpm kernel-debug-devel-2.6.18-402.el5.x86_64.rpm kernel-debuginfo-2.6.18-402.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-402.el5.x86_64.rpm kernel-devel-2.6.18-402.el5.x86_64.rpm kernel-headers-2.6.18-402.el5.x86_64.rpm kernel-xen-2.6.18-402.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-402.el5.x86_64.rpm kernel-xen-devel-2.6.18-402.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-402.el5.src.rpm i386: kernel-2.6.18-402.el5.i686.rpm kernel-PAE-2.6.18-402.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-402.el5.i686.rpm kernel-PAE-devel-2.6.18-402.el5.i686.rpm kernel-debug-2.6.18-402.el5.i686.rpm kernel-debug-debuginfo-2.6.18-402.el5.i686.rpm kernel-debug-devel-2.6.18-402.el5.i686.rpm kernel-debuginfo-2.6.18-402.el5.i686.rpm kernel-debuginfo-common-2.6.18-402.el5.i686.rpm kernel-devel-2.6.18-402.el5.i686.rpm kernel-headers-2.6.18-402.el5.i386.rpm kernel-xen-2.6.18-402.el5.i686.rpm kernel-xen-debuginfo-2.6.18-402.el5.i686.rpm kernel-xen-devel-2.6.18-402.el5.i686.rpm ia64: kernel-2.6.18-402.el5.ia64.rpm kernel-debug-2.6.18-402.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-402.el5.ia64.rpm kernel-debug-devel-2.6.18-402.el5.ia64.rpm kernel-debuginfo-2.6.18-402.el5.ia64.rpm kernel-debuginfo-common-2.6.18-402.el5.ia64.rpm kernel-devel-2.6.18-402.el5.ia64.rpm kernel-headers-2.6.18-402.el5.ia64.rpm kernel-xen-2.6.18-402.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-402.el5.ia64.rpm kernel-xen-devel-2.6.18-402.el5.ia64.rpm noarch: kernel-doc-2.6.18-402.el5.noarch.rpm ppc: kernel-2.6.18-402.el5.ppc64.rpm kernel-debug-2.6.18-402.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-402.el5.ppc64.rpm kernel-debug-devel-2.6.18-402.el5.ppc64.rpm kernel-debuginfo-2.6.18-402.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-402.el5.ppc64.rpm kernel-devel-2.6.18-402.el5.ppc64.rpm kernel-headers-2.6.18-402.el5.ppc.rpm kernel-headers-2.6.18-402.el5.ppc64.rpm kernel-kdump-2.6.18-402.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-402.el5.ppc64.rpm kernel-kdump-devel-2.6.18-402.el5.ppc64.rpm s390x: kernel-2.6.18-402.el5.s390x.rpm kernel-debug-2.6.18-402.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-402.el5.s390x.rpm kernel-debug-devel-2.6.18-402.el5.s390x.rpm kernel-debuginfo-2.6.18-402.el5.s390x.rpm kernel-debuginfo-common-2.6.18-402.el5.s390x.rpm kernel-devel-2.6.18-402.el5.s390x.rpm kernel-headers-2.6.18-402.el5.s390x.rpm kernel-kdump-2.6.18-402.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-402.el5.s390x.rpm kernel-kdump-devel-2.6.18-402.el5.s390x.rpm x86_64: kernel-2.6.18-402.el5.x86_64.rpm kernel-debug-2.6.18-402.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-402.el5.x86_64.rpm kernel-debug-devel-2.6.18-402.el5.x86_64.rpm kernel-debuginfo-2.6.18-402.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-402.el5.x86_64.rpm kernel-devel-2.6.18-402.el5.x86_64.rpm kernel-headers-2.6.18-402.el5.x86_64.rpm kernel-xen-2.6.18-402.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-402.el5.x86_64.rpm kernel-xen-devel-2.6.18-402.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7822 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2odfXlSAg2UNWIIRAiyUAKCXbB4hz/5sIa6BJR5Td/j5r0OZnwCcCJzM GtzCPCsMqUWusNIU4eeWm/g= =jM+T -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 10 22:35:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Feb 2015 22:35:28 +0000 Subject: [RHSA-2015:0165-01] Moderate: subversion security update Message-ID: <201502102235.t1AMZSns023653@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0165-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0165.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 ===================================================================== 1. Summary: Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: subversion-1.6.11-12.el6_6.src.rpm i386: mod_dav_svn-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm noarch: subversion-svn2cl-1.6.11-12.el6_6.noarch.rpm x86_64: mod_dav_svn-1.6.11-12.el6_6.x86_64.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.x86_64.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.x86_64.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.x86_64.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.x86_64.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.x86_64.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.x86_64.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: subversion-1.6.11-12.el6_6.src.rpm noarch: subversion-svn2cl-1.6.11-12.el6_6.noarch.rpm x86_64: mod_dav_svn-1.6.11-12.el6_6.x86_64.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.x86_64.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.x86_64.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.x86_64.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.x86_64.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.x86_64.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.x86_64.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: subversion-1.6.11-12.el6_6.src.rpm i386: mod_dav_svn-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm ppc64: mod_dav_svn-1.6.11-12.el6_6.ppc64.rpm subversion-1.6.11-12.el6_6.ppc.rpm subversion-1.6.11-12.el6_6.ppc64.rpm subversion-debuginfo-1.6.11-12.el6_6.ppc.rpm subversion-debuginfo-1.6.11-12.el6_6.ppc64.rpm s390x: mod_dav_svn-1.6.11-12.el6_6.s390x.rpm subversion-1.6.11-12.el6_6.s390.rpm subversion-1.6.11-12.el6_6.s390x.rpm subversion-debuginfo-1.6.11-12.el6_6.s390.rpm subversion-debuginfo-1.6.11-12.el6_6.s390x.rpm x86_64: mod_dav_svn-1.6.11-12.el6_6.x86_64.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.x86_64.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm noarch: subversion-svn2cl-1.6.11-12.el6_6.noarch.rpm ppc64: subversion-debuginfo-1.6.11-12.el6_6.ppc.rpm subversion-debuginfo-1.6.11-12.el6_6.ppc64.rpm subversion-devel-1.6.11-12.el6_6.ppc.rpm subversion-devel-1.6.11-12.el6_6.ppc64.rpm subversion-gnome-1.6.11-12.el6_6.ppc.rpm subversion-gnome-1.6.11-12.el6_6.ppc64.rpm subversion-javahl-1.6.11-12.el6_6.ppc.rpm subversion-javahl-1.6.11-12.el6_6.ppc64.rpm subversion-kde-1.6.11-12.el6_6.ppc.rpm subversion-kde-1.6.11-12.el6_6.ppc64.rpm subversion-perl-1.6.11-12.el6_6.ppc.rpm subversion-perl-1.6.11-12.el6_6.ppc64.rpm subversion-ruby-1.6.11-12.el6_6.ppc.rpm subversion-ruby-1.6.11-12.el6_6.ppc64.rpm s390x: subversion-debuginfo-1.6.11-12.el6_6.s390.rpm subversion-debuginfo-1.6.11-12.el6_6.s390x.rpm subversion-devel-1.6.11-12.el6_6.s390.rpm subversion-devel-1.6.11-12.el6_6.s390x.rpm subversion-gnome-1.6.11-12.el6_6.s390.rpm subversion-gnome-1.6.11-12.el6_6.s390x.rpm subversion-javahl-1.6.11-12.el6_6.s390.rpm subversion-javahl-1.6.11-12.el6_6.s390x.rpm subversion-kde-1.6.11-12.el6_6.s390.rpm subversion-kde-1.6.11-12.el6_6.s390x.rpm subversion-perl-1.6.11-12.el6_6.s390.rpm subversion-perl-1.6.11-12.el6_6.s390x.rpm subversion-ruby-1.6.11-12.el6_6.s390.rpm subversion-ruby-1.6.11-12.el6_6.s390x.rpm x86_64: subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.x86_64.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.x86_64.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.x86_64.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.x86_64.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: subversion-1.6.11-12.el6_6.src.rpm i386: mod_dav_svn-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm x86_64: mod_dav_svn-1.6.11-12.el6_6.x86_64.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.x86_64.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm noarch: subversion-svn2cl-1.6.11-12.el6_6.noarch.rpm x86_64: subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.x86_64.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.x86_64.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.x86_64.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.x86_64.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2oepXlSAg2UNWIIRAkgGAJsHdWW0fE4wlDDhR8BBHpWBJWYymgCgs6j4 +Y5xq46GRtewPHR+DBWGBxc= =8ATU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 10 23:13:38 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Feb 2015 23:13:38 +0000 Subject: [RHSA-2015:0166-01] Moderate: subversion security update Message-ID: <201502102313.t1ANDcna016004@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 ===================================================================== 1. Summary: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 19 21:19:22 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Feb 2015 21:19:22 +0000 Subject: [RHSA-2015:0246-01] Important: openstack-glance security update Message-ID: <201502192119.t1JLJMja002481@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-glance security update Advisory ID: RHSA-2015:0246-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0246.html Issue date: 2015-02-19 CVE Names: CVE-2014-9493 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 and Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw. (CVE-2014-9493) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the running glance services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1174474 - CVE-2014-9493 openstack-glance: unrestricted path traversal flaw 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-glance-2014.1.3-4.el6ost.src.rpm noarch: openstack-glance-2014.1.3-4.el6ost.noarch.rpm openstack-glance-doc-2014.1.3-4.el6ost.noarch.rpm python-glance-2014.1.3-4.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-glance-2013.2.4-3.el6ost.src.rpm noarch: openstack-glance-2013.2.4-3.el6ost.noarch.rpm openstack-glance-doc-2013.2.4-3.el6ost.noarch.rpm python-glance-2013.2.4-3.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-glance-2014.1.3-4.el7ost.src.rpm noarch: openstack-glance-2014.1.3-4.el7ost.noarch.rpm openstack-glance-doc-2014.1.3-4.el7ost.noarch.rpm python-glance-2014.1.3-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9493 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU5lMiXlSAg2UNWIIRArIZAJ4mEJoI/v+DIVLB5Y5zPzn+wPwPlgCfeslz abNwYE5vef+NrO9++i029+U= =t+eg -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:46:24 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:46:24 +0000 Subject: [RHSA-2015:0249-01] Critical: samba3x security update Message-ID: <201502231946.t1NJkOv0014694@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba3x security update Advisory ID: RHSA-2015:0249-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0249.html Issue date: 2015-02-23 CVE Names: CVE-2015-0240 ===================================================================== 1. Summary: Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191325 - CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: samba3x-3.6.23-9.el5_11.src.rpm i386: samba3x-3.6.23-9.el5_11.i386.rpm samba3x-client-3.6.23-9.el5_11.i386.rpm samba3x-common-3.6.23-9.el5_11.i386.rpm samba3x-debuginfo-3.6.23-9.el5_11.i386.rpm samba3x-doc-3.6.23-9.el5_11.i386.rpm samba3x-domainjoin-gui-3.6.23-9.el5_11.i386.rpm samba3x-swat-3.6.23-9.el5_11.i386.rpm samba3x-winbind-3.6.23-9.el5_11.i386.rpm x86_64: samba3x-3.6.23-9.el5_11.x86_64.rpm samba3x-client-3.6.23-9.el5_11.x86_64.rpm samba3x-common-3.6.23-9.el5_11.x86_64.rpm samba3x-debuginfo-3.6.23-9.el5_11.i386.rpm samba3x-debuginfo-3.6.23-9.el5_11.x86_64.rpm samba3x-doc-3.6.23-9.el5_11.x86_64.rpm samba3x-domainjoin-gui-3.6.23-9.el5_11.x86_64.rpm samba3x-swat-3.6.23-9.el5_11.x86_64.rpm samba3x-winbind-3.6.23-9.el5_11.i386.rpm samba3x-winbind-3.6.23-9.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: samba3x-3.6.23-9.el5_11.src.rpm i386: samba3x-debuginfo-3.6.23-9.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm x86_64: samba3x-debuginfo-3.6.23-9.el5_11.i386.rpm samba3x-debuginfo-3.6.23-9.el5_11.x86_64.rpm samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-9.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: samba3x-3.6.23-9.el5_11.src.rpm i386: samba3x-3.6.23-9.el5_11.i386.rpm samba3x-client-3.6.23-9.el5_11.i386.rpm samba3x-common-3.6.23-9.el5_11.i386.rpm samba3x-debuginfo-3.6.23-9.el5_11.i386.rpm samba3x-doc-3.6.23-9.el5_11.i386.rpm samba3x-domainjoin-gui-3.6.23-9.el5_11.i386.rpm samba3x-swat-3.6.23-9.el5_11.i386.rpm samba3x-winbind-3.6.23-9.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm ia64: samba3x-3.6.23-9.el5_11.ia64.rpm samba3x-client-3.6.23-9.el5_11.ia64.rpm samba3x-common-3.6.23-9.el5_11.ia64.rpm samba3x-debuginfo-3.6.23-9.el5_11.ia64.rpm samba3x-doc-3.6.23-9.el5_11.ia64.rpm samba3x-domainjoin-gui-3.6.23-9.el5_11.ia64.rpm samba3x-swat-3.6.23-9.el5_11.ia64.rpm samba3x-winbind-3.6.23-9.el5_11.ia64.rpm samba3x-winbind-devel-3.6.23-9.el5_11.ia64.rpm ppc: samba3x-3.6.23-9.el5_11.ppc.rpm samba3x-client-3.6.23-9.el5_11.ppc.rpm samba3x-common-3.6.23-9.el5_11.ppc.rpm samba3x-debuginfo-3.6.23-9.el5_11.ppc.rpm samba3x-debuginfo-3.6.23-9.el5_11.ppc64.rpm samba3x-doc-3.6.23-9.el5_11.ppc.rpm samba3x-domainjoin-gui-3.6.23-9.el5_11.ppc.rpm samba3x-swat-3.6.23-9.el5_11.ppc.rpm samba3x-winbind-3.6.23-9.el5_11.ppc.rpm samba3x-winbind-3.6.23-9.el5_11.ppc64.rpm samba3x-winbind-devel-3.6.23-9.el5_11.ppc.rpm samba3x-winbind-devel-3.6.23-9.el5_11.ppc64.rpm s390x: samba3x-3.6.23-9.el5_11.s390x.rpm samba3x-client-3.6.23-9.el5_11.s390x.rpm samba3x-common-3.6.23-9.el5_11.s390x.rpm samba3x-debuginfo-3.6.23-9.el5_11.s390.rpm samba3x-debuginfo-3.6.23-9.el5_11.s390x.rpm samba3x-doc-3.6.23-9.el5_11.s390x.rpm samba3x-domainjoin-gui-3.6.23-9.el5_11.s390x.rpm samba3x-swat-3.6.23-9.el5_11.s390x.rpm samba3x-winbind-3.6.23-9.el5_11.s390.rpm samba3x-winbind-3.6.23-9.el5_11.s390x.rpm samba3x-winbind-devel-3.6.23-9.el5_11.s390.rpm samba3x-winbind-devel-3.6.23-9.el5_11.s390x.rpm x86_64: samba3x-3.6.23-9.el5_11.x86_64.rpm samba3x-client-3.6.23-9.el5_11.x86_64.rpm samba3x-common-3.6.23-9.el5_11.x86_64.rpm samba3x-debuginfo-3.6.23-9.el5_11.i386.rpm samba3x-debuginfo-3.6.23-9.el5_11.x86_64.rpm samba3x-doc-3.6.23-9.el5_11.x86_64.rpm samba3x-domainjoin-gui-3.6.23-9.el5_11.x86_64.rpm samba3x-swat-3.6.23-9.el5_11.x86_64.rpm samba3x-winbind-3.6.23-9.el5_11.i386.rpm samba3x-winbind-3.6.23-9.el5_11.x86_64.rpm samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-9.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0240 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/1346913 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64N0XlSAg2UNWIIRAiNzAKC9vm4sgsyLhLBmMf/qa/Z4OyD/WQCdE0f0 6IBGxKMXzBmmN4VFjwrrFuQ= =CEzD -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:47:23 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:47:23 +0000 Subject: [RHSA-2015:0250-01] Critical: samba4 security update Message-ID: <201502231947.t1NJlNLw015095@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba4 security update Advisory ID: RHSA-2015:0250-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0250.html Issue date: 2015-02-23 CVE Names: CVE-2015-0240 ===================================================================== 1. Summary: Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191325 - CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba4-4.0.0-66.el6_6.rc4.src.rpm i386: samba4-4.0.0-66.el6_6.rc4.i686.rpm samba4-client-4.0.0-66.el6_6.rc4.i686.rpm samba4-common-4.0.0-66.el6_6.rc4.i686.rpm samba4-dc-4.0.0-66.el6_6.rc4.i686.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.i686.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.i686.rpm samba4-devel-4.0.0-66.el6_6.rc4.i686.rpm samba4-libs-4.0.0-66.el6_6.rc4.i686.rpm samba4-pidl-4.0.0-66.el6_6.rc4.i686.rpm samba4-python-4.0.0-66.el6_6.rc4.i686.rpm samba4-swat-4.0.0-66.el6_6.rc4.i686.rpm samba4-test-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.i686.rpm x86_64: samba4-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-client-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-common-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-devel-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-pidl-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-python-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-swat-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-test-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba4-4.0.0-66.el6_6.rc4.src.rpm x86_64: samba4-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-client-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-common-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-devel-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-pidl-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-python-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-swat-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-test-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba4-4.0.0-66.el6_6.rc4.src.rpm i386: samba4-4.0.0-66.el6_6.rc4.i686.rpm samba4-client-4.0.0-66.el6_6.rc4.i686.rpm samba4-common-4.0.0-66.el6_6.rc4.i686.rpm samba4-dc-4.0.0-66.el6_6.rc4.i686.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.i686.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.i686.rpm samba4-devel-4.0.0-66.el6_6.rc4.i686.rpm samba4-libs-4.0.0-66.el6_6.rc4.i686.rpm samba4-pidl-4.0.0-66.el6_6.rc4.i686.rpm samba4-python-4.0.0-66.el6_6.rc4.i686.rpm samba4-swat-4.0.0-66.el6_6.rc4.i686.rpm samba4-test-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.i686.rpm ppc64: samba4-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-client-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-common-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-dc-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-devel-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-libs-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-pidl-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-python-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-swat-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-test-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-winbind-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.ppc64.rpm s390x: samba4-4.0.0-66.el6_6.rc4.s390x.rpm samba4-client-4.0.0-66.el6_6.rc4.s390x.rpm samba4-common-4.0.0-66.el6_6.rc4.s390x.rpm samba4-dc-4.0.0-66.el6_6.rc4.s390x.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.s390x.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.s390x.rpm samba4-devel-4.0.0-66.el6_6.rc4.s390x.rpm samba4-libs-4.0.0-66.el6_6.rc4.s390x.rpm samba4-pidl-4.0.0-66.el6_6.rc4.s390x.rpm samba4-python-4.0.0-66.el6_6.rc4.s390x.rpm samba4-swat-4.0.0-66.el6_6.rc4.s390x.rpm samba4-test-4.0.0-66.el6_6.rc4.s390x.rpm samba4-winbind-4.0.0-66.el6_6.rc4.s390x.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.s390x.rpm x86_64: samba4-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-client-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-common-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-devel-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-pidl-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-python-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-swat-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-test-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba4-4.0.0-66.el6_6.rc4.src.rpm i386: samba4-4.0.0-66.el6_6.rc4.i686.rpm samba4-client-4.0.0-66.el6_6.rc4.i686.rpm samba4-common-4.0.0-66.el6_6.rc4.i686.rpm samba4-dc-4.0.0-66.el6_6.rc4.i686.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.i686.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.i686.rpm samba4-devel-4.0.0-66.el6_6.rc4.i686.rpm samba4-libs-4.0.0-66.el6_6.rc4.i686.rpm samba4-pidl-4.0.0-66.el6_6.rc4.i686.rpm samba4-python-4.0.0-66.el6_6.rc4.i686.rpm samba4-swat-4.0.0-66.el6_6.rc4.i686.rpm samba4-test-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.i686.rpm x86_64: samba4-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-client-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-common-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-devel-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-libs-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-pidl-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-python-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-swat-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-test-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-66.el6_6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0240 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/1346913 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64OnXlSAg2UNWIIRAi9nAKCdJ1gu3FHNuLQ7eF/I8JeGD6SMPACffb4B OSBIV3DvP4ToDD14QK3j7pk= =o8Rm -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:48:06 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:48:06 +0000 Subject: [RHSA-2015:0251-01] Critical: samba security update Message-ID: <201502231948.t1NJm6sn015345@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2015:0251-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0251.html Issue date: 2015-02-23 CVE Names: CVE-2015-0240 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191325 - CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba-3.6.23-14.el6_6.src.rpm i386: libsmbclient-3.6.23-14.el6_6.i686.rpm samba-client-3.6.23-14.el6_6.i686.rpm samba-common-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-winbind-3.6.23-14.el6_6.i686.rpm samba-winbind-clients-3.6.23-14.el6_6.i686.rpm x86_64: libsmbclient-3.6.23-14.el6_6.i686.rpm libsmbclient-3.6.23-14.el6_6.x86_64.rpm samba-client-3.6.23-14.el6_6.x86_64.rpm samba-common-3.6.23-14.el6_6.i686.rpm samba-common-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-winbind-3.6.23-14.el6_6.x86_64.rpm samba-winbind-clients-3.6.23-14.el6_6.i686.rpm samba-winbind-clients-3.6.23-14.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libsmbclient-devel-3.6.23-14.el6_6.i686.rpm samba-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-doc-3.6.23-14.el6_6.i686.rpm samba-domainjoin-gui-3.6.23-14.el6_6.i686.rpm samba-swat-3.6.23-14.el6_6.i686.rpm samba-winbind-devel-3.6.23-14.el6_6.i686.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.i686.rpm x86_64: libsmbclient-devel-3.6.23-14.el6_6.i686.rpm libsmbclient-devel-3.6.23-14.el6_6.x86_64.rpm samba-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-doc-3.6.23-14.el6_6.x86_64.rpm samba-domainjoin-gui-3.6.23-14.el6_6.x86_64.rpm samba-glusterfs-3.6.23-14.el6_6.x86_64.rpm samba-swat-3.6.23-14.el6_6.x86_64.rpm samba-winbind-devel-3.6.23-14.el6_6.i686.rpm samba-winbind-devel-3.6.23-14.el6_6.x86_64.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba-3.6.23-14.el6_6.src.rpm x86_64: samba-client-3.6.23-14.el6_6.x86_64.rpm samba-common-3.6.23-14.el6_6.i686.rpm samba-common-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-winbind-3.6.23-14.el6_6.x86_64.rpm samba-winbind-clients-3.6.23-14.el6_6.i686.rpm samba-winbind-clients-3.6.23-14.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libsmbclient-3.6.23-14.el6_6.i686.rpm libsmbclient-3.6.23-14.el6_6.x86_64.rpm libsmbclient-devel-3.6.23-14.el6_6.i686.rpm libsmbclient-devel-3.6.23-14.el6_6.x86_64.rpm samba-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-doc-3.6.23-14.el6_6.x86_64.rpm samba-domainjoin-gui-3.6.23-14.el6_6.x86_64.rpm samba-glusterfs-3.6.23-14.el6_6.x86_64.rpm samba-swat-3.6.23-14.el6_6.x86_64.rpm samba-winbind-devel-3.6.23-14.el6_6.i686.rpm samba-winbind-devel-3.6.23-14.el6_6.x86_64.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba-3.6.23-14.el6_6.src.rpm i386: libsmbclient-3.6.23-14.el6_6.i686.rpm samba-3.6.23-14.el6_6.i686.rpm samba-client-3.6.23-14.el6_6.i686.rpm samba-common-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-winbind-3.6.23-14.el6_6.i686.rpm samba-winbind-clients-3.6.23-14.el6_6.i686.rpm ppc64: libsmbclient-3.6.23-14.el6_6.ppc.rpm libsmbclient-3.6.23-14.el6_6.ppc64.rpm samba-3.6.23-14.el6_6.ppc64.rpm samba-client-3.6.23-14.el6_6.ppc64.rpm samba-common-3.6.23-14.el6_6.ppc.rpm samba-common-3.6.23-14.el6_6.ppc64.rpm samba-debuginfo-3.6.23-14.el6_6.ppc.rpm samba-debuginfo-3.6.23-14.el6_6.ppc64.rpm samba-winbind-3.6.23-14.el6_6.ppc64.rpm samba-winbind-clients-3.6.23-14.el6_6.ppc.rpm samba-winbind-clients-3.6.23-14.el6_6.ppc64.rpm s390x: libsmbclient-3.6.23-14.el6_6.s390.rpm libsmbclient-3.6.23-14.el6_6.s390x.rpm samba-3.6.23-14.el6_6.s390x.rpm samba-client-3.6.23-14.el6_6.s390x.rpm samba-common-3.6.23-14.el6_6.s390.rpm samba-common-3.6.23-14.el6_6.s390x.rpm samba-debuginfo-3.6.23-14.el6_6.s390.rpm samba-debuginfo-3.6.23-14.el6_6.s390x.rpm samba-winbind-3.6.23-14.el6_6.s390x.rpm samba-winbind-clients-3.6.23-14.el6_6.s390.rpm samba-winbind-clients-3.6.23-14.el6_6.s390x.rpm x86_64: libsmbclient-3.6.23-14.el6_6.i686.rpm libsmbclient-3.6.23-14.el6_6.x86_64.rpm samba-3.6.23-14.el6_6.x86_64.rpm samba-client-3.6.23-14.el6_6.x86_64.rpm samba-common-3.6.23-14.el6_6.i686.rpm samba-common-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-winbind-3.6.23-14.el6_6.x86_64.rpm samba-winbind-clients-3.6.23-14.el6_6.i686.rpm samba-winbind-clients-3.6.23-14.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libsmbclient-devel-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-doc-3.6.23-14.el6_6.i686.rpm samba-domainjoin-gui-3.6.23-14.el6_6.i686.rpm samba-swat-3.6.23-14.el6_6.i686.rpm samba-winbind-devel-3.6.23-14.el6_6.i686.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.i686.rpm ppc64: libsmbclient-devel-3.6.23-14.el6_6.ppc.rpm libsmbclient-devel-3.6.23-14.el6_6.ppc64.rpm samba-debuginfo-3.6.23-14.el6_6.ppc.rpm samba-debuginfo-3.6.23-14.el6_6.ppc64.rpm samba-doc-3.6.23-14.el6_6.ppc64.rpm samba-domainjoin-gui-3.6.23-14.el6_6.ppc64.rpm samba-swat-3.6.23-14.el6_6.ppc64.rpm samba-winbind-devel-3.6.23-14.el6_6.ppc.rpm samba-winbind-devel-3.6.23-14.el6_6.ppc64.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.ppc64.rpm s390x: libsmbclient-devel-3.6.23-14.el6_6.s390.rpm libsmbclient-devel-3.6.23-14.el6_6.s390x.rpm samba-debuginfo-3.6.23-14.el6_6.s390.rpm samba-debuginfo-3.6.23-14.el6_6.s390x.rpm samba-doc-3.6.23-14.el6_6.s390x.rpm samba-domainjoin-gui-3.6.23-14.el6_6.s390x.rpm samba-swat-3.6.23-14.el6_6.s390x.rpm samba-winbind-devel-3.6.23-14.el6_6.s390.rpm samba-winbind-devel-3.6.23-14.el6_6.s390x.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.s390x.rpm x86_64: libsmbclient-devel-3.6.23-14.el6_6.i686.rpm libsmbclient-devel-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-doc-3.6.23-14.el6_6.x86_64.rpm samba-domainjoin-gui-3.6.23-14.el6_6.x86_64.rpm samba-glusterfs-3.6.23-14.el6_6.x86_64.rpm samba-swat-3.6.23-14.el6_6.x86_64.rpm samba-winbind-devel-3.6.23-14.el6_6.i686.rpm samba-winbind-devel-3.6.23-14.el6_6.x86_64.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba-3.6.23-14.el6_6.src.rpm i386: libsmbclient-3.6.23-14.el6_6.i686.rpm samba-3.6.23-14.el6_6.i686.rpm samba-client-3.6.23-14.el6_6.i686.rpm samba-common-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-winbind-3.6.23-14.el6_6.i686.rpm samba-winbind-clients-3.6.23-14.el6_6.i686.rpm x86_64: libsmbclient-3.6.23-14.el6_6.i686.rpm libsmbclient-3.6.23-14.el6_6.x86_64.rpm samba-3.6.23-14.el6_6.x86_64.rpm samba-client-3.6.23-14.el6_6.x86_64.rpm samba-common-3.6.23-14.el6_6.i686.rpm samba-common-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-winbind-3.6.23-14.el6_6.x86_64.rpm samba-winbind-clients-3.6.23-14.el6_6.i686.rpm samba-winbind-clients-3.6.23-14.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libsmbclient-devel-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-doc-3.6.23-14.el6_6.i686.rpm samba-domainjoin-gui-3.6.23-14.el6_6.i686.rpm samba-swat-3.6.23-14.el6_6.i686.rpm samba-winbind-devel-3.6.23-14.el6_6.i686.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.i686.rpm x86_64: libsmbclient-devel-3.6.23-14.el6_6.i686.rpm libsmbclient-devel-3.6.23-14.el6_6.x86_64.rpm samba-debuginfo-3.6.23-14.el6_6.i686.rpm samba-debuginfo-3.6.23-14.el6_6.x86_64.rpm samba-doc-3.6.23-14.el6_6.x86_64.rpm samba-domainjoin-gui-3.6.23-14.el6_6.x86_64.rpm samba-glusterfs-3.6.23-14.el6_6.x86_64.rpm samba-swat-3.6.23-14.el6_6.x86_64.rpm samba-winbind-devel-3.6.23-14.el6_6.i686.rpm samba-winbind-devel-3.6.23-14.el6_6.x86_64.rpm samba-winbind-krb5-locator-3.6.23-14.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0240 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/1346913 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64PoXlSAg2UNWIIRAnfHAJ9YqqUCbLH4hn6gdd6VFYGWh9oKyACfVFDH RxOf2dC/8PEAJy/4iV2j/sw= =Zv75 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:48:44 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:48:44 +0000 Subject: [RHSA-2015:0252-01] Important: samba security update Message-ID: <201502231948.t1NJmimo000911@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba security update Advisory ID: RHSA-2015:0252-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0252.html Issue date: 2015-02-23 CVE Names: CVE-2015-0240 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191325 - CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.1.1-38.el7_0.src.rpm x86_64: libsmbclient-4.1.1-38.el7_0.i686.rpm libsmbclient-4.1.1-38.el7_0.x86_64.rpm libwbclient-4.1.1-38.el7_0.i686.rpm libwbclient-4.1.1-38.el7_0.x86_64.rpm samba-client-4.1.1-38.el7_0.x86_64.rpm samba-common-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-libs-4.1.1-38.el7_0.i686.rpm samba-libs-4.1.1-38.el7_0.x86_64.rpm samba-winbind-4.1.1-38.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-38.el7_0.i686.rpm samba-winbind-modules-4.1.1-38.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsmbclient-devel-4.1.1-38.el7_0.i686.rpm libsmbclient-devel-4.1.1-38.el7_0.x86_64.rpm libwbclient-devel-4.1.1-38.el7_0.i686.rpm libwbclient-devel-4.1.1-38.el7_0.x86_64.rpm samba-4.1.1-38.el7_0.x86_64.rpm samba-dc-4.1.1-38.el7_0.x86_64.rpm samba-dc-libs-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-devel-4.1.1-38.el7_0.i686.rpm samba-devel-4.1.1-38.el7_0.x86_64.rpm samba-pidl-4.1.1-38.el7_0.x86_64.rpm samba-python-4.1.1-38.el7_0.x86_64.rpm samba-test-4.1.1-38.el7_0.x86_64.rpm samba-test-devel-4.1.1-38.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-38.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-38.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-38.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: samba-4.1.1-38.el7_0.src.rpm x86_64: libsmbclient-4.1.1-38.el7_0.i686.rpm libsmbclient-4.1.1-38.el7_0.x86_64.rpm libwbclient-4.1.1-38.el7_0.i686.rpm libwbclient-4.1.1-38.el7_0.x86_64.rpm samba-client-4.1.1-38.el7_0.x86_64.rpm samba-common-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-libs-4.1.1-38.el7_0.i686.rpm samba-libs-4.1.1-38.el7_0.x86_64.rpm samba-winbind-4.1.1-38.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-38.el7_0.i686.rpm samba-winbind-modules-4.1.1-38.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsmbclient-devel-4.1.1-38.el7_0.i686.rpm libsmbclient-devel-4.1.1-38.el7_0.x86_64.rpm libwbclient-devel-4.1.1-38.el7_0.i686.rpm libwbclient-devel-4.1.1-38.el7_0.x86_64.rpm samba-4.1.1-38.el7_0.x86_64.rpm samba-dc-4.1.1-38.el7_0.x86_64.rpm samba-dc-libs-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-devel-4.1.1-38.el7_0.i686.rpm samba-devel-4.1.1-38.el7_0.x86_64.rpm samba-pidl-4.1.1-38.el7_0.x86_64.rpm samba-python-4.1.1-38.el7_0.x86_64.rpm samba-test-4.1.1-38.el7_0.x86_64.rpm samba-test-devel-4.1.1-38.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-38.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-38.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-38.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: samba-4.1.1-38.el7_0.src.rpm ppc64: libsmbclient-4.1.1-38.el7_0.ppc.rpm libsmbclient-4.1.1-38.el7_0.ppc64.rpm libwbclient-4.1.1-38.el7_0.ppc.rpm libwbclient-4.1.1-38.el7_0.ppc64.rpm samba-4.1.1-38.el7_0.ppc64.rpm samba-client-4.1.1-38.el7_0.ppc64.rpm samba-common-4.1.1-38.el7_0.ppc64.rpm samba-debuginfo-4.1.1-38.el7_0.ppc.rpm samba-debuginfo-4.1.1-38.el7_0.ppc64.rpm samba-libs-4.1.1-38.el7_0.ppc.rpm samba-libs-4.1.1-38.el7_0.ppc64.rpm samba-winbind-4.1.1-38.el7_0.ppc64.rpm samba-winbind-modules-4.1.1-38.el7_0.ppc.rpm samba-winbind-modules-4.1.1-38.el7_0.ppc64.rpm s390x: libsmbclient-4.1.1-38.el7_0.s390.rpm libsmbclient-4.1.1-38.el7_0.s390x.rpm libwbclient-4.1.1-38.el7_0.s390.rpm libwbclient-4.1.1-38.el7_0.s390x.rpm samba-4.1.1-38.el7_0.s390x.rpm samba-client-4.1.1-38.el7_0.s390x.rpm samba-common-4.1.1-38.el7_0.s390x.rpm samba-debuginfo-4.1.1-38.el7_0.s390.rpm samba-debuginfo-4.1.1-38.el7_0.s390x.rpm samba-libs-4.1.1-38.el7_0.s390.rpm samba-libs-4.1.1-38.el7_0.s390x.rpm samba-winbind-4.1.1-38.el7_0.s390x.rpm samba-winbind-modules-4.1.1-38.el7_0.s390.rpm samba-winbind-modules-4.1.1-38.el7_0.s390x.rpm x86_64: libsmbclient-4.1.1-38.el7_0.i686.rpm libsmbclient-4.1.1-38.el7_0.x86_64.rpm libwbclient-4.1.1-38.el7_0.i686.rpm libwbclient-4.1.1-38.el7_0.x86_64.rpm samba-4.1.1-38.el7_0.x86_64.rpm samba-client-4.1.1-38.el7_0.x86_64.rpm samba-common-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-libs-4.1.1-38.el7_0.i686.rpm samba-libs-4.1.1-38.el7_0.x86_64.rpm samba-python-4.1.1-38.el7_0.x86_64.rpm samba-winbind-4.1.1-38.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-38.el7_0.i686.rpm samba-winbind-modules-4.1.1-38.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libsmbclient-devel-4.1.1-38.el7_0.ppc.rpm libsmbclient-devel-4.1.1-38.el7_0.ppc64.rpm libwbclient-devel-4.1.1-38.el7_0.ppc.rpm libwbclient-devel-4.1.1-38.el7_0.ppc64.rpm samba-dc-4.1.1-38.el7_0.ppc64.rpm samba-dc-libs-4.1.1-38.el7_0.ppc64.rpm samba-debuginfo-4.1.1-38.el7_0.ppc.rpm samba-debuginfo-4.1.1-38.el7_0.ppc64.rpm samba-devel-4.1.1-38.el7_0.ppc.rpm samba-devel-4.1.1-38.el7_0.ppc64.rpm samba-pidl-4.1.1-38.el7_0.ppc64.rpm samba-python-4.1.1-38.el7_0.ppc64.rpm samba-test-4.1.1-38.el7_0.ppc64.rpm samba-test-devel-4.1.1-38.el7_0.ppc64.rpm samba-winbind-clients-4.1.1-38.el7_0.ppc64.rpm samba-winbind-krb5-locator-4.1.1-38.el7_0.ppc64.rpm s390x: libsmbclient-devel-4.1.1-38.el7_0.s390.rpm libsmbclient-devel-4.1.1-38.el7_0.s390x.rpm libwbclient-devel-4.1.1-38.el7_0.s390.rpm libwbclient-devel-4.1.1-38.el7_0.s390x.rpm samba-dc-4.1.1-38.el7_0.s390x.rpm samba-dc-libs-4.1.1-38.el7_0.s390x.rpm samba-debuginfo-4.1.1-38.el7_0.s390.rpm samba-debuginfo-4.1.1-38.el7_0.s390x.rpm samba-devel-4.1.1-38.el7_0.s390.rpm samba-devel-4.1.1-38.el7_0.s390x.rpm samba-pidl-4.1.1-38.el7_0.s390x.rpm samba-python-4.1.1-38.el7_0.s390x.rpm samba-test-4.1.1-38.el7_0.s390x.rpm samba-test-devel-4.1.1-38.el7_0.s390x.rpm samba-winbind-clients-4.1.1-38.el7_0.s390x.rpm samba-winbind-krb5-locator-4.1.1-38.el7_0.s390x.rpm x86_64: libsmbclient-devel-4.1.1-38.el7_0.i686.rpm libsmbclient-devel-4.1.1-38.el7_0.x86_64.rpm libwbclient-devel-4.1.1-38.el7_0.i686.rpm libwbclient-devel-4.1.1-38.el7_0.x86_64.rpm samba-dc-4.1.1-38.el7_0.x86_64.rpm samba-dc-libs-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-devel-4.1.1-38.el7_0.i686.rpm samba-devel-4.1.1-38.el7_0.x86_64.rpm samba-pidl-4.1.1-38.el7_0.x86_64.rpm samba-test-4.1.1-38.el7_0.x86_64.rpm samba-test-devel-4.1.1-38.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-38.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-38.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-38.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: samba-4.1.1-38.el7_0.src.rpm x86_64: libsmbclient-4.1.1-38.el7_0.i686.rpm libsmbclient-4.1.1-38.el7_0.x86_64.rpm libwbclient-4.1.1-38.el7_0.i686.rpm libwbclient-4.1.1-38.el7_0.x86_64.rpm samba-4.1.1-38.el7_0.x86_64.rpm samba-client-4.1.1-38.el7_0.x86_64.rpm samba-common-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-libs-4.1.1-38.el7_0.i686.rpm samba-libs-4.1.1-38.el7_0.x86_64.rpm samba-python-4.1.1-38.el7_0.x86_64.rpm samba-winbind-4.1.1-38.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-38.el7_0.i686.rpm samba-winbind-modules-4.1.1-38.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libsmbclient-devel-4.1.1-38.el7_0.i686.rpm libsmbclient-devel-4.1.1-38.el7_0.x86_64.rpm libwbclient-devel-4.1.1-38.el7_0.i686.rpm libwbclient-devel-4.1.1-38.el7_0.x86_64.rpm samba-dc-4.1.1-38.el7_0.x86_64.rpm samba-dc-libs-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-devel-4.1.1-38.el7_0.i686.rpm samba-devel-4.1.1-38.el7_0.x86_64.rpm samba-pidl-4.1.1-38.el7_0.x86_64.rpm samba-test-4.1.1-38.el7_0.x86_64.rpm samba-test-devel-4.1.1-38.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-38.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-38.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-38.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0240 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1346913 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64QKXlSAg2UNWIIRAmESAJwMaN2xAxTEvvpOYOuMGLFmBcNA9gCgxHI6 gd/1zKqQ6sO6Ishgj1gzHwM= =o3+d -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:49:37 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:49:37 +0000 Subject: [RHSA-2015:0253-01] Critical: samba3x security update Message-ID: <201502231949.t1NJncXL016057@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba3x security update Advisory ID: RHSA-2015:0253-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0253.html Issue date: 2015-02-23 CVE Names: CVE-2015-0240 ===================================================================== 1. Summary: Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191325 - CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution 6. Package List: Red Hat Enterprise Linux LL (v. 5.6 server): Source: samba3x-3.5.4-0.70.el5_6.4.src.rpm i386: samba3x-3.5.4-0.70.el5_6.4.i386.rpm samba3x-client-3.5.4-0.70.el5_6.4.i386.rpm samba3x-common-3.5.4-0.70.el5_6.4.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.4.i386.rpm samba3x-doc-3.5.4-0.70.el5_6.4.i386.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.4.i386.rpm samba3x-swat-3.5.4-0.70.el5_6.4.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.4.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.4.i386.rpm ia64: samba3x-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-client-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-common-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-doc-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-swat-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-winbind-3.5.4-0.70.el5_6.4.ia64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.4.ia64.rpm x86_64: samba3x-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-client-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-common-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.4.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-doc-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-swat-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-winbind-3.5.4-0.70.el5_6.4.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.4.x86_64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.4.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.4.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: samba3x-3.6.6-0.131.el5_9.src.rpm i386: samba3x-3.6.6-0.131.el5_9.i386.rpm samba3x-client-3.6.6-0.131.el5_9.i386.rpm samba3x-common-3.6.6-0.131.el5_9.i386.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.i386.rpm samba3x-doc-3.6.6-0.131.el5_9.i386.rpm samba3x-domainjoin-gui-3.6.6-0.131.el5_9.i386.rpm samba3x-swat-3.6.6-0.131.el5_9.i386.rpm samba3x-winbind-3.6.6-0.131.el5_9.i386.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.i386.rpm ia64: samba3x-3.6.6-0.131.el5_9.ia64.rpm samba3x-client-3.6.6-0.131.el5_9.ia64.rpm samba3x-common-3.6.6-0.131.el5_9.ia64.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.ia64.rpm samba3x-doc-3.6.6-0.131.el5_9.ia64.rpm samba3x-domainjoin-gui-3.6.6-0.131.el5_9.ia64.rpm samba3x-swat-3.6.6-0.131.el5_9.ia64.rpm samba3x-winbind-3.6.6-0.131.el5_9.ia64.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.ia64.rpm ppc: samba3x-3.6.6-0.131.el5_9.ppc.rpm samba3x-client-3.6.6-0.131.el5_9.ppc.rpm samba3x-common-3.6.6-0.131.el5_9.ppc.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.ppc.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.ppc64.rpm samba3x-doc-3.6.6-0.131.el5_9.ppc.rpm samba3x-domainjoin-gui-3.6.6-0.131.el5_9.ppc.rpm samba3x-swat-3.6.6-0.131.el5_9.ppc.rpm samba3x-winbind-3.6.6-0.131.el5_9.ppc.rpm samba3x-winbind-3.6.6-0.131.el5_9.ppc64.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.ppc.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.ppc64.rpm s390x: samba3x-3.6.6-0.131.el5_9.s390x.rpm samba3x-client-3.6.6-0.131.el5_9.s390x.rpm samba3x-common-3.6.6-0.131.el5_9.s390x.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.s390.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.s390x.rpm samba3x-doc-3.6.6-0.131.el5_9.s390x.rpm samba3x-domainjoin-gui-3.6.6-0.131.el5_9.s390x.rpm samba3x-swat-3.6.6-0.131.el5_9.s390x.rpm samba3x-winbind-3.6.6-0.131.el5_9.s390.rpm samba3x-winbind-3.6.6-0.131.el5_9.s390x.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.s390.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.s390x.rpm x86_64: samba3x-3.6.6-0.131.el5_9.x86_64.rpm samba3x-client-3.6.6-0.131.el5_9.x86_64.rpm samba3x-common-3.6.6-0.131.el5_9.x86_64.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.i386.rpm samba3x-debuginfo-3.6.6-0.131.el5_9.x86_64.rpm samba3x-doc-3.6.6-0.131.el5_9.x86_64.rpm samba3x-domainjoin-gui-3.6.6-0.131.el5_9.x86_64.rpm samba3x-swat-3.6.6-0.131.el5_9.x86_64.rpm samba3x-winbind-3.6.6-0.131.el5_9.i386.rpm samba3x-winbind-3.6.6-0.131.el5_9.x86_64.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.i386.rpm samba3x-winbind-devel-3.6.6-0.131.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0240 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/1346913 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64RDXlSAg2UNWIIRAiyGAJ0Zyo7huKO7VXEO0+9K1TYHNb0rbwCfSABh 34JWwh0WMhR0si18/DyRuys= =Ym44 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:50:35 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:50:35 +0000 Subject: [RHSA-2015:0254-01] Critical: samba security update Message-ID: <201502231950.t1NJoZkW016410@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2015:0254-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0254.html Issue date: 2015-02-23 CVE Names: CVE-2015-0240 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191325 - CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: samba-3.6.9-151.el6_4.3.src.rpm x86_64: samba-client-3.6.9-151.el6_4.3.x86_64.rpm samba-common-3.6.9-151.el6_4.3.i686.rpm samba-common-3.6.9-151.el6_4.3.x86_64.rpm samba-debuginfo-3.6.9-151.el6_4.3.i686.rpm samba-debuginfo-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-clients-3.6.9-151.el6_4.3.i686.rpm samba-winbind-clients-3.6.9-151.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: samba-3.6.9-171.el6_5.src.rpm x86_64: samba-client-3.6.9-171.el6_5.x86_64.rpm samba-common-3.6.9-171.el6_5.i686.rpm samba-common-3.6.9-171.el6_5.x86_64.rpm samba-debuginfo-3.6.9-171.el6_5.i686.rpm samba-debuginfo-3.6.9-171.el6_5.x86_64.rpm samba-winbind-3.6.9-171.el6_5.x86_64.rpm samba-winbind-clients-3.6.9-171.el6_5.i686.rpm samba-winbind-clients-3.6.9-171.el6_5.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: samba-3.6.9-151.el6_4.3.src.rpm x86_64: libsmbclient-3.6.9-151.el6_4.3.i686.rpm libsmbclient-3.6.9-151.el6_4.3.x86_64.rpm libsmbclient-devel-3.6.9-151.el6_4.3.i686.rpm libsmbclient-devel-3.6.9-151.el6_4.3.x86_64.rpm samba-3.6.9-151.el6_4.3.x86_64.rpm samba-debuginfo-3.6.9-151.el6_4.3.i686.rpm samba-debuginfo-3.6.9-151.el6_4.3.x86_64.rpm samba-doc-3.6.9-151.el6_4.3.x86_64.rpm samba-domainjoin-gui-3.6.9-151.el6_4.3.x86_64.rpm samba-swat-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-devel-3.6.9-151.el6_4.3.i686.rpm samba-winbind-devel-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-krb5-locator-3.6.9-151.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: samba-3.6.9-171.el6_5.src.rpm x86_64: libsmbclient-3.6.9-171.el6_5.i686.rpm libsmbclient-3.6.9-171.el6_5.x86_64.rpm libsmbclient-devel-3.6.9-171.el6_5.i686.rpm libsmbclient-devel-3.6.9-171.el6_5.x86_64.rpm samba-3.6.9-171.el6_5.x86_64.rpm samba-debuginfo-3.6.9-171.el6_5.i686.rpm samba-debuginfo-3.6.9-171.el6_5.x86_64.rpm samba-doc-3.6.9-171.el6_5.x86_64.rpm samba-domainjoin-gui-3.6.9-171.el6_5.x86_64.rpm samba-swat-3.6.9-171.el6_5.x86_64.rpm samba-winbind-devel-3.6.9-171.el6_5.i686.rpm samba-winbind-devel-3.6.9-171.el6_5.x86_64.rpm samba-winbind-krb5-locator-3.6.9-171.el6_5.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: samba-3.5.10-119.el6_2.src.rpm x86_64: libsmbclient-3.5.10-119.el6_2.i686.rpm libsmbclient-3.5.10-119.el6_2.x86_64.rpm samba-3.5.10-119.el6_2.x86_64.rpm samba-client-3.5.10-119.el6_2.x86_64.rpm samba-common-3.5.10-119.el6_2.i686.rpm samba-common-3.5.10-119.el6_2.x86_64.rpm samba-debuginfo-3.5.10-119.el6_2.i686.rpm samba-debuginfo-3.5.10-119.el6_2.x86_64.rpm samba-winbind-3.5.10-119.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-119.el6_2.i686.rpm samba-winbind-clients-3.5.10-119.el6_2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: samba-3.6.9-151.el6_4.3.src.rpm i386: libsmbclient-3.6.9-151.el6_4.3.i686.rpm samba-3.6.9-151.el6_4.3.i686.rpm samba-client-3.6.9-151.el6_4.3.i686.rpm samba-common-3.6.9-151.el6_4.3.i686.rpm samba-debuginfo-3.6.9-151.el6_4.3.i686.rpm samba-winbind-3.6.9-151.el6_4.3.i686.rpm samba-winbind-clients-3.6.9-151.el6_4.3.i686.rpm ppc64: libsmbclient-3.6.9-151.el6_4.3.ppc.rpm libsmbclient-3.6.9-151.el6_4.3.ppc64.rpm samba-3.6.9-151.el6_4.3.ppc64.rpm samba-client-3.6.9-151.el6_4.3.ppc64.rpm samba-common-3.6.9-151.el6_4.3.ppc.rpm samba-common-3.6.9-151.el6_4.3.ppc64.rpm samba-debuginfo-3.6.9-151.el6_4.3.ppc.rpm samba-debuginfo-3.6.9-151.el6_4.3.ppc64.rpm samba-winbind-3.6.9-151.el6_4.3.ppc64.rpm samba-winbind-clients-3.6.9-151.el6_4.3.ppc.rpm samba-winbind-clients-3.6.9-151.el6_4.3.ppc64.rpm s390x: libsmbclient-3.6.9-151.el6_4.3.s390.rpm libsmbclient-3.6.9-151.el6_4.3.s390x.rpm samba-3.6.9-151.el6_4.3.s390x.rpm samba-client-3.6.9-151.el6_4.3.s390x.rpm samba-common-3.6.9-151.el6_4.3.s390.rpm samba-common-3.6.9-151.el6_4.3.s390x.rpm samba-debuginfo-3.6.9-151.el6_4.3.s390.rpm samba-debuginfo-3.6.9-151.el6_4.3.s390x.rpm samba-winbind-3.6.9-151.el6_4.3.s390x.rpm samba-winbind-clients-3.6.9-151.el6_4.3.s390.rpm samba-winbind-clients-3.6.9-151.el6_4.3.s390x.rpm x86_64: libsmbclient-3.6.9-151.el6_4.3.i686.rpm libsmbclient-3.6.9-151.el6_4.3.x86_64.rpm samba-3.6.9-151.el6_4.3.x86_64.rpm samba-client-3.6.9-151.el6_4.3.x86_64.rpm samba-common-3.6.9-151.el6_4.3.i686.rpm samba-common-3.6.9-151.el6_4.3.x86_64.rpm samba-debuginfo-3.6.9-151.el6_4.3.i686.rpm samba-debuginfo-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-clients-3.6.9-151.el6_4.3.i686.rpm samba-winbind-clients-3.6.9-151.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: samba-3.6.9-171.el6_5.src.rpm i386: libsmbclient-3.6.9-171.el6_5.i686.rpm samba-3.6.9-171.el6_5.i686.rpm samba-client-3.6.9-171.el6_5.i686.rpm samba-common-3.6.9-171.el6_5.i686.rpm samba-debuginfo-3.6.9-171.el6_5.i686.rpm samba-winbind-3.6.9-171.el6_5.i686.rpm samba-winbind-clients-3.6.9-171.el6_5.i686.rpm ppc64: libsmbclient-3.6.9-171.el6_5.ppc.rpm libsmbclient-3.6.9-171.el6_5.ppc64.rpm samba-3.6.9-171.el6_5.ppc64.rpm samba-client-3.6.9-171.el6_5.ppc64.rpm samba-common-3.6.9-171.el6_5.ppc.rpm samba-common-3.6.9-171.el6_5.ppc64.rpm samba-debuginfo-3.6.9-171.el6_5.ppc.rpm samba-debuginfo-3.6.9-171.el6_5.ppc64.rpm samba-winbind-3.6.9-171.el6_5.ppc64.rpm samba-winbind-clients-3.6.9-171.el6_5.ppc.rpm samba-winbind-clients-3.6.9-171.el6_5.ppc64.rpm s390x: libsmbclient-3.6.9-171.el6_5.s390.rpm libsmbclient-3.6.9-171.el6_5.s390x.rpm samba-3.6.9-171.el6_5.s390x.rpm samba-client-3.6.9-171.el6_5.s390x.rpm samba-common-3.6.9-171.el6_5.s390.rpm samba-common-3.6.9-171.el6_5.s390x.rpm samba-debuginfo-3.6.9-171.el6_5.s390.rpm samba-debuginfo-3.6.9-171.el6_5.s390x.rpm samba-winbind-3.6.9-171.el6_5.s390x.rpm samba-winbind-clients-3.6.9-171.el6_5.s390.rpm samba-winbind-clients-3.6.9-171.el6_5.s390x.rpm x86_64: libsmbclient-3.6.9-171.el6_5.i686.rpm libsmbclient-3.6.9-171.el6_5.x86_64.rpm samba-3.6.9-171.el6_5.x86_64.rpm samba-client-3.6.9-171.el6_5.x86_64.rpm samba-common-3.6.9-171.el6_5.i686.rpm samba-common-3.6.9-171.el6_5.x86_64.rpm samba-debuginfo-3.6.9-171.el6_5.i686.rpm samba-debuginfo-3.6.9-171.el6_5.x86_64.rpm samba-winbind-3.6.9-171.el6_5.x86_64.rpm samba-winbind-clients-3.6.9-171.el6_5.i686.rpm samba-winbind-clients-3.6.9-171.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: samba-3.5.10-119.el6_2.src.rpm x86_64: libsmbclient-devel-3.5.10-119.el6_2.i686.rpm libsmbclient-devel-3.5.10-119.el6_2.x86_64.rpm samba-debuginfo-3.5.10-119.el6_2.i686.rpm samba-debuginfo-3.5.10-119.el6_2.x86_64.rpm samba-doc-3.5.10-119.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-119.el6_2.x86_64.rpm samba-swat-3.5.10-119.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-119.el6_2.i686.rpm samba-winbind-devel-3.5.10-119.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-119.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: samba-3.6.9-151.el6_4.3.src.rpm i386: libsmbclient-devel-3.6.9-151.el6_4.3.i686.rpm samba-debuginfo-3.6.9-151.el6_4.3.i686.rpm samba-doc-3.6.9-151.el6_4.3.i686.rpm samba-domainjoin-gui-3.6.9-151.el6_4.3.i686.rpm samba-swat-3.6.9-151.el6_4.3.i686.rpm samba-winbind-devel-3.6.9-151.el6_4.3.i686.rpm samba-winbind-krb5-locator-3.6.9-151.el6_4.3.i686.rpm ppc64: libsmbclient-devel-3.6.9-151.el6_4.3.ppc.rpm libsmbclient-devel-3.6.9-151.el6_4.3.ppc64.rpm samba-debuginfo-3.6.9-151.el6_4.3.ppc.rpm samba-debuginfo-3.6.9-151.el6_4.3.ppc64.rpm samba-doc-3.6.9-151.el6_4.3.ppc64.rpm samba-domainjoin-gui-3.6.9-151.el6_4.3.ppc64.rpm samba-swat-3.6.9-151.el6_4.3.ppc64.rpm samba-winbind-devel-3.6.9-151.el6_4.3.ppc.rpm samba-winbind-devel-3.6.9-151.el6_4.3.ppc64.rpm samba-winbind-krb5-locator-3.6.9-151.el6_4.3.ppc64.rpm s390x: libsmbclient-devel-3.6.9-151.el6_4.3.s390.rpm libsmbclient-devel-3.6.9-151.el6_4.3.s390x.rpm samba-debuginfo-3.6.9-151.el6_4.3.s390.rpm samba-debuginfo-3.6.9-151.el6_4.3.s390x.rpm samba-doc-3.6.9-151.el6_4.3.s390x.rpm samba-domainjoin-gui-3.6.9-151.el6_4.3.s390x.rpm samba-swat-3.6.9-151.el6_4.3.s390x.rpm samba-winbind-devel-3.6.9-151.el6_4.3.s390.rpm samba-winbind-devel-3.6.9-151.el6_4.3.s390x.rpm samba-winbind-krb5-locator-3.6.9-151.el6_4.3.s390x.rpm x86_64: libsmbclient-devel-3.6.9-151.el6_4.3.i686.rpm libsmbclient-devel-3.6.9-151.el6_4.3.x86_64.rpm samba-debuginfo-3.6.9-151.el6_4.3.i686.rpm samba-debuginfo-3.6.9-151.el6_4.3.x86_64.rpm samba-doc-3.6.9-151.el6_4.3.x86_64.rpm samba-domainjoin-gui-3.6.9-151.el6_4.3.x86_64.rpm samba-swat-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-devel-3.6.9-151.el6_4.3.i686.rpm samba-winbind-devel-3.6.9-151.el6_4.3.x86_64.rpm samba-winbind-krb5-locator-3.6.9-151.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: samba-3.6.9-171.el6_5.src.rpm i386: libsmbclient-devel-3.6.9-171.el6_5.i686.rpm samba-debuginfo-3.6.9-171.el6_5.i686.rpm samba-doc-3.6.9-171.el6_5.i686.rpm samba-domainjoin-gui-3.6.9-171.el6_5.i686.rpm samba-swat-3.6.9-171.el6_5.i686.rpm samba-winbind-devel-3.6.9-171.el6_5.i686.rpm samba-winbind-krb5-locator-3.6.9-171.el6_5.i686.rpm ppc64: libsmbclient-devel-3.6.9-171.el6_5.ppc.rpm libsmbclient-devel-3.6.9-171.el6_5.ppc64.rpm samba-debuginfo-3.6.9-171.el6_5.ppc.rpm samba-debuginfo-3.6.9-171.el6_5.ppc64.rpm samba-doc-3.6.9-171.el6_5.ppc64.rpm samba-domainjoin-gui-3.6.9-171.el6_5.ppc64.rpm samba-swat-3.6.9-171.el6_5.ppc64.rpm samba-winbind-devel-3.6.9-171.el6_5.ppc.rpm samba-winbind-devel-3.6.9-171.el6_5.ppc64.rpm samba-winbind-krb5-locator-3.6.9-171.el6_5.ppc64.rpm s390x: libsmbclient-devel-3.6.9-171.el6_5.s390.rpm libsmbclient-devel-3.6.9-171.el6_5.s390x.rpm samba-debuginfo-3.6.9-171.el6_5.s390.rpm samba-debuginfo-3.6.9-171.el6_5.s390x.rpm samba-doc-3.6.9-171.el6_5.s390x.rpm samba-domainjoin-gui-3.6.9-171.el6_5.s390x.rpm samba-swat-3.6.9-171.el6_5.s390x.rpm samba-winbind-devel-3.6.9-171.el6_5.s390.rpm samba-winbind-devel-3.6.9-171.el6_5.s390x.rpm samba-winbind-krb5-locator-3.6.9-171.el6_5.s390x.rpm x86_64: libsmbclient-devel-3.6.9-171.el6_5.i686.rpm libsmbclient-devel-3.6.9-171.el6_5.x86_64.rpm samba-debuginfo-3.6.9-171.el6_5.i686.rpm samba-debuginfo-3.6.9-171.el6_5.x86_64.rpm samba-doc-3.6.9-171.el6_5.x86_64.rpm samba-domainjoin-gui-3.6.9-171.el6_5.x86_64.rpm samba-swat-3.6.9-171.el6_5.x86_64.rpm samba-winbind-devel-3.6.9-171.el6_5.i686.rpm samba-winbind-devel-3.6.9-171.el6_5.x86_64.rpm samba-winbind-krb5-locator-3.6.9-171.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0240 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/1346913 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64R+XlSAg2UNWIIRAtYLAKClGcbcoDqVz5esL/mMj/H77hbbIgCgrFia uDY8qXsUJqBDhe5Gx7H45oo= =dlWx -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:51:21 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:51:21 +0000 Subject: [RHSA-2015:0255-01] Critical: samba4 security update Message-ID: <201502231951.t1NJpLqG001037@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba4 security update Advisory ID: RHSA-2015:0255-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0255.html Issue date: 2015-02-23 CVE Names: CVE-2015-0240 ===================================================================== 1. Summary: Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191325 - CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: samba4-4.0.0-57.el6_4.rc4.src.rpm x86_64: samba4-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-client-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-common-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-dc-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-dc-libs-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-debuginfo-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-devel-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-libs-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-pidl-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-python-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-swat-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-test-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-winbind-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-57.el6_4.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: samba4-4.0.0-65.el6_5.rc4.src.rpm x86_64: samba4-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-65.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: samba4-4.0.0-57.el6_4.rc4.src.rpm i386: samba4-4.0.0-57.el6_4.rc4.i686.rpm samba4-client-4.0.0-57.el6_4.rc4.i686.rpm samba4-common-4.0.0-57.el6_4.rc4.i686.rpm samba4-dc-4.0.0-57.el6_4.rc4.i686.rpm samba4-dc-libs-4.0.0-57.el6_4.rc4.i686.rpm samba4-debuginfo-4.0.0-57.el6_4.rc4.i686.rpm samba4-devel-4.0.0-57.el6_4.rc4.i686.rpm samba4-libs-4.0.0-57.el6_4.rc4.i686.rpm samba4-pidl-4.0.0-57.el6_4.rc4.i686.rpm samba4-python-4.0.0-57.el6_4.rc4.i686.rpm samba4-swat-4.0.0-57.el6_4.rc4.i686.rpm samba4-test-4.0.0-57.el6_4.rc4.i686.rpm samba4-winbind-4.0.0-57.el6_4.rc4.i686.rpm samba4-winbind-clients-4.0.0-57.el6_4.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-57.el6_4.rc4.i686.rpm ppc64: samba4-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-client-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-common-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-dc-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-dc-libs-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-debuginfo-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-devel-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-libs-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-pidl-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-python-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-swat-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-test-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-winbind-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-57.el6_4.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-57.el6_4.rc4.ppc64.rpm s390x: samba4-4.0.0-57.el6_4.rc4.s390x.rpm samba4-client-4.0.0-57.el6_4.rc4.s390x.rpm samba4-common-4.0.0-57.el6_4.rc4.s390x.rpm samba4-dc-4.0.0-57.el6_4.rc4.s390x.rpm samba4-dc-libs-4.0.0-57.el6_4.rc4.s390x.rpm samba4-debuginfo-4.0.0-57.el6_4.rc4.s390x.rpm samba4-devel-4.0.0-57.el6_4.rc4.s390x.rpm samba4-libs-4.0.0-57.el6_4.rc4.s390x.rpm samba4-pidl-4.0.0-57.el6_4.rc4.s390x.rpm samba4-python-4.0.0-57.el6_4.rc4.s390x.rpm samba4-swat-4.0.0-57.el6_4.rc4.s390x.rpm samba4-test-4.0.0-57.el6_4.rc4.s390x.rpm samba4-winbind-4.0.0-57.el6_4.rc4.s390x.rpm samba4-winbind-clients-4.0.0-57.el6_4.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-57.el6_4.rc4.s390x.rpm x86_64: samba4-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-client-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-common-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-dc-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-dc-libs-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-debuginfo-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-devel-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-libs-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-pidl-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-python-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-swat-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-test-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-winbind-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-57.el6_4.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-57.el6_4.rc4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: samba4-4.0.0-65.el6_5.rc4.src.rpm i386: samba4-4.0.0-65.el6_5.rc4.i686.rpm samba4-client-4.0.0-65.el6_5.rc4.i686.rpm samba4-common-4.0.0-65.el6_5.rc4.i686.rpm samba4-dc-4.0.0-65.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-65.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-65.el6_5.rc4.i686.rpm samba4-devel-4.0.0-65.el6_5.rc4.i686.rpm samba4-libs-4.0.0-65.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-65.el6_5.rc4.i686.rpm samba4-python-4.0.0-65.el6_5.rc4.i686.rpm samba4-swat-4.0.0-65.el6_5.rc4.i686.rpm samba4-test-4.0.0-65.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-65.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-65.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-65.el6_5.rc4.i686.rpm ppc64: samba4-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-client-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-common-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-dc-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-dc-libs-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-debuginfo-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-devel-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-libs-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-pidl-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-python-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-swat-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-test-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-winbind-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-65.el6_5.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-65.el6_5.rc4.ppc64.rpm s390x: samba4-4.0.0-65.el6_5.rc4.s390x.rpm samba4-client-4.0.0-65.el6_5.rc4.s390x.rpm samba4-common-4.0.0-65.el6_5.rc4.s390x.rpm samba4-dc-4.0.0-65.el6_5.rc4.s390x.rpm samba4-dc-libs-4.0.0-65.el6_5.rc4.s390x.rpm samba4-debuginfo-4.0.0-65.el6_5.rc4.s390x.rpm samba4-devel-4.0.0-65.el6_5.rc4.s390x.rpm samba4-libs-4.0.0-65.el6_5.rc4.s390x.rpm samba4-pidl-4.0.0-65.el6_5.rc4.s390x.rpm samba4-python-4.0.0-65.el6_5.rc4.s390x.rpm samba4-swat-4.0.0-65.el6_5.rc4.s390x.rpm samba4-test-4.0.0-65.el6_5.rc4.s390x.rpm samba4-winbind-4.0.0-65.el6_5.rc4.s390x.rpm samba4-winbind-clients-4.0.0-65.el6_5.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-65.el6_5.rc4.s390x.rpm x86_64: samba4-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-65.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-65.el6_5.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0240 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/1346913 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64SlXlSAg2UNWIIRAgIfAJ0bgb9HpxPdeIQ8AGxHlZcQT5YDTwCglq/u Jgub9dS5ZOQzM8Ni9/XL1FE= =qp3l -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 23 19:53:03 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Feb 2015 19:53:03 +0000 Subject: [RHSA-2015:0260-01] Moderate: libyaml security update Message-ID: <201502231953.t1NJr3qR003045@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libyaml security update Advisory ID: RHSA-2015:0260-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0260.html Issue date: 2015-02-23 CVE Names: CVE-2014-9130 ===================================================================== 1. Summary: Updated libyaml packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 and 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - x86_64 Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 3. Description: YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130) All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux OpenStack Platform 4.0: Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9130 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU64T/XlSAg2UNWIIRArAxAJ9N9KGLt2DxJr5RdU/MNkDHT0cR4wCdGOrT bFJNYyWRGeEV5UEvb3w462o= =OSRp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 24 22:46:03 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Feb 2015 22:46:03 +0000 Subject: [RHSA-2015:0265-01] Critical: firefox security update Message-ID: <201502242246.t1OMk3MV031036@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2015:0265-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0265.html Issue date: 2015-02-24 CVE Names: CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827) An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. (CVE-2015-0822) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1195605 - CVE-2015-0836 Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11) 1195619 - CVE-2015-0831 Mozilla: Use-after-free in IndexedDB (MFSA 2015-16) 1195623 - CVE-2015-0827 Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19) 1195638 - CVE-2015-0822 Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-31.5.0-1.el5_11.src.rpm i386: firefox-31.5.0-1.el5_11.i386.rpm firefox-debuginfo-31.5.0-1.el5_11.i386.rpm x86_64: firefox-31.5.0-1.el5_11.i386.rpm firefox-31.5.0-1.el5_11.x86_64.rpm firefox-debuginfo-31.5.0-1.el5_11.i386.rpm firefox-debuginfo-31.5.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-31.5.0-1.el5_11.src.rpm i386: firefox-31.5.0-1.el5_11.i386.rpm firefox-debuginfo-31.5.0-1.el5_11.i386.rpm ia64: firefox-31.5.0-1.el5_11.ia64.rpm firefox-debuginfo-31.5.0-1.el5_11.ia64.rpm ppc: firefox-31.5.0-1.el5_11.ppc.rpm firefox-debuginfo-31.5.0-1.el5_11.ppc.rpm s390x: firefox-31.5.0-1.el5_11.s390.rpm firefox-31.5.0-1.el5_11.s390x.rpm firefox-debuginfo-31.5.0-1.el5_11.s390.rpm firefox-debuginfo-31.5.0-1.el5_11.s390x.rpm x86_64: firefox-31.5.0-1.el5_11.i386.rpm firefox-31.5.0-1.el5_11.x86_64.rpm firefox-debuginfo-31.5.0-1.el5_11.i386.rpm firefox-debuginfo-31.5.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-31.5.0-1.el6_6.src.rpm i386: firefox-31.5.0-1.el6_6.i686.rpm firefox-debuginfo-31.5.0-1.el6_6.i686.rpm x86_64: firefox-31.5.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.5.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-31.5.0-1.el6_6.i686.rpm firefox-debuginfo-31.5.0-1.el6_6.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-31.5.0-1.el6_6.src.rpm x86_64: firefox-31.5.0-1.el6_6.i686.rpm firefox-31.5.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.5.0-1.el6_6.i686.rpm firefox-debuginfo-31.5.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-31.5.0-1.el6_6.src.rpm i386: firefox-31.5.0-1.el6_6.i686.rpm firefox-debuginfo-31.5.0-1.el6_6.i686.rpm ppc64: firefox-31.5.0-1.el6_6.ppc64.rpm firefox-debuginfo-31.5.0-1.el6_6.ppc64.rpm s390x: firefox-31.5.0-1.el6_6.s390x.rpm firefox-debuginfo-31.5.0-1.el6_6.s390x.rpm x86_64: firefox-31.5.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.5.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-31.5.0-1.el6_6.ppc.rpm firefox-debuginfo-31.5.0-1.el6_6.ppc.rpm s390x: firefox-31.5.0-1.el6_6.s390.rpm firefox-debuginfo-31.5.0-1.el6_6.s390.rpm x86_64: firefox-31.5.0-1.el6_6.i686.rpm firefox-debuginfo-31.5.0-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-31.5.0-1.el6_6.src.rpm i386: firefox-31.5.0-1.el6_6.i686.rpm firefox-debuginfo-31.5.0-1.el6_6.i686.rpm x86_64: firefox-31.5.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.5.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-31.5.0-1.el6_6.i686.rpm firefox-debuginfo-31.5.0-1.el6_6.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-31.5.0-2.el7_0.src.rpm xulrunner-31.5.0-1.el7_0.src.rpm x86_64: firefox-31.5.0-2.el7_0.x86_64.rpm firefox-debuginfo-31.5.0-2.el7_0.x86_64.rpm xulrunner-31.5.0-1.el7_0.i686.rpm xulrunner-31.5.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-31.5.0-2.el7_0.i686.rpm firefox-debuginfo-31.5.0-2.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm xulrunner-devel-31.5.0-1.el7_0.i686.rpm xulrunner-devel-31.5.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xulrunner-31.5.0-1.el7_0.src.rpm x86_64: xulrunner-31.5.0-1.el7_0.i686.rpm xulrunner-31.5.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm xulrunner-devel-31.5.0-1.el7_0.i686.rpm xulrunner-devel-31.5.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-31.5.0-2.el7_0.src.rpm xulrunner-31.5.0-1.el7_0.src.rpm ppc64: firefox-31.5.0-2.el7_0.ppc64.rpm firefox-debuginfo-31.5.0-2.el7_0.ppc64.rpm xulrunner-31.5.0-1.el7_0.ppc.rpm xulrunner-31.5.0-1.el7_0.ppc64.rpm xulrunner-debuginfo-31.5.0-1.el7_0.ppc.rpm xulrunner-debuginfo-31.5.0-1.el7_0.ppc64.rpm s390x: firefox-31.5.0-2.el7_0.s390x.rpm firefox-debuginfo-31.5.0-2.el7_0.s390x.rpm x86_64: firefox-31.5.0-2.el7_0.x86_64.rpm firefox-debuginfo-31.5.0-2.el7_0.x86_64.rpm xulrunner-31.5.0-1.el7_0.i686.rpm xulrunner-31.5.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: xulrunner-31.5.0-1.el7_0.src.rpm ppc64: firefox-31.5.0-2.el7_0.ppc.rpm firefox-debuginfo-31.5.0-2.el7_0.ppc.rpm xulrunner-debuginfo-31.5.0-1.el7_0.ppc.rpm xulrunner-debuginfo-31.5.0-1.el7_0.ppc64.rpm xulrunner-devel-31.5.0-1.el7_0.ppc.rpm xulrunner-devel-31.5.0-1.el7_0.ppc64.rpm s390x: firefox-31.5.0-2.el7_0.s390.rpm firefox-debuginfo-31.5.0-2.el7_0.s390.rpm xulrunner-31.5.0-1.el7_0.s390.rpm xulrunner-31.5.0-1.el7_0.s390x.rpm xulrunner-debuginfo-31.5.0-1.el7_0.s390.rpm xulrunner-debuginfo-31.5.0-1.el7_0.s390x.rpm xulrunner-devel-31.5.0-1.el7_0.s390.rpm xulrunner-devel-31.5.0-1.el7_0.s390x.rpm x86_64: firefox-31.5.0-2.el7_0.i686.rpm firefox-debuginfo-31.5.0-2.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm xulrunner-devel-31.5.0-1.el7_0.i686.rpm xulrunner-devel-31.5.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-31.5.0-2.el7_0.src.rpm xulrunner-31.5.0-1.el7_0.src.rpm x86_64: firefox-31.5.0-2.el7_0.x86_64.rpm firefox-debuginfo-31.5.0-2.el7_0.x86_64.rpm xulrunner-31.5.0-1.el7_0.i686.rpm xulrunner-31.5.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-31.5.0-2.el7_0.i686.rpm firefox-debuginfo-31.5.0-2.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm xulrunner-devel-31.5.0-1.el7_0.i686.rpm xulrunner-devel-31.5.0-1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0822 https://access.redhat.com/security/cve/CVE-2015-0827 https://access.redhat.com/security/cve/CVE-2015-0831 https://access.redhat.com/security/cve/CVE-2015-0836 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.5 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU7P8EXlSAg2UNWIIRAiglAKCpRN679PEOtCwNtGx5MQq1DtyoSACgsGUy nNbgVhTH0mzwDx59nNxEWr4= =wqtn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 25 12:42:49 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Feb 2015 12:42:49 +0000 Subject: [RHSA-2015:0266-01] Important: thunderbird security update Message-ID: <201502251242.t1PCgnbH005117@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2015:0266-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0266.html Issue date: 2015-02-25 CVE Names: CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827) An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. (CVE-2015-0822) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1195605 - CVE-2015-0836 Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11) 1195619 - CVE-2015-0831 Mozilla: Use-after-free in IndexedDB (MFSA 2015-16) 1195623 - CVE-2015-0827 Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19) 1195638 - CVE-2015-0822 Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-31.5.0-1.el5_11.src.rpm i386: thunderbird-31.5.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.5.0-1.el5_11.i386.rpm x86_64: thunderbird-31.5.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.5.0-1.el5_11.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: thunderbird-31.5.0-1.el5_11.src.rpm i386: thunderbird-31.5.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.5.0-1.el5_11.i386.rpm x86_64: thunderbird-31.5.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.5.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-31.5.0-1.el6_6.src.rpm i386: thunderbird-31.5.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.5.0-1.el6_6.i686.rpm x86_64: thunderbird-31.5.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.5.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-31.5.0-1.el6_6.src.rpm i386: thunderbird-31.5.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.5.0-1.el6_6.i686.rpm ppc64: thunderbird-31.5.0-1.el6_6.ppc64.rpm thunderbird-debuginfo-31.5.0-1.el6_6.ppc64.rpm s390x: thunderbird-31.5.0-1.el6_6.s390x.rpm thunderbird-debuginfo-31.5.0-1.el6_6.s390x.rpm x86_64: thunderbird-31.5.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.5.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-31.5.0-1.el6_6.src.rpm i386: thunderbird-31.5.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.5.0-1.el6_6.i686.rpm x86_64: thunderbird-31.5.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.5.0-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0822 https://access.redhat.com/security/cve/CVE-2015-0827 https://access.redhat.com/security/cve/CVE-2015-0831 https://access.redhat.com/security/cve/CVE-2015-0836 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird31.5 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU7cMqXlSAg2UNWIIRAsAzAKCvm2aKVhdyfL8ct2Yb0a2TYnUBDwCeOzMS cSUVYdfj0PHnm/gIty62Y5Q= =KmBD -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 26 12:08:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Feb 2015 12:08:28 +0000 Subject: [RHSA-2015:0271-01] Low: Red Hat Enterprise Linux 5.9 Extended Update Support One-Month Notice Message-ID: <201502261208.t1QC8T8j015598@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5.9 Extended Update Support One-Month Notice Advisory ID: RHSA-2015:0271-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0271.html Issue date: 2015-02-26 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 5.9 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.9. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux EUS (v. 5.9 server): Source: redhat-release-5Server-5.9.0.4.src.rpm i386: redhat-release-5Server-5.9.0.4.i386.rpm ia64: redhat-release-5Server-5.9.0.4.ia64.rpm ppc: redhat-release-5Server-5.9.0.4.ppc.rpm s390x: redhat-release-5Server-5.9.0.4.s390x.rpm x86_64: redhat-release-5Server-5.9.0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU7wx8XlSAg2UNWIIRAuimAKCNymaN3jmOc3ze8cdLvg60gSRQVQCeL5KA 49PjZL9jRvp14h1iDYXhpzE= =0qXo -----END PGP SIGNATURE-----