From bugzilla at redhat.com Mon Jan 5 20:43:00 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Jan 2015 20:43:00 +0000 Subject: [RHSA-2015:0008-01] Low: libvirt security and bug fix update Message-ID: <201501052043.t05Kh1wq024815@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: libvirt security and bug fix update Advisory ID: RHSA-2015:0008-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0008.html Issue date: 2015-01-05 CVE Names: CVE-2014-7823 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) This issue was discovered by Eric Blake of Red Hat. This update also fixes the following bugs: * In Red Hat Enterprise Linux 6, libvirt relies on the QEMU emulator to supply the error message when an active commit is attempted. However, with Red Hat Enterprise Linux 7, QEMU added support for an active commit, but an additional interaction from libvirt to fully enable active commits is still missing. As a consequence, attempts to perform an active commit caused libvirt to become unresponsive. With this update, libvirt has been fixed to detect an active commit by itself, and now properly declares the feature as unsupported. As a result, libvirt no longer hangs when an active commit is attempted and instead produces an error message. Note that the missing libvirt interaction will be added in Red Hat Enterprise Linux 7.1, adding full support for active commits. (BZ#1150379) * Prior to this update, the libvirt API did not properly check whether a Discretionary Access Control (DAC) security label is non-NULL before trying to parse user/group ownership from it. In addition, the DAC security label of a transient domain that had just finished migrating to another host is in some cases NULL. As a consequence, when the virDomainGetBlockInfo API was called on such a domain, the libvirtd daemon sometimes terminated unexpectedly. With this update, libvirt properly checks DAC labels before trying to parse them, and libvirtd thus no longer crashes in the described scenario. (BZ#1171124) * If a block copy operation was attempted while another block copy was already in progress to an explicit raw destination, libvirt previously stopped regarding the destination as raw. As a consequence, if the qemu.conf file was edited to allow file format probing, triggering the bug could allow a malicious guest to bypass sVirt protection by making libvirt regard the file as non-raw. With this update, libvirt has been fixed to consistently remember when a block copy destination is raw, and guests can no longer circumvent sVirt protection when the host is configured to allow format probing. (BZ#1149078) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1150379 - attempts to live snapshot merge (commit) of the active layer hang 1160817 - CVE-2014-7823 libvirt: dumpxml: information leak with migratable flag 1171124 - libvirtd occasionally crashes at the end of migration 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libvirt-1.1.1-29.el7_0.4.src.rpm x86_64: libvirt-1.1.1-29.el7_0.4.x86_64.rpm libvirt-client-1.1.1-29.el7_0.4.i686.rpm libvirt-client-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm libvirt-python-1.1.1-29.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvirt-daemon-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.4.i686.rpm libvirt-devel-1.1.1-29.el7_0.4.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.4.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.4.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libvirt-1.1.1-29.el7_0.4.src.rpm x86_64: libvirt-client-1.1.1-29.el7_0.4.i686.rpm libvirt-client-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libvirt-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.4.i686.rpm libvirt-devel-1.1.1-29.el7_0.4.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.4.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.4.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.4.x86_64.rpm libvirt-python-1.1.1-29.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libvirt-1.1.1-29.el7_0.4.src.rpm ppc64: libvirt-1.1.1-29.el7_0.4.ppc64.rpm libvirt-client-1.1.1-29.el7_0.4.ppc.rpm libvirt-client-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.4.ppc64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.4.ppc64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.ppc.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.ppc64.rpm libvirt-devel-1.1.1-29.el7_0.4.ppc.rpm libvirt-devel-1.1.1-29.el7_0.4.ppc64.rpm libvirt-docs-1.1.1-29.el7_0.4.ppc64.rpm libvirt-python-1.1.1-29.el7_0.4.ppc64.rpm s390x: libvirt-1.1.1-29.el7_0.4.s390x.rpm libvirt-client-1.1.1-29.el7_0.4.s390.rpm libvirt-client-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.4.s390x.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.4.s390x.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.s390.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.s390x.rpm libvirt-devel-1.1.1-29.el7_0.4.s390.rpm libvirt-devel-1.1.1-29.el7_0.4.s390x.rpm libvirt-docs-1.1.1-29.el7_0.4.s390x.rpm libvirt-python-1.1.1-29.el7_0.4.s390x.rpm x86_64: libvirt-1.1.1-29.el7_0.4.x86_64.rpm libvirt-client-1.1.1-29.el7_0.4.i686.rpm libvirt-client-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.4.i686.rpm libvirt-devel-1.1.1-29.el7_0.4.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.4.x86_64.rpm libvirt-python-1.1.1-29.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libvirt-daemon-lxc-1.1.1-29.el7_0.4.ppc64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.ppc64.rpm libvirt-login-shell-1.1.1-29.el7_0.4.ppc64.rpm s390x: libvirt-daemon-lxc-1.1.1-29.el7_0.4.s390x.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.s390x.rpm libvirt-login-shell-1.1.1-29.el7_0.4.s390x.rpm x86_64: libvirt-daemon-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.4.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvirt-1.1.1-29.el7_0.4.src.rpm x86_64: libvirt-1.1.1-29.el7_0.4.x86_64.rpm libvirt-client-1.1.1-29.el7_0.4.i686.rpm libvirt-client-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-config-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-interface-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-network-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nodedev-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-nwfilter-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-qemu-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-secret-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-driver-storage-1.1.1-29.el7_0.4.x86_64.rpm libvirt-daemon-kvm-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.i686.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm libvirt-devel-1.1.1-29.el7_0.4.i686.rpm libvirt-devel-1.1.1-29.el7_0.4.x86_64.rpm libvirt-docs-1.1.1-29.el7_0.4.x86_64.rpm libvirt-python-1.1.1-29.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvirt-daemon-lxc-1.1.1-29.el7_0.4.x86_64.rpm libvirt-debuginfo-1.1.1-29.el7_0.4.x86_64.rpm libvirt-lock-sanlock-1.1.1-29.el7_0.4.x86_64.rpm libvirt-login-shell-1.1.1-29.el7_0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7823 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUqvcPXlSAg2UNWIIRAv2uAKDBqFEdSWCH1plrCXZakdb1eq6BJACghBm3 nXHdq/WEM9p22VqQmCn6xxQ= =VGg6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 5 20:43:37 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Jan 2015 20:43:37 +0000 Subject: [RHSA-2015:0009-01] Important: kernel security update Message-ID: <201501052043.t05KhbS4012014@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2015:0009-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0009.html Issue date: 2015-01-05 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: kernel-2.6.9-106.EL.src.rpm i386: kernel-2.6.9-106.EL.i686.rpm kernel-debuginfo-2.6.9-106.EL.i686.rpm kernel-devel-2.6.9-106.EL.i686.rpm kernel-hugemem-2.6.9-106.EL.i686.rpm kernel-hugemem-devel-2.6.9-106.EL.i686.rpm kernel-smp-2.6.9-106.EL.i686.rpm kernel-smp-devel-2.6.9-106.EL.i686.rpm kernel-xenU-2.6.9-106.EL.i686.rpm kernel-xenU-devel-2.6.9-106.EL.i686.rpm ia64: kernel-2.6.9-106.EL.ia64.rpm kernel-debuginfo-2.6.9-106.EL.ia64.rpm kernel-devel-2.6.9-106.EL.ia64.rpm kernel-largesmp-2.6.9-106.EL.ia64.rpm kernel-largesmp-devel-2.6.9-106.EL.ia64.rpm noarch: kernel-doc-2.6.9-106.EL.noarch.rpm x86_64: kernel-2.6.9-106.EL.x86_64.rpm kernel-debuginfo-2.6.9-106.EL.x86_64.rpm kernel-devel-2.6.9-106.EL.x86_64.rpm kernel-largesmp-2.6.9-106.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-106.EL.x86_64.rpm kernel-smp-2.6.9-106.EL.x86_64.rpm kernel-smp-devel-2.6.9-106.EL.x86_64.rpm kernel-xenU-2.6.9-106.EL.x86_64.rpm kernel-xenU-devel-2.6.9-106.EL.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: kernel-2.6.9-106.EL.src.rpm i386: kernel-2.6.9-106.EL.i686.rpm kernel-debuginfo-2.6.9-106.EL.i686.rpm kernel-devel-2.6.9-106.EL.i686.rpm kernel-hugemem-2.6.9-106.EL.i686.rpm kernel-hugemem-devel-2.6.9-106.EL.i686.rpm kernel-smp-2.6.9-106.EL.i686.rpm kernel-smp-devel-2.6.9-106.EL.i686.rpm kernel-xenU-2.6.9-106.EL.i686.rpm kernel-xenU-devel-2.6.9-106.EL.i686.rpm noarch: kernel-doc-2.6.9-106.EL.noarch.rpm x86_64: kernel-2.6.9-106.EL.x86_64.rpm kernel-debuginfo-2.6.9-106.EL.x86_64.rpm kernel-devel-2.6.9-106.EL.x86_64.rpm kernel-largesmp-2.6.9-106.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-106.EL.x86_64.rpm kernel-smp-2.6.9-106.EL.x86_64.rpm kernel-smp-devel-2.6.9-106.EL.x86_64.rpm kernel-xenU-2.6.9-106.EL.x86_64.rpm kernel-xenU-devel-2.6.9-106.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUqvdkXlSAg2UNWIIRAgVPAKCDvtmAekTxnxJNJ4rf+47bI3n0YgCgo045 3N0TYQC+XrakYrAojgc+cTo= =laFK -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 7 17:24:25 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Jan 2015 17:24:25 +0000 Subject: [RHSA-2015:0016-01] Moderate: glibc security and bug fix update Message-ID: <201501071724.t07HOPdj032742@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2015:0016-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0016.html Issue date: 2015-01-07 CVE Names: CVE-2014-6040 CVE-2014-7817 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040) It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817) The CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team. This update also fixes the following bugs: * Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023) * An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1135841 - CVE-2014-6040 glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) 1157689 - CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.149.el6_6.4.src.rpm i386: glibc-2.12-1.149.el6_6.4.i686.rpm glibc-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-devel-2.12-1.149.el6_6.4.i686.rpm glibc-headers-2.12-1.149.el6_6.4.i686.rpm glibc-utils-2.12-1.149.el6_6.4.i686.rpm nscd-2.12-1.149.el6_6.4.i686.rpm x86_64: glibc-2.12-1.149.el6_6.4.i686.rpm glibc-2.12-1.149.el6_6.4.x86_64.rpm glibc-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-devel-2.12-1.149.el6_6.4.i686.rpm glibc-devel-2.12-1.149.el6_6.4.x86_64.rpm glibc-headers-2.12-1.149.el6_6.4.x86_64.rpm glibc-utils-2.12-1.149.el6_6.4.x86_64.rpm nscd-2.12-1.149.el6_6.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-static-2.12-1.149.el6_6.4.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-static-2.12-1.149.el6_6.4.i686.rpm glibc-static-2.12-1.149.el6_6.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.149.el6_6.4.src.rpm x86_64: glibc-2.12-1.149.el6_6.4.i686.rpm glibc-2.12-1.149.el6_6.4.x86_64.rpm glibc-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-devel-2.12-1.149.el6_6.4.i686.rpm glibc-devel-2.12-1.149.el6_6.4.x86_64.rpm glibc-headers-2.12-1.149.el6_6.4.x86_64.rpm glibc-utils-2.12-1.149.el6_6.4.x86_64.rpm nscd-2.12-1.149.el6_6.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-static-2.12-1.149.el6_6.4.i686.rpm glibc-static-2.12-1.149.el6_6.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.149.el6_6.4.src.rpm i386: glibc-2.12-1.149.el6_6.4.i686.rpm glibc-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-devel-2.12-1.149.el6_6.4.i686.rpm glibc-headers-2.12-1.149.el6_6.4.i686.rpm glibc-utils-2.12-1.149.el6_6.4.i686.rpm nscd-2.12-1.149.el6_6.4.i686.rpm ppc64: glibc-2.12-1.149.el6_6.4.ppc.rpm glibc-2.12-1.149.el6_6.4.ppc64.rpm glibc-common-2.12-1.149.el6_6.4.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.4.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.4.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.ppc64.rpm glibc-devel-2.12-1.149.el6_6.4.ppc.rpm glibc-devel-2.12-1.149.el6_6.4.ppc64.rpm glibc-headers-2.12-1.149.el6_6.4.ppc64.rpm glibc-utils-2.12-1.149.el6_6.4.ppc64.rpm nscd-2.12-1.149.el6_6.4.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.4.s390.rpm glibc-2.12-1.149.el6_6.4.s390x.rpm glibc-common-2.12-1.149.el6_6.4.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.4.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.4.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.s390x.rpm glibc-devel-2.12-1.149.el6_6.4.s390.rpm glibc-devel-2.12-1.149.el6_6.4.s390x.rpm glibc-headers-2.12-1.149.el6_6.4.s390x.rpm glibc-utils-2.12-1.149.el6_6.4.s390x.rpm nscd-2.12-1.149.el6_6.4.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.4.i686.rpm glibc-2.12-1.149.el6_6.4.x86_64.rpm glibc-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-devel-2.12-1.149.el6_6.4.i686.rpm glibc-devel-2.12-1.149.el6_6.4.x86_64.rpm glibc-headers-2.12-1.149.el6_6.4.x86_64.rpm glibc-utils-2.12-1.149.el6_6.4.x86_64.rpm nscd-2.12-1.149.el6_6.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-static-2.12-1.149.el6_6.4.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.4.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.4.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.ppc64.rpm glibc-static-2.12-1.149.el6_6.4.ppc.rpm glibc-static-2.12-1.149.el6_6.4.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.4.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.4.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.s390x.rpm glibc-static-2.12-1.149.el6_6.4.s390.rpm glibc-static-2.12-1.149.el6_6.4.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-static-2.12-1.149.el6_6.4.i686.rpm glibc-static-2.12-1.149.el6_6.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.149.el6_6.4.src.rpm i386: glibc-2.12-1.149.el6_6.4.i686.rpm glibc-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-devel-2.12-1.149.el6_6.4.i686.rpm glibc-headers-2.12-1.149.el6_6.4.i686.rpm glibc-utils-2.12-1.149.el6_6.4.i686.rpm nscd-2.12-1.149.el6_6.4.i686.rpm x86_64: glibc-2.12-1.149.el6_6.4.i686.rpm glibc-2.12-1.149.el6_6.4.x86_64.rpm glibc-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-devel-2.12-1.149.el6_6.4.i686.rpm glibc-devel-2.12-1.149.el6_6.4.x86_64.rpm glibc-headers-2.12-1.149.el6_6.4.x86_64.rpm glibc-utils-2.12-1.149.el6_6.4.x86_64.rpm nscd-2.12-1.149.el6_6.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-static-2.12-1.149.el6_6.4.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.4.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.4.x86_64.rpm glibc-static-2.12-1.149.el6_6.4.i686.rpm glibc-static-2.12-1.149.el6_6.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6040 https://access.redhat.com/security/cve/CVE-2014-7817 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUrWueXlSAg2UNWIIRAikZAJ9aEnBbvKUhe8OdgkhHhfM2fh2eGgCaAxKD bnowizk2Y8bAebvJhOiEoN8= =QS1V -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 8 18:29:24 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Jan 2015 18:29:24 +0000 Subject: [RHSA-2015:0020-01] Moderate: python-keystoneclient security update Message-ID: <201501081829.t08ITOdm009019@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-keystoneclient security update Advisory ID: RHSA-2015:0020-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0020.html Issue date: 2015-01-08 CVE Names: CVE-2014-7144 ===================================================================== 1. Summary: Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. It was found that python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. (CVE-2014-7144) Note that when the "insecure" option was not set in paste.ini, it evaluated to false, and verification was performed. All python-keystoneclient users are advised to upgrade to these updated packages, which correct this issue. After installing this update, all OpenStack services using auth_token must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1143808 - CVE-2014-7144 python-keystoneclient: TLS certificate verification disabled 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: python-keystoneclient-0.7.1-5.el6ost.src.rpm noarch: python-keystoneclient-0.7.1-5.el6ost.noarch.rpm python-keystoneclient-doc-0.7.1-5.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7144 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUrsxcXlSAg2UNWIIRAsTfAJ9FwvC+0hUo5GPBZGyySOVjPyCPRwCdHRhk oSh+n+E2J1Ta/E9fxPp4QV8= =vQWR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 8 18:29:55 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Jan 2015 18:29:55 +0000 Subject: [RHSA-2015:0021-01] Important: php security update Message-ID: <201501081829.t08ITtRo020734@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2015:0021-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0021.html Issue date: 2015-01-08 CVE Names: CVE-2014-3669 CVE-2014-3670 ===================================================================== 1. Summary: Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: php-5.3.3-27.el6_5.3.src.rpm x86_64: php-cli-5.3.3-27.el6_5.3.x86_64.rpm php-common-5.3.3-27.el6_5.3.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: php-5.3.3-27.el6_5.3.src.rpm x86_64: php-5.3.3-27.el6_5.3.x86_64.rpm php-bcmath-5.3.3-27.el6_5.3.x86_64.rpm php-dba-5.3.3-27.el6_5.3.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.3.x86_64.rpm php-devel-5.3.3-27.el6_5.3.x86_64.rpm php-embedded-5.3.3-27.el6_5.3.x86_64.rpm php-enchant-5.3.3-27.el6_5.3.x86_64.rpm php-fpm-5.3.3-27.el6_5.3.x86_64.rpm php-gd-5.3.3-27.el6_5.3.x86_64.rpm php-imap-5.3.3-27.el6_5.3.x86_64.rpm php-intl-5.3.3-27.el6_5.3.x86_64.rpm php-ldap-5.3.3-27.el6_5.3.x86_64.rpm php-mbstring-5.3.3-27.el6_5.3.x86_64.rpm php-mysql-5.3.3-27.el6_5.3.x86_64.rpm php-odbc-5.3.3-27.el6_5.3.x86_64.rpm php-pdo-5.3.3-27.el6_5.3.x86_64.rpm php-pgsql-5.3.3-27.el6_5.3.x86_64.rpm php-process-5.3.3-27.el6_5.3.x86_64.rpm php-pspell-5.3.3-27.el6_5.3.x86_64.rpm php-recode-5.3.3-27.el6_5.3.x86_64.rpm php-snmp-5.3.3-27.el6_5.3.x86_64.rpm php-soap-5.3.3-27.el6_5.3.x86_64.rpm php-tidy-5.3.3-27.el6_5.3.x86_64.rpm php-xml-5.3.3-27.el6_5.3.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.3.x86_64.rpm php-zts-5.3.3-27.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: php-5.3.3-27.el6_5.3.src.rpm i386: php-5.3.3-27.el6_5.3.i686.rpm php-cli-5.3.3-27.el6_5.3.i686.rpm php-common-5.3.3-27.el6_5.3.i686.rpm php-debuginfo-5.3.3-27.el6_5.3.i686.rpm php-gd-5.3.3-27.el6_5.3.i686.rpm php-ldap-5.3.3-27.el6_5.3.i686.rpm php-mysql-5.3.3-27.el6_5.3.i686.rpm php-odbc-5.3.3-27.el6_5.3.i686.rpm php-pdo-5.3.3-27.el6_5.3.i686.rpm php-pgsql-5.3.3-27.el6_5.3.i686.rpm php-soap-5.3.3-27.el6_5.3.i686.rpm php-xml-5.3.3-27.el6_5.3.i686.rpm php-xmlrpc-5.3.3-27.el6_5.3.i686.rpm ppc64: php-5.3.3-27.el6_5.3.ppc64.rpm php-cli-5.3.3-27.el6_5.3.ppc64.rpm php-common-5.3.3-27.el6_5.3.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.3.ppc64.rpm php-gd-5.3.3-27.el6_5.3.ppc64.rpm php-ldap-5.3.3-27.el6_5.3.ppc64.rpm php-mysql-5.3.3-27.el6_5.3.ppc64.rpm php-odbc-5.3.3-27.el6_5.3.ppc64.rpm php-pdo-5.3.3-27.el6_5.3.ppc64.rpm php-pgsql-5.3.3-27.el6_5.3.ppc64.rpm php-soap-5.3.3-27.el6_5.3.ppc64.rpm php-xml-5.3.3-27.el6_5.3.ppc64.rpm php-xmlrpc-5.3.3-27.el6_5.3.ppc64.rpm s390x: php-5.3.3-27.el6_5.3.s390x.rpm php-cli-5.3.3-27.el6_5.3.s390x.rpm php-common-5.3.3-27.el6_5.3.s390x.rpm php-debuginfo-5.3.3-27.el6_5.3.s390x.rpm php-gd-5.3.3-27.el6_5.3.s390x.rpm php-ldap-5.3.3-27.el6_5.3.s390x.rpm php-mysql-5.3.3-27.el6_5.3.s390x.rpm php-odbc-5.3.3-27.el6_5.3.s390x.rpm php-pdo-5.3.3-27.el6_5.3.s390x.rpm php-pgsql-5.3.3-27.el6_5.3.s390x.rpm php-soap-5.3.3-27.el6_5.3.s390x.rpm php-xml-5.3.3-27.el6_5.3.s390x.rpm php-xmlrpc-5.3.3-27.el6_5.3.s390x.rpm x86_64: php-5.3.3-27.el6_5.3.x86_64.rpm php-cli-5.3.3-27.el6_5.3.x86_64.rpm php-common-5.3.3-27.el6_5.3.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.3.x86_64.rpm php-gd-5.3.3-27.el6_5.3.x86_64.rpm php-ldap-5.3.3-27.el6_5.3.x86_64.rpm php-mysql-5.3.3-27.el6_5.3.x86_64.rpm php-odbc-5.3.3-27.el6_5.3.x86_64.rpm php-pdo-5.3.3-27.el6_5.3.x86_64.rpm php-pgsql-5.3.3-27.el6_5.3.x86_64.rpm php-soap-5.3.3-27.el6_5.3.x86_64.rpm php-xml-5.3.3-27.el6_5.3.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: php-5.3.3-27.el6_5.3.src.rpm i386: php-bcmath-5.3.3-27.el6_5.3.i686.rpm php-dba-5.3.3-27.el6_5.3.i686.rpm php-debuginfo-5.3.3-27.el6_5.3.i686.rpm php-devel-5.3.3-27.el6_5.3.i686.rpm php-embedded-5.3.3-27.el6_5.3.i686.rpm php-enchant-5.3.3-27.el6_5.3.i686.rpm php-fpm-5.3.3-27.el6_5.3.i686.rpm php-imap-5.3.3-27.el6_5.3.i686.rpm php-intl-5.3.3-27.el6_5.3.i686.rpm php-mbstring-5.3.3-27.el6_5.3.i686.rpm php-process-5.3.3-27.el6_5.3.i686.rpm php-pspell-5.3.3-27.el6_5.3.i686.rpm php-recode-5.3.3-27.el6_5.3.i686.rpm php-snmp-5.3.3-27.el6_5.3.i686.rpm php-tidy-5.3.3-27.el6_5.3.i686.rpm php-zts-5.3.3-27.el6_5.3.i686.rpm ppc64: php-bcmath-5.3.3-27.el6_5.3.ppc64.rpm php-dba-5.3.3-27.el6_5.3.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.3.ppc64.rpm php-devel-5.3.3-27.el6_5.3.ppc64.rpm php-embedded-5.3.3-27.el6_5.3.ppc64.rpm php-enchant-5.3.3-27.el6_5.3.ppc64.rpm php-fpm-5.3.3-27.el6_5.3.ppc64.rpm php-imap-5.3.3-27.el6_5.3.ppc64.rpm php-intl-5.3.3-27.el6_5.3.ppc64.rpm php-mbstring-5.3.3-27.el6_5.3.ppc64.rpm php-process-5.3.3-27.el6_5.3.ppc64.rpm php-pspell-5.3.3-27.el6_5.3.ppc64.rpm php-recode-5.3.3-27.el6_5.3.ppc64.rpm php-snmp-5.3.3-27.el6_5.3.ppc64.rpm php-tidy-5.3.3-27.el6_5.3.ppc64.rpm php-zts-5.3.3-27.el6_5.3.ppc64.rpm s390x: php-bcmath-5.3.3-27.el6_5.3.s390x.rpm php-dba-5.3.3-27.el6_5.3.s390x.rpm php-debuginfo-5.3.3-27.el6_5.3.s390x.rpm php-devel-5.3.3-27.el6_5.3.s390x.rpm php-embedded-5.3.3-27.el6_5.3.s390x.rpm php-enchant-5.3.3-27.el6_5.3.s390x.rpm php-fpm-5.3.3-27.el6_5.3.s390x.rpm php-imap-5.3.3-27.el6_5.3.s390x.rpm php-intl-5.3.3-27.el6_5.3.s390x.rpm php-mbstring-5.3.3-27.el6_5.3.s390x.rpm php-process-5.3.3-27.el6_5.3.s390x.rpm php-pspell-5.3.3-27.el6_5.3.s390x.rpm php-recode-5.3.3-27.el6_5.3.s390x.rpm php-snmp-5.3.3-27.el6_5.3.s390x.rpm php-tidy-5.3.3-27.el6_5.3.s390x.rpm php-zts-5.3.3-27.el6_5.3.s390x.rpm x86_64: php-bcmath-5.3.3-27.el6_5.3.x86_64.rpm php-dba-5.3.3-27.el6_5.3.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.3.x86_64.rpm php-devel-5.3.3-27.el6_5.3.x86_64.rpm php-embedded-5.3.3-27.el6_5.3.x86_64.rpm php-enchant-5.3.3-27.el6_5.3.x86_64.rpm php-fpm-5.3.3-27.el6_5.3.x86_64.rpm php-imap-5.3.3-27.el6_5.3.x86_64.rpm php-intl-5.3.3-27.el6_5.3.x86_64.rpm php-mbstring-5.3.3-27.el6_5.3.x86_64.rpm php-process-5.3.3-27.el6_5.3.x86_64.rpm php-pspell-5.3.3-27.el6_5.3.x86_64.rpm php-recode-5.3.3-27.el6_5.3.x86_64.rpm php-snmp-5.3.3-27.el6_5.3.x86_64.rpm php-tidy-5.3.3-27.el6_5.3.x86_64.rpm php-zts-5.3.3-27.el6_5.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUrsyYXlSAg2UNWIIRAkNmAJ0eX3bxYkh2KnK7hFNT0Aaip5w00QCdGliM QxFgB4TWU5SB6B+gbqTKHhE= =SK/T -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 12 20:35:19 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 12 Jan 2015 20:35:19 +0000 Subject: [RHSA-2015:0035-01] Important: condor security update Message-ID: <201501122035.t0CKZKBp009441@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: condor security update Advisory ID: RHSA-2015:0035-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0035.html Issue date: 2015-01-12 CVE Names: CVE-2014-8126 ===================================================================== 1. Summary: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - x86_64 MRG Grid Execute Node for RHEL 6 Server v.2 - i386, x86_64 MRG Grid for RHEL 6 Server v.2 - i386, x86_64 3. Description: HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. (CVE-2014-8126) This issue was discovered by Florian Weimer of Red Hat Product Security. All Red Hat Enterprise MRG 2.5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. HTCondor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169800 - CVE-2014-8126 condor: mailx invocation enables code execution as condor user 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: condor-7.8.10-0.2.el6.src.rpm x86_64: condor-7.8.10-0.2.el6.x86_64.rpm condor-classads-7.8.10-0.2.el6.x86_64.rpm condor-debuginfo-7.8.10-0.2.el6.x86_64.rpm condor-kbdd-7.8.10-0.2.el6.x86_64.rpm condor-qmf-7.8.10-0.2.el6.x86_64.rpm condor-vm-gahp-7.8.10-0.2.el6.x86_64.rpm MRG Grid for RHEL 6 Server v.2: Source: condor-7.8.10-0.2.el6.src.rpm i386: condor-7.8.10-0.2.el6.i686.rpm condor-aviary-7.8.10-0.2.el6.i686.rpm condor-classads-7.8.10-0.2.el6.i686.rpm condor-cluster-resource-agent-7.8.10-0.2.el6.i686.rpm condor-debuginfo-7.8.10-0.2.el6.i686.rpm condor-kbdd-7.8.10-0.2.el6.i686.rpm condor-plumage-7.8.10-0.2.el6.i686.rpm condor-qmf-7.8.10-0.2.el6.i686.rpm x86_64: condor-7.8.10-0.2.el6.x86_64.rpm condor-aviary-7.8.10-0.2.el6.x86_64.rpm condor-classads-7.8.10-0.2.el6.x86_64.rpm condor-cluster-resource-agent-7.8.10-0.2.el6.x86_64.rpm condor-debuginfo-7.8.10-0.2.el6.x86_64.rpm condor-deltacloud-gahp-7.8.10-0.2.el6.x86_64.rpm condor-kbdd-7.8.10-0.2.el6.x86_64.rpm condor-plumage-7.8.10-0.2.el6.x86_64.rpm condor-qmf-7.8.10-0.2.el6.x86_64.rpm condor-vm-gahp-7.8.10-0.2.el6.x86_64.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: condor-7.8.10-0.2.el6.src.rpm i386: condor-7.8.10-0.2.el6.i686.rpm condor-classads-7.8.10-0.2.el6.i686.rpm condor-debuginfo-7.8.10-0.2.el6.i686.rpm condor-kbdd-7.8.10-0.2.el6.i686.rpm condor-qmf-7.8.10-0.2.el6.i686.rpm x86_64: condor-7.8.10-0.2.el6.x86_64.rpm condor-classads-7.8.10-0.2.el6.x86_64.rpm condor-debuginfo-7.8.10-0.2.el6.x86_64.rpm condor-kbdd-7.8.10-0.2.el6.x86_64.rpm condor-qmf-7.8.10-0.2.el6.x86_64.rpm condor-vm-gahp-7.8.10-0.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8126 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUtC/IXlSAg2UNWIIRAnhvAKCx5u4B4k/qA8ozkWmS2ykpQZK2xwCgvz8s HSCecKv8mExZxlMX3KNDLf0= =vY7W -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 12 20:35:58 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 12 Jan 2015 20:35:58 +0000 Subject: [RHSA-2015:0036-01] Important: condor security update Message-ID: <201501122035.t0CKZwM1001091@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: condor security update Advisory ID: RHSA-2015:0036-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0036.html Issue date: 2015-01-12 CVE Names: CVE-2014-8126 ===================================================================== 1. Summary: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - i386, x86_64 MRG Grid for RHEL 5 Server v.2 - i386, x86_64 3. Description: HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. (CVE-2014-8126) This issue was discovered by Florian Weimer of Red Hat Product Security. All Red Hat Enterprise MRG 2.5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. HTCondor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169800 - CVE-2014-8126 condor: mailx invocation enables code execution as condor user 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: condor-7.8.9-0.11.el5.src.rpm i386: condor-7.8.9-0.11.el5.i386.rpm condor-aviary-7.8.9-0.11.el5.i386.rpm condor-classads-7.8.9-0.11.el5.i386.rpm condor-debuginfo-7.8.9-0.11.el5.i386.rpm condor-kbdd-7.8.9-0.11.el5.i386.rpm condor-qmf-7.8.9-0.11.el5.i386.rpm condor-vm-gahp-7.8.9-0.11.el5.i386.rpm x86_64: condor-7.8.9-0.11.el5.x86_64.rpm condor-aviary-7.8.9-0.11.el5.x86_64.rpm condor-classads-7.8.9-0.11.el5.x86_64.rpm condor-debuginfo-7.8.9-0.11.el5.x86_64.rpm condor-kbdd-7.8.9-0.11.el5.x86_64.rpm condor-qmf-7.8.9-0.11.el5.x86_64.rpm condor-vm-gahp-7.8.9-0.11.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: condor-7.8.9-0.11.el5.src.rpm i386: condor-7.8.9-0.11.el5.i386.rpm condor-classads-7.8.9-0.11.el5.i386.rpm condor-debuginfo-7.8.9-0.11.el5.i386.rpm condor-kbdd-7.8.9-0.11.el5.i386.rpm condor-qmf-7.8.9-0.11.el5.i386.rpm condor-vm-gahp-7.8.9-0.11.el5.i386.rpm x86_64: condor-7.8.9-0.11.el5.x86_64.rpm condor-classads-7.8.9-0.11.el5.x86_64.rpm condor-debuginfo-7.8.9-0.11.el5.x86_64.rpm condor-kbdd-7.8.9-0.11.el5.x86_64.rpm condor-qmf-7.8.9-0.11.el5.x86_64.rpm condor-vm-gahp-7.8.9-0.11.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8126 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUtDAYXlSAg2UNWIIRAh8LAKCF3BpUsAYQeBT56EVudos+QCQD1ACeO0Yg OoCVfyQ/XCeeAtyF0kwyYFk= =I2ce -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 13 22:55:00 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Jan 2015 22:55:00 +0000 Subject: [RHSA-2015:0042-01] Low: cloud-init security, bug fix, and enhancement update Message-ID: <201501132255.t0DMt0AV032684@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: cloud-init security, bug fix, and enhancement update Advisory ID: RHSA-2015:0042-01 Product: Red Hat Common Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0042.html Issue date: 2015-01-13 CVE Names: CVE-2013-2099 ===================================================================== 1. Summary: Updated cloud-init packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Common for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Common for RHEL Client (v. 6) - i386, noarch, x86_64 Red Hat Common for RHEL Compute Node (v. 6) - noarch, x86_64 Red Hat Common for RHEL Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Common for RHEL Workstation (v. 6) - i386, noarch, x86_64 3. Description: The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. (CVE-2013-2099) This issue was discovered by Florian Weimer of Red Hat Product Security. The cloud-init packages have been upgraded to upstream version 0.7.5, which provides a number of bug fixes and enhancements over the previous version. (BZ#1111709, BZ#1119334) All cloud-init users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 963260 - CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns 6. Package List: Red Hat Common for RHEL Client (v. 6): Source: python-backports-1.0-3.el6.src.rpm python-backports-ssl_match_hostname-3.4.0.2-1.el6.src.rpm python-six-1.6.1-1.el6.src.rpm python-urllib3-1.5-5.1.2.el6.src.rpm i386: python-backports-1.0-3.el6.i686.rpm noarch: python-backports-ssl_match_hostname-3.4.0.2-1.el6.noarch.rpm python-six-1.6.1-1.el6.noarch.rpm python-urllib3-1.5-5.1.2.el6.noarch.rpm x86_64: python-backports-1.0-3.el6.x86_64.rpm Red Hat Common for RHEL Compute Node (v. 6): Source: python-backports-1.0-3.el6.src.rpm python-backports-ssl_match_hostname-3.4.0.2-1.el6.src.rpm python-six-1.6.1-1.el6.src.rpm python-urllib3-1.5-5.1.2.el6.src.rpm noarch: python-backports-ssl_match_hostname-3.4.0.2-1.el6.noarch.rpm python-six-1.6.1-1.el6.noarch.rpm python-urllib3-1.5-5.1.2.el6.noarch.rpm x86_64: python-backports-1.0-3.el6.x86_64.rpm Red Hat Common for RHEL Server (v. 6): Source: cloud-init-0.7.5-1.el6.src.rpm python-backports-1.0-3.el6.src.rpm python-backports-ssl_match_hostname-3.4.0.2-1.el6.src.rpm python-boto-2.25.0-2.el6.src.rpm python-jsonpatch-1.2-2.el6.src.rpm python-jsonpointer-1.0-2.el6.src.rpm python-six-1.6.1-1.el6.src.rpm python-urllib3-1.5-5.1.2.el6.src.rpm i386: cloud-init-0.7.5-1.el6.i686.rpm python-backports-1.0-3.el6.i686.rpm noarch: python-backports-ssl_match_hostname-3.4.0.2-1.el6.noarch.rpm python-boto-2.25.0-2.el6.noarch.rpm python-jsonpatch-1.2-2.el6.noarch.rpm python-jsonpointer-1.0-2.el6.noarch.rpm python-six-1.6.1-1.el6.noarch.rpm python-urllib3-1.5-5.1.2.el6.noarch.rpm ppc64: python-backports-1.0-3.el6.ppc64.rpm s390x: python-backports-1.0-3.el6.s390x.rpm x86_64: cloud-init-0.7.5-1.el6.x86_64.rpm python-backports-1.0-3.el6.x86_64.rpm Red Hat Common for RHEL Workstation (v. 6): Source: python-backports-1.0-3.el6.src.rpm python-backports-ssl_match_hostname-3.4.0.2-1.el6.src.rpm python-six-1.6.1-1.el6.src.rpm python-urllib3-1.5-5.1.2.el6.src.rpm i386: python-backports-1.0-3.el6.i686.rpm noarch: python-backports-ssl_match_hostname-3.4.0.2-1.el6.noarch.rpm python-six-1.6.1-1.el6.noarch.rpm python-urllib3-1.5-5.1.2.el6.noarch.rpm x86_64: python-backports-1.0-3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2099 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUtaH/XlSAg2UNWIIRAgWWAJoD2Pbv7YzZ6ajx2ujKSJ/VfNeaHACggX2P TJU+JcnWNup0QesbQsz0OUA= =r2Mg -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 13 22:55:33 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Jan 2015 22:55:33 +0000 Subject: [RHSA-2015:0043-01] Important: kernel security and bug fix update Message-ID: <201501132255.t0DMtXtb000917@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0043-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0043.html Issue date: 2015-01-13 CVE Names: CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs: * When the Baseboard Management Controller (BMC) was reset, the settings for the ipmi_watchdog driver were not restored correctly causing error 80 to be returned. With this update, Intelligent Platform Management Interface (IPMI) is reset as expected in the described situation, and the error is no longer returned. (BZ#1109268) * Under certain conditions, XFS log flushes could exceed the kernel thread stack size. As a consequence, a kernel panic occurred on systems using XFS file systems. This update provides a patch that moves this code path to a work queue, and therefore the stack overflow no longer occurs. (BZ#1154086) * Due to a race condition, an attempt to unmount an XFS file system using the umount command could fail, causing the system to become unresponsive. The underlying source code has been modified to fix this bug, and the system no longer hangs in the described situation. (BZ#1158320) * Previously, the printk_ratelimited() function printed messages which were supposed to be suppressed, and failed to print messages that were supposed to be printed. This was caused by the incorrect usage of the __ratelimit() function. This bug has been fixed with this update, and now printk_ratelimit() behaves as expected. (BZ#1169401) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks 1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks 1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: kernel-2.6.32-358.55.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.55.1.el6.noarch.rpm kernel-firmware-2.6.32-358.55.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.55.1.el6.x86_64.rpm kernel-debug-2.6.32-358.55.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.55.1.el6.x86_64.rpm kernel-devel-2.6.32-358.55.1.el6.x86_64.rpm kernel-headers-2.6.32-358.55.1.el6.x86_64.rpm perf-2.6.32-358.55.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: kernel-2.6.32-358.55.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.55.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm python-perf-2.6.32-358.55.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: kernel-2.6.32-358.55.1.el6.src.rpm i386: kernel-2.6.32-358.55.1.el6.i686.rpm kernel-debug-2.6.32-358.55.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.55.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.55.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.55.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.55.1.el6.i686.rpm kernel-devel-2.6.32-358.55.1.el6.i686.rpm kernel-headers-2.6.32-358.55.1.el6.i686.rpm perf-2.6.32-358.55.1.el6.i686.rpm perf-debuginfo-2.6.32-358.55.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.55.1.el6.noarch.rpm kernel-firmware-2.6.32-358.55.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.55.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.55.1.el6.ppc64.rpm kernel-debug-2.6.32-358.55.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.55.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.55.1.el6.ppc64.rpm kernel-devel-2.6.32-358.55.1.el6.ppc64.rpm kernel-headers-2.6.32-358.55.1.el6.ppc64.rpm perf-2.6.32-358.55.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.55.1.el6.s390x.rpm kernel-debug-2.6.32-358.55.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.55.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.55.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.55.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.55.1.el6.s390x.rpm kernel-devel-2.6.32-358.55.1.el6.s390x.rpm kernel-headers-2.6.32-358.55.1.el6.s390x.rpm kernel-kdump-2.6.32-358.55.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.55.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.55.1.el6.s390x.rpm perf-2.6.32-358.55.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.55.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.55.1.el6.x86_64.rpm kernel-debug-2.6.32-358.55.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.55.1.el6.x86_64.rpm kernel-devel-2.6.32-358.55.1.el6.x86_64.rpm kernel-headers-2.6.32-358.55.1.el6.x86_64.rpm perf-2.6.32-358.55.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: kernel-2.6.32-358.55.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.55.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.55.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.55.1.el6.i686.rpm perf-debuginfo-2.6.32-358.55.1.el6.i686.rpm python-perf-2.6.32-358.55.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.55.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm python-perf-2.6.32-358.55.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.55.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.55.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.55.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.55.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.55.1.el6.s390x.rpm python-perf-2.6.32-358.55.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.55.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm python-perf-2.6.32-358.55.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.55.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3673 https://access.redhat.com/security/cve/CVE-2014-3687 https://access.redhat.com/security/cve/CVE-2014-3688 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUtaJZXlSAg2UNWIIRAhJ/AJ4utDSqSwd2RbPdAqdS2OTGKBcy7ACgvbLY k6SUc9WfzS7ZPvt+/N4Jv/Q= =3sG+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 13 22:56:08 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Jan 2015 22:56:08 +0000 Subject: [RHSA-2015:0044-01] Moderate: openstack-neutron security update Message-ID: <201501132256.t0DMu8OS030971@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security update Advisory ID: RHSA-2015:0044-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0044.html Issue date: 2015-01-13 CVE Names: CVE-2014-7821 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service. (CVE-2014-7821) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Henry Yamauchi, Charles Neill, and Michael Xin (Rackspace) as the original reporters. All openstack-neutron users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1163457 - CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-neutron-2013.2.4-6.el6ost.src.rpm noarch: openstack-neutron-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-bigswitch-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-brocade-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-cisco-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-hyperv-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-linuxbridge-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-mellanox-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-metaplugin-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-metering-agent-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-midonet-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-ml2-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-nec-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-nicira-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-openvswitch-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-plumgrid-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-ryu-2013.2.4-6.el6ost.noarch.rpm openstack-neutron-vpn-agent-2013.2.4-6.el6ost.noarch.rpm python-neutron-2013.2.4-6.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7821 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUtaJ2XlSAg2UNWIIRAi3GAJ9cjjdG2sXG6pNjCvdlaot2jNYf4QCeIDFl oDl5BE6XOLspktNGdWU2Xys= =gfuH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 13 22:56:31 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Jan 2015 22:56:31 +0000 Subject: [RHSA-2015:0045-01] Low: Red Hat Enterprise Linux OpenStack Platform 4.0 Pre-Retirement Notice Message-ID: <201501132256.t0DMuU6X031077@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux OpenStack Platform 4.0 Pre-Retirement Notice Advisory ID: RHSA-2015:0045-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0045.html Issue date: 2015-01-13 ===================================================================== 1. Summary: This is an early notification for the retirement of Red Hat Enterprise Linux OpenStack Platform 4.0. 2. Description: In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5-year life cycle of Production Support for the 4.0 version will end on June 19, 2015. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux OpenStack Platform version 4.0 after June 19, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to upgrade to the latest version of Red Hat Enterprise Linux OpenStack Platform as soon as possible. As of the End of Life date, this is expected to be the 6.0 version, based on the upstream Juno release, and will be supported for 3 years. In addition, the 5.0 version will continue to be in the Production Support phase until its End of Life on June 29, 2017. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux OpenStack Platform version. Details of the Red Hat Enterprise Linux OpenStack Platform life cycle can be found here: https://access.redhat.com/support/policy/updates/openstack/platform/ 3. Solution: Customers are encouraged to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to the latest version of Red Hat Enterprise Linux OpenStack Platform. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/openstack/platform/ https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/ 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUtaKVXlSAg2UNWIIRApt8AJ0W2KX7BvjDYWWDBNL1hUjvMViGKQCcDk9B 8ve+U+ukf/zeI2Sqb5Xr4k8= =0Na5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 13 23:44:46 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Jan 2015 23:44:46 +0000 Subject: [RHSA-2015:0046-01] Critical: firefox security and bug fix update Message-ID: <201501132344.t0DNilT0020171@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2015:0046-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0046.html Issue date: 2015-01-13 CVE Names: CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-8634, CVE-2014-8639, CVE-2014-8641) It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing (CORS) specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (XSRF) attack. (CVE-2014-8638) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Patrick McManus, Muneaki Nishimura, Xiaofeng Zheng, and Mitchell Harper as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.4.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bug: * The default dictionary for Firefox's spell checker is now correctly set to the system's locale language. (BZ#643954, BZ#1150572) All Firefox users should upgrade to these updated packages, which contain Firefox version 31.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 643954 - default spellchecker dictionary is not correct for firefox 1150572 - default spellchecker dictionary is not correct for firefox 1180962 - CVE-2014-8634 Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01) 1180966 - CVE-2014-8638 Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03) 1180967 - CVE-2014-8639 Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04) 1180973 - CVE-2014-8641 Mozilla: Read-after-free in WebRTC (MFSA 2015-06) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-31.4.0-1.el5_11.src.rpm i386: firefox-31.4.0-1.el5_11.i386.rpm firefox-debuginfo-31.4.0-1.el5_11.i386.rpm x86_64: firefox-31.4.0-1.el5_11.i386.rpm firefox-31.4.0-1.el5_11.x86_64.rpm firefox-debuginfo-31.4.0-1.el5_11.i386.rpm firefox-debuginfo-31.4.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-31.4.0-1.el5_11.src.rpm i386: firefox-31.4.0-1.el5_11.i386.rpm firefox-debuginfo-31.4.0-1.el5_11.i386.rpm ia64: firefox-31.4.0-1.el5_11.ia64.rpm firefox-debuginfo-31.4.0-1.el5_11.ia64.rpm ppc: firefox-31.4.0-1.el5_11.ppc.rpm firefox-debuginfo-31.4.0-1.el5_11.ppc.rpm s390x: firefox-31.4.0-1.el5_11.s390.rpm firefox-31.4.0-1.el5_11.s390x.rpm firefox-debuginfo-31.4.0-1.el5_11.s390.rpm firefox-debuginfo-31.4.0-1.el5_11.s390x.rpm x86_64: firefox-31.4.0-1.el5_11.i386.rpm firefox-31.4.0-1.el5_11.x86_64.rpm firefox-debuginfo-31.4.0-1.el5_11.i386.rpm firefox-debuginfo-31.4.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-31.4.0-1.el6_6.src.rpm i386: firefox-31.4.0-1.el6_6.i686.rpm firefox-debuginfo-31.4.0-1.el6_6.i686.rpm x86_64: firefox-31.4.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.4.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-31.4.0-1.el6_6.i686.rpm firefox-debuginfo-31.4.0-1.el6_6.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-31.4.0-1.el6_6.src.rpm x86_64: firefox-31.4.0-1.el6_6.i686.rpm firefox-31.4.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.4.0-1.el6_6.i686.rpm firefox-debuginfo-31.4.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-31.4.0-1.el6_6.src.rpm i386: firefox-31.4.0-1.el6_6.i686.rpm firefox-debuginfo-31.4.0-1.el6_6.i686.rpm ppc64: firefox-31.4.0-1.el6_6.ppc64.rpm firefox-debuginfo-31.4.0-1.el6_6.ppc64.rpm s390x: firefox-31.4.0-1.el6_6.s390x.rpm firefox-debuginfo-31.4.0-1.el6_6.s390x.rpm x86_64: firefox-31.4.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.4.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-31.4.0-1.el6_6.ppc.rpm firefox-debuginfo-31.4.0-1.el6_6.ppc.rpm s390x: firefox-31.4.0-1.el6_6.s390.rpm firefox-debuginfo-31.4.0-1.el6_6.s390.rpm x86_64: firefox-31.4.0-1.el6_6.i686.rpm firefox-debuginfo-31.4.0-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-31.4.0-1.el6_6.src.rpm i386: firefox-31.4.0-1.el6_6.i686.rpm firefox-debuginfo-31.4.0-1.el6_6.i686.rpm x86_64: firefox-31.4.0-1.el6_6.x86_64.rpm firefox-debuginfo-31.4.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-31.4.0-1.el6_6.i686.rpm firefox-debuginfo-31.4.0-1.el6_6.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-31.4.0-1.el7_0.src.rpm xulrunner-31.4.0-1.el7_0.src.rpm x86_64: firefox-31.4.0-1.el7_0.x86_64.rpm firefox-debuginfo-31.4.0-1.el7_0.x86_64.rpm xulrunner-31.4.0-1.el7_0.i686.rpm xulrunner-31.4.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-31.4.0-1.el7_0.i686.rpm firefox-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.x86_64.rpm xulrunner-devel-31.4.0-1.el7_0.i686.rpm xulrunner-devel-31.4.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xulrunner-31.4.0-1.el7_0.src.rpm x86_64: xulrunner-31.4.0-1.el7_0.i686.rpm xulrunner-31.4.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.x86_64.rpm xulrunner-devel-31.4.0-1.el7_0.i686.rpm xulrunner-devel-31.4.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-31.4.0-1.el7_0.src.rpm xulrunner-31.4.0-1.el7_0.src.rpm ppc64: firefox-31.4.0-1.el7_0.ppc64.rpm firefox-debuginfo-31.4.0-1.el7_0.ppc64.rpm xulrunner-31.4.0-1.el7_0.ppc.rpm xulrunner-31.4.0-1.el7_0.ppc64.rpm xulrunner-debuginfo-31.4.0-1.el7_0.ppc.rpm xulrunner-debuginfo-31.4.0-1.el7_0.ppc64.rpm s390x: firefox-31.4.0-1.el7_0.s390x.rpm firefox-debuginfo-31.4.0-1.el7_0.s390x.rpm x86_64: firefox-31.4.0-1.el7_0.x86_64.rpm firefox-debuginfo-31.4.0-1.el7_0.x86_64.rpm xulrunner-31.4.0-1.el7_0.i686.rpm xulrunner-31.4.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: xulrunner-31.4.0-1.el7_0.src.rpm ppc64: firefox-31.4.0-1.el7_0.ppc.rpm firefox-debuginfo-31.4.0-1.el7_0.ppc.rpm xulrunner-debuginfo-31.4.0-1.el7_0.ppc.rpm xulrunner-debuginfo-31.4.0-1.el7_0.ppc64.rpm xulrunner-devel-31.4.0-1.el7_0.ppc.rpm xulrunner-devel-31.4.0-1.el7_0.ppc64.rpm s390x: firefox-31.4.0-1.el7_0.s390.rpm firefox-debuginfo-31.4.0-1.el7_0.s390.rpm xulrunner-31.4.0-1.el7_0.s390.rpm xulrunner-31.4.0-1.el7_0.s390x.rpm xulrunner-debuginfo-31.4.0-1.el7_0.s390.rpm xulrunner-debuginfo-31.4.0-1.el7_0.s390x.rpm xulrunner-devel-31.4.0-1.el7_0.s390.rpm xulrunner-devel-31.4.0-1.el7_0.s390x.rpm x86_64: firefox-31.4.0-1.el7_0.i686.rpm firefox-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.x86_64.rpm xulrunner-devel-31.4.0-1.el7_0.i686.rpm xulrunner-devel-31.4.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-31.4.0-1.el7_0.src.rpm xulrunner-31.4.0-1.el7_0.src.rpm x86_64: firefox-31.4.0-1.el7_0.x86_64.rpm firefox-debuginfo-31.4.0-1.el7_0.x86_64.rpm xulrunner-31.4.0-1.el7_0.i686.rpm xulrunner-31.4.0-1.el7_0.x86_64.rpm xulrunner-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-31.4.0-1.el7_0.i686.rpm firefox-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.i686.rpm xulrunner-debuginfo-31.4.0-1.el7_0.x86_64.rpm xulrunner-devel-31.4.0-1.el7_0.i686.rpm xulrunner-devel-31.4.0-1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8634 https://access.redhat.com/security/cve/CVE-2014-8638 https://access.redhat.com/security/cve/CVE-2014-8639 https://access.redhat.com/security/cve/CVE-2014-8641 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUta3MXlSAg2UNWIIRAqqEAJ4+b0/A7whfHiCT8wOyYjxAw3T6agCfdZsj 8O1WAbxZuJLB0aDz9h3232w= =FtVP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 13 23:45:34 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Jan 2015 23:45:34 +0000 Subject: [RHSA-2015:0047-01] Important: thunderbird security update Message-ID: <201501132345.t0DNjYct020440@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2015:0047-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0047.html Issue date: 2015-01-13 CVE Names: CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 ===================================================================== 1. Summary: An updated thunderbird package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-8634, CVE-2014-8639) It was found that the Beacon interface implementation in Thunderbird did not follow the Cross-Origin Resource Sharing (CORS) specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (XSRF) attack. (CVE-2014-8638) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Patrick McManus, Muneaki Nishimura, and Xiaofeng Zheng as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.4.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.4.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1180962 - CVE-2014-8634 Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01) 1180966 - CVE-2014-8638 Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03) 1180967 - CVE-2014-8639 Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-31.4.0-1.el5_11.src.rpm i386: thunderbird-31.4.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.4.0-1.el5_11.i386.rpm x86_64: thunderbird-31.4.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.4.0-1.el5_11.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: thunderbird-31.4.0-1.el5_11.src.rpm i386: thunderbird-31.4.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.4.0-1.el5_11.i386.rpm x86_64: thunderbird-31.4.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.4.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-31.4.0-1.el6_6.src.rpm i386: thunderbird-31.4.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.4.0-1.el6_6.i686.rpm x86_64: thunderbird-31.4.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.4.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-31.4.0-1.el6_6.src.rpm i386: thunderbird-31.4.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.4.0-1.el6_6.i686.rpm ppc64: thunderbird-31.4.0-1.el6_6.ppc64.rpm thunderbird-debuginfo-31.4.0-1.el6_6.ppc64.rpm s390x: thunderbird-31.4.0-1.el6_6.s390x.rpm thunderbird-debuginfo-31.4.0-1.el6_6.s390x.rpm x86_64: thunderbird-31.4.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.4.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-31.4.0-1.el6_6.src.rpm i386: thunderbird-31.4.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.4.0-1.el6_6.i686.rpm x86_64: thunderbird-31.4.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.4.0-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8634 https://access.redhat.com/security/cve/CVE-2014-8638 https://access.redhat.com/security/cve/CVE-2014-8639 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird31.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUta4LXlSAg2UNWIIRApzJAJ901BYMN26GjSgd63++m72SG380xgCeJnoS IGSx2mfRemTA/eTOqYk4sbU= =tuQ2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 14 20:28:14 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Jan 2015 20:28:14 +0000 Subject: [RHSA-2015:0052-01] Critical: flash-plugin security update Message-ID: <201501142028.t0EKSE9n005941@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:0052-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0052.html Issue date: 2015-01-14 CVE Names: CVE-2015-0301 CVE-2015-0302 CVE-2015-0303 CVE-2015-0304 CVE-2015-0305 CVE-2015-0306 CVE-2015-0307 CVE-2015-0308 CVE-2015-0309 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-01, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0303, CVE-2015-0306, CVE-2015-0304, CVE-2015-0309, CVE-2015-0305, CVE-2015-0308) This update also fixes multiple information disclosure flaws in flash-plugin. (CVE-2015-0301, CVE-2015-0302, CVE-2015-0307) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.429. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1181903 - CVE-2015-0303 CVE-2015-0306 CVE-2015-0304 CVE-2015-0309 CVE-2015-0305 CVE-2015-0308 flash-plugin: Multiple code-execution flaws (APSB15-01) 1181909 - CVE-2015-0301 CVE-2015-0302 CVE-2015-0307 flash-plugin: Information disclosure via various methods (APSB15-01) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.429-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.429-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.429-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.429-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.429-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.429-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.429-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.429-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.429-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.429-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0301 https://access.redhat.com/security/cve/CVE-2015-0302 https://access.redhat.com/security/cve/CVE-2015-0303 https://access.redhat.com/security/cve/CVE-2015-0304 https://access.redhat.com/security/cve/CVE-2015-0305 https://access.redhat.com/security/cve/CVE-2015-0306 https://access.redhat.com/security/cve/CVE-2015-0307 https://access.redhat.com/security/cve/CVE-2015-0308 https://access.redhat.com/security/cve/CVE-2015-0309 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-01.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUttFMXlSAg2UNWIIRAiVoAJwLqivuUq0OowsqXdh4/yKQTSVEGwCgjsTX 184Uc4WBUliIJ2nt+9H/bDY= =OQFJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 21 16:53:47 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Jan 2015 16:53:47 +0000 Subject: [RHSA-2015:0062-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201501211653.t0LGrlnW012569@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2015:0062-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0062.html Issue date: 2015-01-20 CVE Names: CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-4608 CVE-2014-5045 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. This update also fixes several bugs and adds one enhancement. Documentation for these changes is available from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1113899 - CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow 1122472 - CVE-2014-5045 kernel: vfs: refcount issues during unmount on symlink 1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks 1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks 1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: kernel-2.6.32-431.46.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.46.2.el6.noarch.rpm kernel-doc-2.6.32-431.46.2.el6.noarch.rpm kernel-firmware-2.6.32-431.46.2.el6.noarch.rpm x86_64: kernel-2.6.32-431.46.2.el6.x86_64.rpm kernel-debug-2.6.32-431.46.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.46.2.el6.x86_64.rpm kernel-devel-2.6.32-431.46.2.el6.x86_64.rpm kernel-headers-2.6.32-431.46.2.el6.x86_64.rpm perf-2.6.32-431.46.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: kernel-2.6.32-431.46.2.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.46.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm python-perf-2.6.32-431.46.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: kernel-2.6.32-431.46.2.el6.src.rpm i386: kernel-2.6.32-431.46.2.el6.i686.rpm kernel-debug-2.6.32-431.46.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.46.2.el6.i686.rpm kernel-debug-devel-2.6.32-431.46.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.46.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.46.2.el6.i686.rpm kernel-devel-2.6.32-431.46.2.el6.i686.rpm kernel-headers-2.6.32-431.46.2.el6.i686.rpm perf-2.6.32-431.46.2.el6.i686.rpm perf-debuginfo-2.6.32-431.46.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.46.2.el6.noarch.rpm kernel-doc-2.6.32-431.46.2.el6.noarch.rpm kernel-firmware-2.6.32-431.46.2.el6.noarch.rpm ppc64: kernel-2.6.32-431.46.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.46.2.el6.ppc64.rpm kernel-debug-2.6.32-431.46.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.46.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.46.2.el6.ppc64.rpm kernel-devel-2.6.32-431.46.2.el6.ppc64.rpm kernel-headers-2.6.32-431.46.2.el6.ppc64.rpm perf-2.6.32-431.46.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm s390x: kernel-2.6.32-431.46.2.el6.s390x.rpm kernel-debug-2.6.32-431.46.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.46.2.el6.s390x.rpm kernel-debug-devel-2.6.32-431.46.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.46.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.46.2.el6.s390x.rpm kernel-devel-2.6.32-431.46.2.el6.s390x.rpm kernel-headers-2.6.32-431.46.2.el6.s390x.rpm kernel-kdump-2.6.32-431.46.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.46.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.46.2.el6.s390x.rpm perf-2.6.32-431.46.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.46.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.s390x.rpm x86_64: kernel-2.6.32-431.46.2.el6.x86_64.rpm kernel-debug-2.6.32-431.46.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.46.2.el6.x86_64.rpm kernel-devel-2.6.32-431.46.2.el6.x86_64.rpm kernel-headers-2.6.32-431.46.2.el6.x86_64.rpm perf-2.6.32-431.46.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: kernel-2.6.32-431.46.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.46.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.46.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.46.2.el6.i686.rpm perf-debuginfo-2.6.32-431.46.2.el6.i686.rpm python-perf-2.6.32-431.46.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.46.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm python-perf-2.6.32-431.46.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.46.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.46.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.46.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.46.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.46.2.el6.s390x.rpm python-perf-2.6.32-431.46.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.46.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm python-perf-2.6.32-431.46.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.46.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3673 https://access.redhat.com/security/cve/CVE-2014-3687 https://access.redhat.com/security/cve/CVE-2014-3688 https://access.redhat.com/security/cve/CVE-2014-4608 https://access.redhat.com/security/cve/CVE-2014-5045 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUv9luXlSAg2UNWIIRAr1lAJ9xTVsfAVNvetOGBZgYPw4gRw8PJgCbB3/6 BWbvr4QSp5bITDqfC/0B3Ng= =9QzL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 21 17:05:20 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Jan 2015 17:05:20 +0000 Subject: [RHSA-2015:0068-01] Important: java-1.7.0-openjdk security update Message-ID: <201501211705.t0LH5KW5020015@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:0068-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0068.html Issue date: 2015-01-20 CVE Names: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUv9wqXlSAg2UNWIIRAhGJAJ0bv6fbD1UCFloaBjVSTJJdEifnlACfZSqo wpd1lbF9uovd6s6xNF2n5iE= =n3ra -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 21 23:06:58 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Jan 2015 23:06:58 +0000 Subject: [RHSA-2015:0066-01] Moderate: openssl security update Message-ID: <201501212306.t0LN6xG7024484@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571) A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206) It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570) It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572) It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205) All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-30.el6_6.5.src.rpm i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-30.el6_6.5.src.rpm x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-30.el6_6.5.src.rpm i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-30.el6_6.5.src.rpm i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-34.el7_0.7.src.rpm x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-34.el7_0.7.src.rpm x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-34.el7_0.7.src.rpm ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-34.el7_0.7.src.rpm x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 21 23:16:24 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Jan 2015 23:16:24 +0000 Subject: [RHSA-2015:0067-01] Critical: java-1.7.0-openjdk security update Message-ID: <201501212316.t0LNGOoM003982@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:0067-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0067.html Issue date: 2015-01-21 CVE Names: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.src.rpm i386: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el6_6.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el6_6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.src.rpm i386: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el6_6.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el6_6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.src.rpm i386: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el6_6.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el6_6.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.el6_6.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.2.el7_0.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.2.el7_0.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm s390x: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.2.el7_0.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.75-2.5.4.2.el7_0.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.2.el7_0.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.2.el7_0.ppc64.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.75-2.5.4.2.el7_0.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.2.el7_0.s390x.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.2.el7_0.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.2.el7_0.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.75-2.5.4.2.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/updates/classification/#critical https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwDLdXlSAg2UNWIIRAvITAJwNYQcKMQzMcUxd8kN51Ur4EaIwZACfa3pb CKtb1wylDFTrIMgCbaIMeCc= =QHW4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 21 23:18:59 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Jan 2015 23:18:59 +0000 Subject: [RHSA-2015:0069-01] Important: java-1.8.0-openjdk security update Message-ID: <201501212319.t0LNIxSc001309@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2015:0069-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0069.html Issue date: 2015-01-21 CVE Names: CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0437 ===================================================================== 1. Summary: Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-6601, CVE-2015-0437) Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183660 - CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314) 1183670 - CVE-2015-0437 OpenJDK: code generation issue (Hotspot, 8064524) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm i386: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm i386: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm i386: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.i686.rpm java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6549 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/cve/CVE-2015-0437 https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwDPEXlSAg2UNWIIRAv+XAJ9+Pp5RagMJjI5RABzSN1YvwUEcjwCeO1pA yahYGV3My67xuO8tkqe9sNc= =lohj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 22 21:53:28 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Jan 2015 21:53:28 +0000 Subject: [RHSA-2015:0074-01] Important: jasper security update Message-ID: <201501222153.t0MLrTud021881@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: jasper security update Advisory ID: RHSA-2015:0074-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0074.html Issue date: 2015-01-22 CVE Names: CVE-2014-8157 CVE-2014-8158 ===================================================================== 1. Summary: Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges pyddeh as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1179282 - CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001) 1179298 - CVE-2014-8158 jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm i386: jasper-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-utils-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm i386: jasper-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm ppc64: jasper-1.900.1-16.el6_6.3.ppc64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.3.ppc64.rpm jasper-libs-1.900.1-16.el6_6.3.ppc.rpm jasper-libs-1.900.1-16.el6_6.3.ppc64.rpm s390x: jasper-1.900.1-16.el6_6.3.s390x.rpm jasper-debuginfo-1.900.1-16.el6_6.3.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.3.s390x.rpm jasper-libs-1.900.1-16.el6_6.3.s390.rpm jasper-libs-1.900.1-16.el6_6.3.s390x.rpm x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-utils-1.900.1-16.el6_6.3.i686.rpm ppc64: jasper-debuginfo-1.900.1-16.el6_6.3.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.3.ppc64.rpm jasper-devel-1.900.1-16.el6_6.3.ppc.rpm jasper-devel-1.900.1-16.el6_6.3.ppc64.rpm jasper-utils-1.900.1-16.el6_6.3.ppc64.rpm s390x: jasper-debuginfo-1.900.1-16.el6_6.3.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.3.s390x.rpm jasper-devel-1.900.1-16.el6_6.3.s390.rpm jasper-devel-1.900.1-16.el6_6.3.s390x.rpm jasper-utils-1.900.1-16.el6_6.3.s390x.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm i386: jasper-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-utils-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm ppc64: jasper-debuginfo-1.900.1-26.el7_0.3.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.3.ppc64.rpm jasper-libs-1.900.1-26.el7_0.3.ppc.rpm jasper-libs-1.900.1-26.el7_0.3.ppc64.rpm s390x: jasper-debuginfo-1.900.1-26.el7_0.3.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.3.s390x.rpm jasper-libs-1.900.1-26.el7_0.3.s390.rpm jasper-libs-1.900.1-26.el7_0.3.s390x.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: jasper-1.900.1-26.el7_0.3.ppc64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.3.ppc64.rpm jasper-devel-1.900.1-26.el7_0.3.ppc.rpm jasper-devel-1.900.1-26.el7_0.3.ppc64.rpm jasper-utils-1.900.1-26.el7_0.3.ppc64.rpm s390x: jasper-1.900.1-26.el7_0.3.s390x.rpm jasper-debuginfo-1.900.1-26.el7_0.3.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.3.s390x.rpm jasper-devel-1.900.1-26.el7_0.3.s390.rpm jasper-devel-1.900.1-26.el7_0.3.s390x.rpm jasper-utils-1.900.1-26.el7_0.3.s390x.rpm x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8157 https://access.redhat.com/security/cve/CVE-2014-8158 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwXEjXlSAg2UNWIIRArTTAJ9ycpsnuqSa6BKYuq1wupLgmeGz4gCgu01+ Hz2qV+NpUYNco6PpQoJfxZI= =zHd5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 22 21:55:04 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Jan 2015 21:55:04 +0000 Subject: [RHSA-2015:0079-01] Critical: java-1.7.0-oracle security update Message-ID: <201501222155.t0MLt4sZ014587@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2015:0079-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0079.html Issue date: 2015-01-22 CVE Names: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184278 - CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/cve/CVE-2015-0413 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwXGGXlSAg2UNWIIRAiEzAKCUzHBJSR0h5fzNRRGR3Er/ReR9BgCdFoMD DlOFtOkpjBsWlvgOJtawTDU= =JlUw -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 22 21:56:01 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Jan 2015 21:56:01 +0000 Subject: [RHSA-2015:0080-01] Critical: java-1.8.0-oracle security update Message-ID: <201501222156.t0MLu1ux022888@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2015:0080-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0080.html Issue date: 2015-01-22 CVE Names: CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 CVE-2015-0421 CVE-2015-0437 ===================================================================== 1. Summary: Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 31 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183660 - CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314) 1183670 - CVE-2015-0437 OpenJDK: code generation issue (Hotspot, 8064524) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184276 - CVE-2015-0421 Oracle JDK: unspecified vulnerability fixed in 8u31 (Install) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184278 - CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.31-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.31-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.31-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.31-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.31-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.8.0-oracle-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.31-1jpp.1.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.31-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.31-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.31-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6549 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/cve/CVE-2015-0413 https://access.redhat.com/security/cve/CVE-2015-0421 https://access.redhat.com/security/cve/CVE-2015-0437 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwXHKXlSAg2UNWIIRAtD3AJkBC8Kgzy8XJJxnCZ0UBuqloziJEgCgpd9B zLHUSRTbf607gT2BazmL7Ek= =mY0R -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 26 18:40:42 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 26 Jan 2015 18:40:42 +0000 Subject: [RHSA-2015:0085-01] Important: java-1.6.0-openjdk security update Message-ID: <201501261840.t0QIeg6M016357@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2015:0085-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0085.html Issue date: 2015-01-26 CVE Names: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.src.rpm i386: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el7_0.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el7_0.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el7_0.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el7_0.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el7_0.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el7_0.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el7_0.s390x.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el7_0.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUxoikXlSAg2UNWIIRAtveAJkBIGMryPUZPWXcj32TyREuic5EHACdHl44 DgMBIZO4w7NRL+WYlkXeJdQ= =86e1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 26 18:47:12 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 26 Jan 2015 18:47:12 +0000 Subject: [RHSA-2015:0086-01] Important: java-1.6.0-sun security update Message-ID: <201501261847.t0QIlC23001877@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-sun security update Advisory ID: RHSA-2015:0086-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0086.html Issue date: 2015-01-26 CVE Names: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 91 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.6.0-sun-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): Source: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.src.rpm x86_64: java-1.6.0-sun-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.91-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.91-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUxot8XlSAg2UNWIIRApegAJ0Zz0eUuE0wiCdCz+vlvfH1cLMonwCgw/7q HTyBUm201vKuYb5HZU7+jts= =6CRF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 27 17:06:24 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Jan 2015 17:06:24 +0000 Subject: [RHSA-2015:0090-01] Critical: glibc security update Message-ID: <201501271706.t0RH6OMb023326@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0090-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0090.html Issue date: 2015-01-27 CVE Names: CVE-2015-0235 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: glibc-2.5-123.el5_11.1.src.rpm i386: glibc-2.5-123.el5_11.1.i386.rpm glibc-2.5-123.el5_11.1.i686.rpm glibc-common-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-headers-2.5-123.el5_11.1.i386.rpm glibc-utils-2.5-123.el5_11.1.i386.rpm nscd-2.5-123.el5_11.1.i386.rpm x86_64: glibc-2.5-123.el5_11.1.i686.rpm glibc-2.5-123.el5_11.1.x86_64.rpm glibc-common-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.x86_64.rpm glibc-headers-2.5-123.el5_11.1.x86_64.rpm glibc-utils-2.5-123.el5_11.1.x86_64.rpm nscd-2.5-123.el5_11.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: glibc-2.5-123.el5_11.1.src.rpm i386: glibc-2.5-123.el5_11.1.i386.rpm glibc-2.5-123.el5_11.1.i686.rpm glibc-common-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-headers-2.5-123.el5_11.1.i386.rpm glibc-utils-2.5-123.el5_11.1.i386.rpm nscd-2.5-123.el5_11.1.i386.rpm ia64: glibc-2.5-123.el5_11.1.i686.rpm glibc-2.5-123.el5_11.1.ia64.rpm glibc-common-2.5-123.el5_11.1.ia64.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-2.5-123.el5_11.1.ia64.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.ia64.rpm glibc-headers-2.5-123.el5_11.1.ia64.rpm glibc-utils-2.5-123.el5_11.1.ia64.rpm nscd-2.5-123.el5_11.1.ia64.rpm ppc: glibc-2.5-123.el5_11.1.ppc.rpm glibc-2.5-123.el5_11.1.ppc64.rpm glibc-common-2.5-123.el5_11.1.ppc.rpm glibc-debuginfo-2.5-123.el5_11.1.ppc.rpm glibc-debuginfo-2.5-123.el5_11.1.ppc64.rpm glibc-devel-2.5-123.el5_11.1.ppc.rpm glibc-devel-2.5-123.el5_11.1.ppc64.rpm glibc-headers-2.5-123.el5_11.1.ppc.rpm glibc-utils-2.5-123.el5_11.1.ppc.rpm nscd-2.5-123.el5_11.1.ppc.rpm s390x: glibc-2.5-123.el5_11.1.s390.rpm glibc-2.5-123.el5_11.1.s390x.rpm glibc-common-2.5-123.el5_11.1.s390x.rpm glibc-debuginfo-2.5-123.el5_11.1.s390.rpm glibc-debuginfo-2.5-123.el5_11.1.s390x.rpm glibc-devel-2.5-123.el5_11.1.s390.rpm glibc-devel-2.5-123.el5_11.1.s390x.rpm glibc-headers-2.5-123.el5_11.1.s390x.rpm glibc-utils-2.5-123.el5_11.1.s390x.rpm nscd-2.5-123.el5_11.1.s390x.rpm x86_64: glibc-2.5-123.el5_11.1.i686.rpm glibc-2.5-123.el5_11.1.x86_64.rpm glibc-common-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.x86_64.rpm glibc-headers-2.5-123.el5_11.1.x86_64.rpm glibc-utils-2.5-123.el5_11.1.x86_64.rpm nscd-2.5-123.el5_11.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUx8U6XlSAg2UNWIIRAoItAJ0aDoP9DLGMw9Uv9JZ/s3p8R30o8ACgg2Gf fnI6Bar16s9i0KKlJ6gkJs4= =WEdr -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 27 18:20:48 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Jan 2015 18:20:48 +0000 Subject: [RHSA-2015:0092-01] Critical: glibc security update Message-ID: <201501271820.t0RIKnkx023682@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0092-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0092.html Issue date: 2015-01-27 CVE Names: CVE-2015-0235 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm ppc64: glibc-2.12-1.149.el6_6.5.ppc.rpm glibc-2.12-1.149.el6_6.5.ppc64.rpm glibc-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-devel-2.12-1.149.el6_6.5.ppc.rpm glibc-devel-2.12-1.149.el6_6.5.ppc64.rpm glibc-headers-2.12-1.149.el6_6.5.ppc64.rpm glibc-utils-2.12-1.149.el6_6.5.ppc64.rpm nscd-2.12-1.149.el6_6.5.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.5.s390.rpm glibc-2.12-1.149.el6_6.5.s390x.rpm glibc-common-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-devel-2.12-1.149.el6_6.5.s390.rpm glibc-devel-2.12-1.149.el6_6.5.s390x.rpm glibc-headers-2.12-1.149.el6_6.5.s390x.rpm glibc-utils-2.12-1.149.el6_6.5.s390x.rpm nscd-2.12-1.149.el6_6.5.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-static-2.12-1.149.el6_6.5.ppc.rpm glibc-static-2.12-1.149.el6_6.5.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-static-2.12-1.149.el6_6.5.s390.rpm glibc-static-2.12-1.149.el6_6.5.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm ppc64: glibc-2.17-55.el7_0.5.ppc.rpm glibc-2.17-55.el7_0.5.ppc64.rpm glibc-common-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-devel-2.17-55.el7_0.5.ppc.rpm glibc-devel-2.17-55.el7_0.5.ppc64.rpm glibc-headers-2.17-55.el7_0.5.ppc64.rpm glibc-utils-2.17-55.el7_0.5.ppc64.rpm nscd-2.17-55.el7_0.5.ppc64.rpm s390x: glibc-2.17-55.el7_0.5.s390.rpm glibc-2.17-55.el7_0.5.s390x.rpm glibc-common-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-devel-2.17-55.el7_0.5.s390.rpm glibc-devel-2.17-55.el7_0.5.s390x.rpm glibc-headers-2.17-55.el7_0.5.s390x.rpm glibc-utils-2.17-55.el7_0.5.s390x.rpm nscd-2.17-55.el7_0.5.s390x.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-static-2.17-55.el7_0.5.ppc.rpm glibc-static-2.17-55.el7_0.5.ppc64.rpm s390x: glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-static-2.17-55.el7_0.5.s390.rpm glibc-static-2.17-55.el7_0.5.s390x.rpm x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUx9bmXlSAg2UNWIIRAjP4AJ9/EPFLyhSuapG8Lie71zPk6VaF8wCfVAw2 VIBda0hF+i0zAuST73ezXzI= =w5UI -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 27 20:36:50 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Jan 2015 20:36:50 +0000 Subject: [RHSA-2015:0087-01] Important: kernel security and bug fix update Message-ID: <201501272036.t0RKaoL1019043@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0087-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0087.html Issue date: 2015-01-27 CVE Names: CVE-2014-4656 CVE-2014-7841 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4656, Moderate) The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1113470 - CVE-2014-4656 Kernel: ALSA: control: integer overflow in id.index & id.numid 1163087 - CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-504.8.1.el6.src.rpm i386: kernel-2.6.32-504.8.1.el6.i686.rpm kernel-debug-2.6.32-504.8.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.8.1.el6.i686.rpm kernel-devel-2.6.32-504.8.1.el6.i686.rpm kernel-headers-2.6.32-504.8.1.el6.i686.rpm perf-2.6.32-504.8.1.el6.i686.rpm perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.8.1.el6.noarch.rpm kernel-doc-2.6.32-504.8.1.el6.noarch.rpm kernel-firmware-2.6.32-504.8.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm kernel-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-headers-2.6.32-504.8.1.el6.x86_64.rpm perf-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.8.1.el6.i686.rpm perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm python-perf-2.6.32-504.8.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-504.8.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.8.1.el6.noarch.rpm kernel-doc-2.6.32-504.8.1.el6.noarch.rpm kernel-firmware-2.6.32-504.8.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm kernel-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-headers-2.6.32-504.8.1.el6.x86_64.rpm perf-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-504.8.1.el6.src.rpm i386: kernel-2.6.32-504.8.1.el6.i686.rpm kernel-debug-2.6.32-504.8.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.8.1.el6.i686.rpm kernel-devel-2.6.32-504.8.1.el6.i686.rpm kernel-headers-2.6.32-504.8.1.el6.i686.rpm perf-2.6.32-504.8.1.el6.i686.rpm perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.8.1.el6.noarch.rpm kernel-doc-2.6.32-504.8.1.el6.noarch.rpm kernel-firmware-2.6.32-504.8.1.el6.noarch.rpm ppc64: kernel-2.6.32-504.8.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.8.1.el6.ppc64.rpm kernel-debug-2.6.32-504.8.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.8.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.8.1.el6.ppc64.rpm kernel-devel-2.6.32-504.8.1.el6.ppc64.rpm kernel-headers-2.6.32-504.8.1.el6.ppc64.rpm perf-2.6.32-504.8.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm s390x: kernel-2.6.32-504.8.1.el6.s390x.rpm kernel-debug-2.6.32-504.8.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.s390x.rpm kernel-debug-devel-2.6.32-504.8.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.8.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.8.1.el6.s390x.rpm kernel-devel-2.6.32-504.8.1.el6.s390x.rpm kernel-headers-2.6.32-504.8.1.el6.s390x.rpm kernel-kdump-2.6.32-504.8.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.8.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.8.1.el6.s390x.rpm perf-2.6.32-504.8.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.8.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.s390x.rpm x86_64: kernel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm kernel-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-headers-2.6.32-504.8.1.el6.x86_64.rpm perf-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.8.1.el6.i686.rpm perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm python-perf-2.6.32-504.8.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.8.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm python-perf-2.6.32-504.8.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.8.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.8.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.8.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.8.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.8.1.el6.s390x.rpm python-perf-2.6.32-504.8.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-504.8.1.el6.src.rpm i386: kernel-2.6.32-504.8.1.el6.i686.rpm kernel-debug-2.6.32-504.8.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.8.1.el6.i686.rpm kernel-devel-2.6.32-504.8.1.el6.i686.rpm kernel-headers-2.6.32-504.8.1.el6.i686.rpm perf-2.6.32-504.8.1.el6.i686.rpm perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.8.1.el6.noarch.rpm kernel-doc-2.6.32-504.8.1.el6.noarch.rpm kernel-firmware-2.6.32-504.8.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm kernel-devel-2.6.32-504.8.1.el6.x86_64.rpm kernel-headers-2.6.32-504.8.1.el6.x86_64.rpm perf-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.8.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.8.1.el6.i686.rpm perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm python-perf-2.6.32-504.8.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.8.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm python-perf-2.6.32-504.8.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.8.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4656 https://access.redhat.com/security/cve/CVE-2014-7841 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUx/bDXlSAg2UNWIIRAmN5AKCEijXzCovjO9BPzuSv+m/aqXursgCguzHE tFCKIiK8ZXPzKLZZdnNeNVo= =urfC -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 27 20:39:23 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Jan 2015 20:39:23 +0000 Subject: [RHSA-2015:0093-01] Important: chromium-browser security update Message-ID: <201501272039.t0RKdNkE005187@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2015:0093-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0093.html Issue date: 2015-01-27 CVE Names: CVE-2014-7923 CVE-2014-7924 CVE-2014-7925 CVE-2014-7926 CVE-2014-7927 CVE-2014-7928 CVE-2014-7929 CVE-2014-7930 CVE-2014-7931 CVE-2014-7932 CVE-2014-7933 CVE-2014-7934 CVE-2014-7935 CVE-2014-7936 CVE-2014-7937 CVE-2014-7938 CVE-2014-7939 CVE-2014-7940 CVE-2014-7941 CVE-2014-7942 CVE-2014-7943 CVE-2014-7944 CVE-2014-7945 CVE-2014-7946 CVE-2014-7947 CVE-2014-7948 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933, CVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937, CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941, CVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945, CVE-2014-7946, CVE-2014-7947, CVE-2014-7948) All Chromium users should upgrade to these updated packages, which contain Chromium version 40.0.2214.91, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185202 - CVE-2014-7923 ICU: regexp engine memory corruption 1185203 - CVE-2014-7924 chromium-browser: use-after-free in IndexedDB 1185204 - CVE-2014-7925 chromium-browser: use-after-free in WebAudio 1185205 - CVE-2014-7926 ICU: regexp engine memory corruption 1185206 - CVE-2014-7927 chromium-browser: memory corruption in V8 1185208 - CVE-2014-7928 chromium-browser: memory corruption in V8 1185209 - CVE-2014-7929 chromium-browser: use-after-free in DOM 1185210 - CVE-2014-7930 chromium-browser: use-after-free in DOM 1185211 - CVE-2014-7931 chromium-browser: memory corruption in V8 1185212 - CVE-2014-7932 chromium-browser: use-after-free in DOM 1185213 - CVE-2014-7933 chromium-browser: use-after-free in FFmpeg 1185214 - CVE-2014-7934 chromium-browser: use-after-free in DOM 1185215 - CVE-2014-7935 chromium-browser: use-after-free in Speech 1185216 - CVE-2014-7936 chromium-browser: use-after-free in Views 1185217 - CVE-2014-7937 chromium-browser: use-after-free in FFmpeg 1185218 - CVE-2014-7938 chromium-browser: memory corruption in Fonts 1185219 - CVE-2014-7939 chromium-browser: same-origin-bypass in V8 1185220 - CVE-2014-7940 ICU: uninitialized value use in the collation component 1185221 - CVE-2014-7941 chromium-browser: out-of-bounds read in UI 1185222 - CVE-2014-7942 chromium-browser: uninitialized-value in Fonts 1185223 - CVE-2014-7943 chromium-browser: out-of-bounds read in Skia 1185224 - CVE-2014-7944 chromium-browser: out-of-bounds read in PDFium 1185225 - CVE-2014-7945 chromium-browser: out-of-bounds read in PDFium 1185226 - CVE-2014-7946 chromium-browser: out-of-bounds read in Fonts 1185229 - CVE-2014-7947 chromium-browser: out-of-bounds read in PDFium 1185230 - CVE-2014-7948 chromium-browser: caching error in AppCache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-40.0.2214.91-1.el6_6.src.rpm i386: chromium-browser-40.0.2214.91-1.el6_6.i686.rpm chromium-browser-debuginfo-40.0.2214.91-1.el6_6.i686.rpm x86_64: chromium-browser-40.0.2214.91-1.el6_6.x86_64.rpm chromium-browser-debuginfo-40.0.2214.91-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-40.0.2214.91-1.el6_6.src.rpm i386: chromium-browser-40.0.2214.91-1.el6_6.i686.rpm chromium-browser-debuginfo-40.0.2214.91-1.el6_6.i686.rpm x86_64: chromium-browser-40.0.2214.91-1.el6_6.x86_64.rpm chromium-browser-debuginfo-40.0.2214.91-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-40.0.2214.91-1.el6_6.src.rpm i386: chromium-browser-40.0.2214.91-1.el6_6.i686.rpm chromium-browser-debuginfo-40.0.2214.91-1.el6_6.i686.rpm x86_64: chromium-browser-40.0.2214.91-1.el6_6.x86_64.rpm chromium-browser-debuginfo-40.0.2214.91-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7923 https://access.redhat.com/security/cve/CVE-2014-7924 https://access.redhat.com/security/cve/CVE-2014-7925 https://access.redhat.com/security/cve/CVE-2014-7926 https://access.redhat.com/security/cve/CVE-2014-7927 https://access.redhat.com/security/cve/CVE-2014-7928 https://access.redhat.com/security/cve/CVE-2014-7929 https://access.redhat.com/security/cve/CVE-2014-7930 https://access.redhat.com/security/cve/CVE-2014-7931 https://access.redhat.com/security/cve/CVE-2014-7932 https://access.redhat.com/security/cve/CVE-2014-7933 https://access.redhat.com/security/cve/CVE-2014-7934 https://access.redhat.com/security/cve/CVE-2014-7935 https://access.redhat.com/security/cve/CVE-2014-7936 https://access.redhat.com/security/cve/CVE-2014-7937 https://access.redhat.com/security/cve/CVE-2014-7938 https://access.redhat.com/security/cve/CVE-2014-7939 https://access.redhat.com/security/cve/CVE-2014-7940 https://access.redhat.com/security/cve/CVE-2014-7941 https://access.redhat.com/security/cve/CVE-2014-7942 https://access.redhat.com/security/cve/CVE-2014-7943 https://access.redhat.com/security/cve/CVE-2014-7944 https://access.redhat.com/security/cve/CVE-2014-7945 https://access.redhat.com/security/cve/CVE-2014-7946 https://access.redhat.com/security/cve/CVE-2014-7947 https://access.redhat.com/security/cve/CVE-2014-7948 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2015/01/stable-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUx/dpXlSAg2UNWIIRAicvAJ48EWNhTADIJpssRxTnXXoorLHcPQCeOXCx tHGzcUTFc2XPKT1/opdUYIw= =QwdV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 27 21:22:37 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Jan 2015 21:22:37 +0000 Subject: [RHSA-2015:0094-01] Critical: flash-plugin security update Message-ID: <201501272122.t0RLMbWN019782@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:0094-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0094.html Issue date: 2015-01-27 CVE Names: CVE-2015-0310 CVE-2015-0311 CVE-2015-0312 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0310, CVE-2015-0311, CVE-2015-0312) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.440. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185137 - CVE-2015-0310 flash-plugin: Vulnerability that could be used to circumvent memory randomization mitigations (APSB15-02) 1185296 - CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.440-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.440-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.440-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.440-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0310 https://access.redhat.com/security/cve/CVE-2015-0311 https://access.redhat.com/security/cve/CVE-2015-0312 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-02.html https://helpx.adobe.com/security/products/flash-player/apsb15-03.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyAGGXlSAg2UNWIIRAi1BAJ9Q5Uq7Z9D/i5dIrMbLRMK/TUbVpQCfZhjG Xjm8B3oIdHx7wx6dzJxrEAw= =70K0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 28 16:11:05 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Jan 2015 16:11:05 +0000 Subject: [RHSA-2015:0099-01] Critical: glibc security update Message-ID: <201501281611.t0SGB5Bd025624@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0099-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0099.html Issue date: 2015-01-28 CVE Names: CVE-2015-0235 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 6. Package List: Red Hat Enterprise Linux LL (v. 5.6 server): Source: glibc-2.5-58.el5_6.6.src.rpm i386: glibc-2.5-58.el5_6.6.i386.rpm glibc-2.5-58.el5_6.6.i686.rpm glibc-common-2.5-58.el5_6.6.i386.rpm glibc-debuginfo-2.5-58.el5_6.6.i386.rpm glibc-debuginfo-2.5-58.el5_6.6.i686.rpm glibc-debuginfo-common-2.5-58.el5_6.6.i386.rpm glibc-devel-2.5-58.el5_6.6.i386.rpm glibc-headers-2.5-58.el5_6.6.i386.rpm glibc-utils-2.5-58.el5_6.6.i386.rpm nscd-2.5-58.el5_6.6.i386.rpm ia64: glibc-2.5-58.el5_6.6.i686.rpm glibc-2.5-58.el5_6.6.ia64.rpm glibc-common-2.5-58.el5_6.6.ia64.rpm glibc-debuginfo-2.5-58.el5_6.6.i686.rpm glibc-debuginfo-2.5-58.el5_6.6.ia64.rpm glibc-debuginfo-common-2.5-58.el5_6.6.i386.rpm glibc-devel-2.5-58.el5_6.6.ia64.rpm glibc-headers-2.5-58.el5_6.6.ia64.rpm glibc-utils-2.5-58.el5_6.6.ia64.rpm nscd-2.5-58.el5_6.6.ia64.rpm x86_64: glibc-2.5-58.el5_6.6.i686.rpm glibc-2.5-58.el5_6.6.x86_64.rpm glibc-common-2.5-58.el5_6.6.x86_64.rpm glibc-debuginfo-2.5-58.el5_6.6.i386.rpm glibc-debuginfo-2.5-58.el5_6.6.i686.rpm glibc-debuginfo-2.5-58.el5_6.6.x86_64.rpm glibc-debuginfo-common-2.5-58.el5_6.6.i386.rpm glibc-devel-2.5-58.el5_6.6.i386.rpm glibc-devel-2.5-58.el5_6.6.x86_64.rpm glibc-headers-2.5-58.el5_6.6.x86_64.rpm glibc-utils-2.5-58.el5_6.6.x86_64.rpm nscd-2.5-58.el5_6.6.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: glibc-2.5-107.el5_9.8.src.rpm i386: glibc-2.5-107.el5_9.8.i386.rpm glibc-2.5-107.el5_9.8.i686.rpm glibc-common-2.5-107.el5_9.8.i386.rpm glibc-debuginfo-2.5-107.el5_9.8.i386.rpm glibc-debuginfo-2.5-107.el5_9.8.i686.rpm glibc-debuginfo-common-2.5-107.el5_9.8.i386.rpm glibc-devel-2.5-107.el5_9.8.i386.rpm glibc-headers-2.5-107.el5_9.8.i386.rpm glibc-utils-2.5-107.el5_9.8.i386.rpm nscd-2.5-107.el5_9.8.i386.rpm ia64: glibc-2.5-107.el5_9.8.i686.rpm glibc-2.5-107.el5_9.8.ia64.rpm glibc-common-2.5-107.el5_9.8.ia64.rpm glibc-debuginfo-2.5-107.el5_9.8.i686.rpm glibc-debuginfo-2.5-107.el5_9.8.ia64.rpm glibc-debuginfo-common-2.5-107.el5_9.8.i386.rpm glibc-devel-2.5-107.el5_9.8.ia64.rpm glibc-headers-2.5-107.el5_9.8.ia64.rpm glibc-utils-2.5-107.el5_9.8.ia64.rpm nscd-2.5-107.el5_9.8.ia64.rpm ppc: glibc-2.5-107.el5_9.8.ppc.rpm glibc-2.5-107.el5_9.8.ppc64.rpm glibc-common-2.5-107.el5_9.8.ppc.rpm glibc-debuginfo-2.5-107.el5_9.8.ppc.rpm glibc-debuginfo-2.5-107.el5_9.8.ppc64.rpm glibc-devel-2.5-107.el5_9.8.ppc.rpm glibc-devel-2.5-107.el5_9.8.ppc64.rpm glibc-headers-2.5-107.el5_9.8.ppc.rpm glibc-utils-2.5-107.el5_9.8.ppc.rpm nscd-2.5-107.el5_9.8.ppc.rpm s390x: glibc-2.5-107.el5_9.8.s390.rpm glibc-2.5-107.el5_9.8.s390x.rpm glibc-common-2.5-107.el5_9.8.s390x.rpm glibc-debuginfo-2.5-107.el5_9.8.s390.rpm glibc-debuginfo-2.5-107.el5_9.8.s390x.rpm glibc-devel-2.5-107.el5_9.8.s390.rpm glibc-devel-2.5-107.el5_9.8.s390x.rpm glibc-headers-2.5-107.el5_9.8.s390x.rpm glibc-utils-2.5-107.el5_9.8.s390x.rpm nscd-2.5-107.el5_9.8.s390x.rpm x86_64: glibc-2.5-107.el5_9.8.i686.rpm glibc-2.5-107.el5_9.8.x86_64.rpm glibc-common-2.5-107.el5_9.8.x86_64.rpm glibc-debuginfo-2.5-107.el5_9.8.i386.rpm glibc-debuginfo-2.5-107.el5_9.8.i686.rpm glibc-debuginfo-2.5-107.el5_9.8.x86_64.rpm glibc-debuginfo-common-2.5-107.el5_9.8.i386.rpm glibc-devel-2.5-107.el5_9.8.i386.rpm glibc-devel-2.5-107.el5_9.8.x86_64.rpm glibc-headers-2.5-107.el5_9.8.x86_64.rpm glibc-utils-2.5-107.el5_9.8.x86_64.rpm nscd-2.5-107.el5_9.8.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.7.src.rpm x86_64: glibc-2.12-1.107.el6_4.7.i686.rpm glibc-2.12-1.107.el6_4.7.x86_64.rpm glibc-common-2.12-1.107.el6_4.7.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.7.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.x86_64.rpm glibc-devel-2.12-1.107.el6_4.7.i686.rpm glibc-devel-2.12-1.107.el6_4.7.x86_64.rpm glibc-headers-2.12-1.107.el6_4.7.x86_64.rpm glibc-utils-2.12-1.107.el6_4.7.x86_64.rpm nscd-2.12-1.107.el6_4.7.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.5.src.rpm x86_64: glibc-2.12-1.132.el6_5.5.i686.rpm glibc-2.12-1.132.el6_5.5.x86_64.rpm glibc-common-2.12-1.132.el6_5.5.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.5.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.x86_64.rpm glibc-devel-2.12-1.132.el6_5.5.i686.rpm glibc-devel-2.12-1.132.el6_5.5.x86_64.rpm glibc-headers-2.12-1.132.el6_5.5.x86_64.rpm glibc-utils-2.12-1.132.el6_5.5.x86_64.rpm nscd-2.12-1.132.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.7.src.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.7.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.x86_64.rpm glibc-static-2.12-1.107.el6_4.7.i686.rpm glibc-static-2.12-1.107.el6_4.7.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.5.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.5.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.x86_64.rpm glibc-static-2.12-1.132.el6_5.5.i686.rpm glibc-static-2.12-1.132.el6_5.5.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: glibc-2.12-1.47.el6_2.15.src.rpm x86_64: glibc-2.12-1.47.el6_2.15.i686.rpm glibc-2.12-1.47.el6_2.15.x86_64.rpm glibc-common-2.12-1.47.el6_2.15.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.15.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.15.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.15.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.15.x86_64.rpm glibc-devel-2.12-1.47.el6_2.15.i686.rpm glibc-devel-2.12-1.47.el6_2.15.x86_64.rpm glibc-headers-2.12-1.47.el6_2.15.x86_64.rpm glibc-utils-2.12-1.47.el6_2.15.x86_64.rpm nscd-2.12-1.47.el6_2.15.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.7.src.rpm i386: glibc-2.12-1.107.el6_4.7.i686.rpm glibc-common-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.i686.rpm glibc-devel-2.12-1.107.el6_4.7.i686.rpm glibc-headers-2.12-1.107.el6_4.7.i686.rpm glibc-utils-2.12-1.107.el6_4.7.i686.rpm nscd-2.12-1.107.el6_4.7.i686.rpm ppc64: glibc-2.12-1.107.el6_4.7.ppc.rpm glibc-2.12-1.107.el6_4.7.ppc64.rpm glibc-common-2.12-1.107.el6_4.7.ppc64.rpm glibc-debuginfo-2.12-1.107.el6_4.7.ppc.rpm glibc-debuginfo-2.12-1.107.el6_4.7.ppc64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.ppc.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.ppc64.rpm glibc-devel-2.12-1.107.el6_4.7.ppc.rpm glibc-devel-2.12-1.107.el6_4.7.ppc64.rpm glibc-headers-2.12-1.107.el6_4.7.ppc64.rpm glibc-utils-2.12-1.107.el6_4.7.ppc64.rpm nscd-2.12-1.107.el6_4.7.ppc64.rpm s390x: glibc-2.12-1.107.el6_4.7.s390.rpm glibc-2.12-1.107.el6_4.7.s390x.rpm glibc-common-2.12-1.107.el6_4.7.s390x.rpm glibc-debuginfo-2.12-1.107.el6_4.7.s390.rpm glibc-debuginfo-2.12-1.107.el6_4.7.s390x.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.s390.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.s390x.rpm glibc-devel-2.12-1.107.el6_4.7.s390.rpm glibc-devel-2.12-1.107.el6_4.7.s390x.rpm glibc-headers-2.12-1.107.el6_4.7.s390x.rpm glibc-utils-2.12-1.107.el6_4.7.s390x.rpm nscd-2.12-1.107.el6_4.7.s390x.rpm x86_64: glibc-2.12-1.107.el6_4.7.i686.rpm glibc-2.12-1.107.el6_4.7.x86_64.rpm glibc-common-2.12-1.107.el6_4.7.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.7.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.x86_64.rpm glibc-devel-2.12-1.107.el6_4.7.i686.rpm glibc-devel-2.12-1.107.el6_4.7.x86_64.rpm glibc-headers-2.12-1.107.el6_4.7.x86_64.rpm glibc-utils-2.12-1.107.el6_4.7.x86_64.rpm nscd-2.12-1.107.el6_4.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.5.src.rpm i386: glibc-2.12-1.132.el6_5.5.i686.rpm glibc-common-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.i686.rpm glibc-devel-2.12-1.132.el6_5.5.i686.rpm glibc-headers-2.12-1.132.el6_5.5.i686.rpm glibc-utils-2.12-1.132.el6_5.5.i686.rpm nscd-2.12-1.132.el6_5.5.i686.rpm ppc64: glibc-2.12-1.132.el6_5.5.ppc.rpm glibc-2.12-1.132.el6_5.5.ppc64.rpm glibc-common-2.12-1.132.el6_5.5.ppc64.rpm glibc-debuginfo-2.12-1.132.el6_5.5.ppc.rpm glibc-debuginfo-2.12-1.132.el6_5.5.ppc64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.ppc.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.ppc64.rpm glibc-devel-2.12-1.132.el6_5.5.ppc.rpm glibc-devel-2.12-1.132.el6_5.5.ppc64.rpm glibc-headers-2.12-1.132.el6_5.5.ppc64.rpm glibc-utils-2.12-1.132.el6_5.5.ppc64.rpm nscd-2.12-1.132.el6_5.5.ppc64.rpm s390x: glibc-2.12-1.132.el6_5.5.s390.rpm glibc-2.12-1.132.el6_5.5.s390x.rpm glibc-common-2.12-1.132.el6_5.5.s390x.rpm glibc-debuginfo-2.12-1.132.el6_5.5.s390.rpm glibc-debuginfo-2.12-1.132.el6_5.5.s390x.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.s390.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.s390x.rpm glibc-devel-2.12-1.132.el6_5.5.s390.rpm glibc-devel-2.12-1.132.el6_5.5.s390x.rpm glibc-headers-2.12-1.132.el6_5.5.s390x.rpm glibc-utils-2.12-1.132.el6_5.5.s390x.rpm nscd-2.12-1.132.el6_5.5.s390x.rpm x86_64: glibc-2.12-1.132.el6_5.5.i686.rpm glibc-2.12-1.132.el6_5.5.x86_64.rpm glibc-common-2.12-1.132.el6_5.5.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.5.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.x86_64.rpm glibc-devel-2.12-1.132.el6_5.5.i686.rpm glibc-devel-2.12-1.132.el6_5.5.x86_64.rpm glibc-headers-2.12-1.132.el6_5.5.x86_64.rpm glibc-utils-2.12-1.132.el6_5.5.x86_64.rpm nscd-2.12-1.132.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.15.src.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.15.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.15.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.15.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.15.x86_64.rpm glibc-static-2.12-1.47.el6_2.15.i686.rpm glibc-static-2.12-1.47.el6_2.15.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.7.src.rpm i386: glibc-debuginfo-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.i686.rpm glibc-static-2.12-1.107.el6_4.7.i686.rpm ppc64: glibc-debuginfo-2.12-1.107.el6_4.7.ppc.rpm glibc-debuginfo-2.12-1.107.el6_4.7.ppc64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.ppc.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.ppc64.rpm glibc-static-2.12-1.107.el6_4.7.ppc.rpm glibc-static-2.12-1.107.el6_4.7.ppc64.rpm s390x: glibc-debuginfo-2.12-1.107.el6_4.7.s390.rpm glibc-debuginfo-2.12-1.107.el6_4.7.s390x.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.s390.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.s390x.rpm glibc-static-2.12-1.107.el6_4.7.s390.rpm glibc-static-2.12-1.107.el6_4.7.s390x.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.7.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.7.x86_64.rpm glibc-static-2.12-1.107.el6_4.7.i686.rpm glibc-static-2.12-1.107.el6_4.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.5.src.rpm i386: glibc-debuginfo-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.i686.rpm glibc-static-2.12-1.132.el6_5.5.i686.rpm ppc64: glibc-debuginfo-2.12-1.132.el6_5.5.ppc.rpm glibc-debuginfo-2.12-1.132.el6_5.5.ppc64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.ppc.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.ppc64.rpm glibc-static-2.12-1.132.el6_5.5.ppc.rpm glibc-static-2.12-1.132.el6_5.5.ppc64.rpm s390x: glibc-debuginfo-2.12-1.132.el6_5.5.s390.rpm glibc-debuginfo-2.12-1.132.el6_5.5.s390x.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.s390.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.s390x.rpm glibc-static-2.12-1.132.el6_5.5.s390.rpm glibc-static-2.12-1.132.el6_5.5.s390x.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.5.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.5.x86_64.rpm glibc-static-2.12-1.132.el6_5.5.i686.rpm glibc-static-2.12-1.132.el6_5.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyQlUXlSAg2UNWIIRAgkQAJ99RMbbkLVHtTRC6tvfLPghWQnnAQCdFcWh JeZq/7FXt92zQ9rmxkTZzIw= =TUmc -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 28 17:28:31 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Jan 2015 17:28:31 +0000 Subject: [RHSA-2015:0101-01] Critical: glibc security update Message-ID: <201501281728.t0SHSVw2027468@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0101-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0101.html Issue date: 2015-01-28 CVE Names: CVE-2015-0235 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, ia64, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: glibc-2.3.4-2.57.el4.2.src.rpm i386: glibc-2.3.4-2.57.el4.2.i386.rpm glibc-2.3.4-2.57.el4.2.i686.rpm glibc-common-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.i386.rpm glibc-headers-2.3.4-2.57.el4.2.i386.rpm glibc-profile-2.3.4-2.57.el4.2.i386.rpm glibc-utils-2.3.4-2.57.el4.2.i386.rpm nptl-devel-2.3.4-2.57.el4.2.i386.rpm nptl-devel-2.3.4-2.57.el4.2.i686.rpm nscd-2.3.4-2.57.el4.2.i386.rpm ia64: glibc-2.3.4-2.57.el4.2.i686.rpm glibc-2.3.4-2.57.el4.2.ia64.rpm glibc-common-2.3.4-2.57.el4.2.ia64.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-2.3.4-2.57.el4.2.ia64.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.ia64.rpm glibc-headers-2.3.4-2.57.el4.2.ia64.rpm glibc-profile-2.3.4-2.57.el4.2.ia64.rpm glibc-utils-2.3.4-2.57.el4.2.ia64.rpm nptl-devel-2.3.4-2.57.el4.2.ia64.rpm nscd-2.3.4-2.57.el4.2.ia64.rpm x86_64: glibc-2.3.4-2.57.el4.2.i686.rpm glibc-2.3.4-2.57.el4.2.x86_64.rpm glibc-common-2.3.4-2.57.el4.2.x86_64.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-2.3.4-2.57.el4.2.x86_64.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.x86_64.rpm glibc-headers-2.3.4-2.57.el4.2.x86_64.rpm glibc-profile-2.3.4-2.57.el4.2.x86_64.rpm glibc-utils-2.3.4-2.57.el4.2.x86_64.rpm nptl-devel-2.3.4-2.57.el4.2.x86_64.rpm nscd-2.3.4-2.57.el4.2.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: glibc-2.3.4-2.57.el4.2.src.rpm i386: glibc-2.3.4-2.57.el4.2.i386.rpm glibc-2.3.4-2.57.el4.2.i686.rpm glibc-common-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.i386.rpm glibc-headers-2.3.4-2.57.el4.2.i386.rpm glibc-profile-2.3.4-2.57.el4.2.i386.rpm glibc-utils-2.3.4-2.57.el4.2.i386.rpm nptl-devel-2.3.4-2.57.el4.2.i386.rpm nptl-devel-2.3.4-2.57.el4.2.i686.rpm nscd-2.3.4-2.57.el4.2.i386.rpm ia64: glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm x86_64: glibc-2.3.4-2.57.el4.2.i686.rpm glibc-2.3.4-2.57.el4.2.x86_64.rpm glibc-common-2.3.4-2.57.el4.2.x86_64.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-2.3.4-2.57.el4.2.x86_64.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.x86_64.rpm glibc-headers-2.3.4-2.57.el4.2.x86_64.rpm glibc-profile-2.3.4-2.57.el4.2.x86_64.rpm glibc-utils-2.3.4-2.57.el4.2.x86_64.rpm nptl-devel-2.3.4-2.57.el4.2.x86_64.rpm nscd-2.3.4-2.57.el4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyRwbXlSAg2UNWIIRAnx8AJ94LYbxTEFIpPLiN/L5Wg+RHu8sewCfU4Gq q+5AuvegeRJa0LimEFiDjZE= =l1Y9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 28 17:49:10 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Jan 2015 17:49:10 +0000 Subject: [RHSA-2015:0100-01] Moderate: libyaml security update Message-ID: <201501281749.t0SHnAkA018775@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libyaml security update Advisory ID: RHSA-2015:0100-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0100.html Issue date: 2015-01-28 CVE Names: CVE-2014-9130 ===================================================================== 1. Summary: Updated libyaml packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130) All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libyaml-0.1.3-4.el6_6.src.rpm i386: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm x86_64: libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libyaml-0.1.3-4.el6_6.src.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libyaml-0.1.3-4.el6_6.src.rpm i386: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm ppc64: libyaml-0.1.3-4.el6_6.ppc.rpm libyaml-0.1.3-4.el6_6.ppc64.rpm libyaml-debuginfo-0.1.3-4.el6_6.ppc.rpm libyaml-debuginfo-0.1.3-4.el6_6.ppc64.rpm s390x: libyaml-0.1.3-4.el6_6.s390.rpm libyaml-0.1.3-4.el6_6.s390x.rpm libyaml-debuginfo-0.1.3-4.el6_6.s390.rpm libyaml-debuginfo-0.1.3-4.el6_6.s390x.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm ppc64: libyaml-debuginfo-0.1.3-4.el6_6.ppc.rpm libyaml-debuginfo-0.1.3-4.el6_6.ppc64.rpm libyaml-devel-0.1.3-4.el6_6.ppc.rpm libyaml-devel-0.1.3-4.el6_6.ppc64.rpm s390x: libyaml-debuginfo-0.1.3-4.el6_6.s390.rpm libyaml-debuginfo-0.1.3-4.el6_6.s390x.rpm libyaml-devel-0.1.3-4.el6_6.s390.rpm libyaml-devel-0.1.3-4.el6_6.s390x.rpm x86_64: libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libyaml-0.1.3-4.el6_6.src.rpm i386: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm x86_64: libyaml-0.1.3-4.el6_6.i686.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm x86_64: libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm libyaml-devel-0.1.3-4.el6_6.i686.rpm libyaml-devel-0.1.3-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libyaml-0.1.4-11.el7_0.src.rpm x86_64: libyaml-0.1.4-11.el7_0.i686.rpm libyaml-0.1.4-11.el7_0.x86_64.rpm libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm libyaml-devel-0.1.4-11.el7_0.i686.rpm libyaml-devel-0.1.4-11.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libyaml-0.1.4-11.el7_0.src.rpm x86_64: libyaml-0.1.4-11.el7_0.i686.rpm libyaml-0.1.4-11.el7_0.x86_64.rpm libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm libyaml-devel-0.1.4-11.el7_0.i686.rpm libyaml-devel-0.1.4-11.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libyaml-0.1.4-11.el7_0.src.rpm ppc64: libyaml-0.1.4-11.el7_0.ppc.rpm libyaml-0.1.4-11.el7_0.ppc64.rpm libyaml-debuginfo-0.1.4-11.el7_0.ppc.rpm libyaml-debuginfo-0.1.4-11.el7_0.ppc64.rpm s390x: libyaml-0.1.4-11.el7_0.s390.rpm libyaml-0.1.4-11.el7_0.s390x.rpm libyaml-debuginfo-0.1.4-11.el7_0.s390.rpm libyaml-debuginfo-0.1.4-11.el7_0.s390x.rpm x86_64: libyaml-0.1.4-11.el7_0.i686.rpm libyaml-0.1.4-11.el7_0.x86_64.rpm libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libyaml-debuginfo-0.1.4-11.el7_0.ppc.rpm libyaml-debuginfo-0.1.4-11.el7_0.ppc64.rpm libyaml-devel-0.1.4-11.el7_0.ppc.rpm libyaml-devel-0.1.4-11.el7_0.ppc64.rpm s390x: libyaml-debuginfo-0.1.4-11.el7_0.s390.rpm libyaml-debuginfo-0.1.4-11.el7_0.s390x.rpm libyaml-devel-0.1.4-11.el7_0.s390.rpm libyaml-devel-0.1.4-11.el7_0.s390x.rpm x86_64: libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm libyaml-devel-0.1.4-11.el7_0.i686.rpm libyaml-devel-0.1.4-11.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libyaml-0.1.4-11.el7_0.src.rpm x86_64: libyaml-0.1.4-11.el7_0.i686.rpm libyaml-0.1.4-11.el7_0.x86_64.rpm libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm libyaml-devel-0.1.4-11.el7_0.i686.rpm libyaml-devel-0.1.4-11.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9130 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUySEHXlSAg2UNWIIRAoGEAKC0egLgLq6URggei0bM9ypl+sZ3SgCeLjGH Ew/C9aKmZARHJdmHtaSJJKs= =CZvQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 28 19:16:51 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Jan 2015 19:16:51 +0000 Subject: [RHSA-2015:0102-01] Important: kernel security and bug fix update Message-ID: <201501281916.t0SJGqCW011856@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0102-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0102.html Issue date: 2015-01-28 CVE Names: CVE-2014-4171 CVE-2014-5471 CVE-2014-5472 CVE-2014-7145 CVE-2014-7822 CVE-2014-7841 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. (CVE-2014-7145, Moderate) * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Akira Fujita of NEC for reporting the CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs: * Previously, a kernel panic could occur if a process reading from a locked NFS file was killed and the lock was not released properly before the read operations finished. Consequently, the system crashed. The code handling file locks has been fixed, and instead of halting, the system now emits a warning about the unreleased lock. (BZ#1172266) * A race condition in the command abort handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to an abort command prior to receiving other responses to the aborted command due to the support for multiple interrupts. With this update, the abort handler waits for the aborted command's responses first before completing an abort operation. (BZ#1162734) * Previously, a race condition could occur when changing a Page Table Entry (PTE) or a Page Middle Directory (PMD) to "pte_numa" or "pmd_numa", respectively, causing the kernel to crash. This update removes the BUG_ON() macro from the __handle_mm_fault() function, preventing the kernel panic in the aforementioned scenario. (BZ#1170662) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1111180 - CVE-2014-4171 Kernel: mm/shmem: denial of service 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories 1147522 - CVE-2014-7145 Kernel: cifs: NULL pointer dereference in SMB2_tcon 1163087 - CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet 1163792 - CVE-2014-7822 kernel: splice: lack of generic write checks 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm ppc64: kernel-3.10.0-123.20.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-123.20.1.el7.ppc64.rpm kernel-debug-3.10.0-123.20.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.20.1.el7.ppc64.rpm kernel-devel-3.10.0-123.20.1.el7.ppc64.rpm kernel-headers-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.ppc64.rpm perf-3.10.0-123.20.1.el7.ppc64.rpm perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm s390x: kernel-3.10.0-123.20.1.el7.s390x.rpm kernel-debug-3.10.0-123.20.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debug-devel-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.20.1.el7.s390x.rpm kernel-devel-3.10.0-123.20.1.el7.s390x.rpm kernel-headers-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-123.20.1.el7.s390x.rpm perf-3.10.0-123.20.1.el7.s390x.rpm perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm ppc64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.ppc64.rpm perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm python-perf-3.10.0-123.20.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.20.1.el7.s390x.rpm perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm python-perf-3.10.0-123.20.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4171 https://access.redhat.com/security/cve/CVE-2014-5471 https://access.redhat.com/security/cve/CVE-2014-5472 https://access.redhat.com/security/cve/CVE-2014-7145 https://access.redhat.com/security/cve/CVE-2014-7822 https://access.redhat.com/security/cve/CVE-2014-7841 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyTWBXlSAg2UNWIIRAv/PAKCpyK7ufWptj5iPibx+EJ74tX49NACfeDK4 BRbjwC4o9YTwxlZJoogvChU= =2MX6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 28 19:17:26 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Jan 2015 19:17:26 +0000 Subject: [RHSA-2015:0103-01] Low: Red Hat Enterprise Linux 6.4 Extended Update Support One-Month Notice Message-ID: <201501281917.t0SJHQ9D021390@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.4 Extended Update Support One-Month Notice Advisory ID: RHSA-2015:0103-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0103.html Issue date: 2015-01-28 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 6.4 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.4. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.4): Source: redhat-release-server-6Server-6.4.0.7.el6_4.src.rpm i386: redhat-release-server-6Server-6.4.0.7.el6_4.i686.rpm ppc64: redhat-release-server-6Server-6.4.0.7.el6_4.ppc64.rpm s390x: redhat-release-server-6Server-6.4.0.7.el6_4.s390x.rpm x86_64: redhat-release-server-6Server-6.4.0.7.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyTW/XlSAg2UNWIIRAjtwAJ92lLry6zZIhf30mVSQIVldfrWl4wCfQvGy /fqXKv6eNacfEBEEBK+oClE= =nu9+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 28 19:18:04 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Jan 2015 19:18:04 +0000 Subject: [RHSA-2015:0104-01] Important: ntp security update Message-ID: <201501281918.t0SJI4Vg011961@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2015:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0104.html Issue date: 2015-01-28 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 ===================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-4.2.6p5-2.el6_5.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntpdate-4.2.6p5-2.el6_5.i686.rpm ppc64: ntp-4.2.6p5-2.el6_5.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntpdate-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-4.2.6p5-2.el6_5.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntpdate-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntp-perl-4.2.6p5-2.el6_5.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntp-perl-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntp-perl-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyTXWXlSAg2UNWIIRAsXzAKCilJuJeeWLOABs1xY+ueRvRTSpWACcDhoC YQlhn66RRMYQCWymo1OCUoI= =4Rft -----END PGP SIGNATURE-----