From bugzilla at redhat.com  Thu Jul  2 21:35:25 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 2 Jul 2015 21:35:25 +0000
Subject: [RHSA-2015:1206-01] Important: openstack-cinder security and bug fix
	update
Message-ID: <201507022135.t62LZQLE010649@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: openstack-cinder security and bug fix update
Advisory ID:       RHSA-2015:1206-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1206.html
Issue date:        2015-07-02
CVE Names:         CVE-2015-1851 
=====================================================================

1. Summary:

Updated openstack-cinder packages that fix one security issue and multiple
bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0
and 6.0.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch
Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch

3. Description:

OpenStack Block Storage (cinder) manages block storage mounting and the
presentation of such mounted block storage to instances. The backend
physical storage can consist of local disks, or Fiber Channel, iSCSI, and
NFS mounts attached to Compute nodes. In addition, Block Storage supports
volume backups, and snapshots for temporary save and restore operations.
Programatic management is available via Block Storage?s API.

A flaw was found in the cinder upload-to-image functionality. When
processing a malicious qcow2 header cinder could be tricked into reading
an arbitrary file from the cinder host. (CVE-2015-1851)

All users of openstack-cinder are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the cinder running services will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1231817 - CVE-2015-1851 openstack-cinder: Host file disclosure through qcow2 backing file

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6:

Source:
openstack-cinder-2014.1.4-1.1.el6ost.src.rpm

noarch:
openstack-cinder-2014.1.4-1.1.el6ost.noarch.rpm
openstack-cinder-doc-2014.1.4-1.1.el6ost.noarch.rpm
python-cinder-2014.1.4-1.1.el6ost.noarch.rpm

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7:

Source:
openstack-cinder-2014.1.4-1.1.el7ost.src.rpm

noarch:
openstack-cinder-2014.1.4-1.1.el7ost.noarch.rpm
openstack-cinder-doc-2014.1.4-1.1.el7ost.noarch.rpm
python-cinder-2014.1.4-1.1.el7ost.noarch.rpm

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7:

Source:
openstack-cinder-2014.2.3-3.1.el7ost.src.rpm

noarch:
openstack-cinder-2014.2.3-3.1.el7ost.noarch.rpm
openstack-cinder-doc-2014.2.3-3.1.el7ost.noarch.rpm
python-cinder-2014.2.3-3.1.el7ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1851
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVla6QXlSAg2UNWIIRAssjAJwNJda6sMH0jAIUK8KHRtxCL10xtwCfSghn
6BVu+T81YiQL+WT8Zvp2v68=
=fDID
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri Jul  3 06:28:19 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 3 Jul 2015 06:28:19 +0000
Subject: [RHSA-2015:1207-01] Critical: firefox security update
Message-ID: <201507030628.t636SJVe021822@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2015:1207-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1207.html
Issue date:        2015-07-02
CVE Names:         CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 
                   CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 
                   CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 
                   CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 
                   CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 
                   CVE-2015-2741 CVE-2015-2743 
=====================================================================

1. Summary:

Updated firefox packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727,
CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,
CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,
CVE-2015-2740)

It was found that Firefox skipped key-pinning checks when handling an error
that could be overridden by the user (for example an expired certificate
error). This flaw allowed a user to override a pinned certificate, which is
an action the user should not be able to perform. (CVE-2015-2741)

A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined
with another vulnerability, it could allow execution of arbitrary code with
the privileges of the user running Firefox. (CVE-2015-2743)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew
McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas
Pehrson, Jann Horn, Paul Bandha, Holger Fuhrmannek, Herre, Looben Yan,
Ronald Crane, and Jonas Jenwald as the original reporters of these issues.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 38.1 ESR, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1236947 - CVE-2015-2724 CVE-2015-2725 Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)
1236950 - CVE-2015-2727 Mozilla: Local files or privileged URLs in pages can be opened into new tabs (MFSA 2015-60)
1236951 - CVE-2015-2728 Mozilla: Type confusion in Indexed Database Manager (MFSA 2015-61)
1236952 - CVE-2015-2729 Mozilla: Out-of-bound read while computing an oscillator rendering range in Web Audio (MFSA 2015-62)
1236953 - CVE-2015-2731 Mozilla: Use-after-free in Content Policy due to microtask execution error (MFSA 2015-63)
1236955 - CVE-2015-2722 CVE-2015-2733 Mozilla: Use-after-free in workers while using XMLHttpRequest (MFSA 2015-65)
1236956 - CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
1236963 - CVE-2015-2741 Mozilla: Key pinning is ignored when overridable errors are encountered (MFSA 2015-67)
1236964 - CVE-2015-2743 Mozilla: Privilege escalation in PDF.js (MFSA 2015-69)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
firefox-38.1.0-1.el5_11.src.rpm

i386:
firefox-38.1.0-1.el5_11.i386.rpm
firefox-debuginfo-38.1.0-1.el5_11.i386.rpm

x86_64:
firefox-38.1.0-1.el5_11.i386.rpm
firefox-38.1.0-1.el5_11.x86_64.rpm
firefox-debuginfo-38.1.0-1.el5_11.i386.rpm
firefox-debuginfo-38.1.0-1.el5_11.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
firefox-38.1.0-1.el5_11.src.rpm

i386:
firefox-38.1.0-1.el5_11.i386.rpm
firefox-debuginfo-38.1.0-1.el5_11.i386.rpm

ppc:
firefox-38.1.0-1.el5_11.ppc64.rpm
firefox-debuginfo-38.1.0-1.el5_11.ppc64.rpm

s390x:
firefox-38.1.0-1.el5_11.s390.rpm
firefox-38.1.0-1.el5_11.s390x.rpm
firefox-debuginfo-38.1.0-1.el5_11.s390.rpm
firefox-debuginfo-38.1.0-1.el5_11.s390x.rpm

x86_64:
firefox-38.1.0-1.el5_11.i386.rpm
firefox-38.1.0-1.el5_11.x86_64.rpm
firefox-debuginfo-38.1.0-1.el5_11.i386.rpm
firefox-debuginfo-38.1.0-1.el5_11.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
firefox-38.1.0-1.el6_6.src.rpm

i386:
firefox-38.1.0-1.el6_6.i686.rpm
firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

x86_64:
firefox-38.1.0-1.el6_6.x86_64.rpm
firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

x86_64:
firefox-38.1.0-1.el6_6.i686.rpm
firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
firefox-38.1.0-1.el6_6.src.rpm

x86_64:
firefox-38.1.0-1.el6_6.i686.rpm
firefox-38.1.0-1.el6_6.x86_64.rpm
firefox-debuginfo-38.1.0-1.el6_6.i686.rpm
firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
firefox-38.1.0-1.el6_6.src.rpm

i386:
firefox-38.1.0-1.el6_6.i686.rpm
firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

ppc64:
firefox-38.1.0-1.el6_6.ppc64.rpm
firefox-debuginfo-38.1.0-1.el6_6.ppc64.rpm

s390x:
firefox-38.1.0-1.el6_6.s390x.rpm
firefox-debuginfo-38.1.0-1.el6_6.s390x.rpm

x86_64:
firefox-38.1.0-1.el6_6.x86_64.rpm
firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

ppc64:
firefox-38.1.0-1.el6_6.ppc.rpm
firefox-debuginfo-38.1.0-1.el6_6.ppc.rpm

s390x:
firefox-38.1.0-1.el6_6.s390.rpm
firefox-debuginfo-38.1.0-1.el6_6.s390.rpm

x86_64:
firefox-38.1.0-1.el6_6.i686.rpm
firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
firefox-38.1.0-1.el6_6.src.rpm

i386:
firefox-38.1.0-1.el6_6.i686.rpm
firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

x86_64:
firefox-38.1.0-1.el6_6.x86_64.rpm
firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

x86_64:
firefox-38.1.0-1.el6_6.i686.rpm
firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
firefox-38.1.0-1.el7_1.src.rpm

x86_64:
firefox-38.1.0-1.el7_1.x86_64.rpm
firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
firefox-38.1.0-1.el7_1.i686.rpm
firefox-debuginfo-38.1.0-1.el7_1.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
firefox-38.1.0-1.el7_1.src.rpm

ppc64:
firefox-38.1.0-1.el7_1.ppc64.rpm
firefox-debuginfo-38.1.0-1.el7_1.ppc64.rpm

s390x:
firefox-38.1.0-1.el7_1.s390x.rpm
firefox-debuginfo-38.1.0-1.el7_1.s390x.rpm

x86_64:
firefox-38.1.0-1.el7_1.x86_64.rpm
firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
firefox-38.1.0-1.ael7b_1.src.rpm

ppc64le:
firefox-38.1.0-1.ael7b_1.ppc64le.rpm
firefox-debuginfo-38.1.0-1.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
firefox-38.1.0-1.el7_1.ppc.rpm
firefox-debuginfo-38.1.0-1.el7_1.ppc.rpm

s390x:
firefox-38.1.0-1.el7_1.s390.rpm
firefox-debuginfo-38.1.0-1.el7_1.s390.rpm

x86_64:
firefox-38.1.0-1.el7_1.i686.rpm
firefox-debuginfo-38.1.0-1.el7_1.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
firefox-38.1.0-1.el7_1.src.rpm

x86_64:
firefox-38.1.0-1.el7_1.x86_64.rpm
firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
firefox-38.1.0-1.el7_1.i686.rpm
firefox-debuginfo-38.1.0-1.el7_1.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2722
https://access.redhat.com/security/cve/CVE-2015-2724
https://access.redhat.com/security/cve/CVE-2015-2725
https://access.redhat.com/security/cve/CVE-2015-2727
https://access.redhat.com/security/cve/CVE-2015-2728
https://access.redhat.com/security/cve/CVE-2015-2729
https://access.redhat.com/security/cve/CVE-2015-2731
https://access.redhat.com/security/cve/CVE-2015-2733
https://access.redhat.com/security/cve/CVE-2015-2734
https://access.redhat.com/security/cve/CVE-2015-2735
https://access.redhat.com/security/cve/CVE-2015-2736
https://access.redhat.com/security/cve/CVE-2015-2737
https://access.redhat.com/security/cve/CVE-2015-2738
https://access.redhat.com/security/cve/CVE-2015-2739
https://access.redhat.com/security/cve/CVE-2015-2740
https://access.redhat.com/security/cve/CVE-2015-2741
https://access.redhat.com/security/cve/CVE-2015-2743
https://access.redhat.com/security/updates/classification/#critical
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.1

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVlit0XlSAg2UNWIIRAlQ3AJ4xbs1cQU7Vx6uQAzTsH86fEtW3zgCfTToD
IaePI/YUQ4xFI2uuFRh4wdQ=
=0A5+
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Jul  7 08:56:38 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 7 Jul 2015 08:56:38 +0000
Subject: [RHSA-2015:1210-01] Moderate: abrt security update
Message-ID: <201507070844.t678i37r012049@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: abrt security update
Advisory ID:       RHSA-2015:1210-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1210.html
Issue date:        2015-07-07
CVE Names:         CVE-2015-1869 CVE-2015-1870 CVE-2015-3142 
                   CVE-2015-3147 CVE-2015-3159 CVE-2015-3315 
=====================================================================

1. Summary:

Updated abrt packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect
defects in applications and to create a bug report with all the information
needed by a maintainer to fix it. It uses a plug-in system to extend its
functionality.

It was found that ABRT was vulnerable to multiple race condition and
symbolic link flaws. A local attacker could use these flaws to potentially
escalate their privileges on the system. (CVE-2015-3315)

It was discovered that the kernel-invoked coredump processor provided by
ABRT wrote core dumps to files owned by other system users. This could
result in information disclosure if an application crashed while its
current directory was a directory writable to by other users (such as
/tmp). (CVE-2015-3142)

It was discovered that the default event handling scripts installed by ABRT
did not handle symbolic links correctly. A local attacker with write access
to an ABRT problem directory could use this flaw to escalate their
privileges. (CVE-2015-1869)

It was found that the ABRT event scripts created a user-readable copy of an
sosreport file in ABRT problem directories, and included excerpts of
/var/log/messages selected by the user-controlled process name, leading to
an information disclosure. (CVE-2015-1870)

It was discovered that, when moving problem reports between certain
directories, abrt-handle-upload did not verify that the new problem
directory had appropriate permissions and did not contain symbolic links.
An attacker able to create a crafted problem report could use this flaw to
expose other parts of ABRT, or to overwrite arbitrary files on the system.
(CVE-2015-3147)

It was discovered that the abrt-action-install-debuginfo-to-abrt-cache
helper program did not properly filter the process environment before
invoking abrt-action-install-debuginfo. A local attacker could use this
flaw to escalate their privileges on the system. (CVE-2015-3159)

The CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and
CVE-2015-3159 issues were discovered by Florian Weimer of Red Hat
Product Security.

All users of abrt are advised to upgrade to these updated packages, which
correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1211835 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt
1212818 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others
1212861 - CVE-2015-1869 abrt: default event scripts follow symbolic links
1212868 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure
1212953 - CVE-2015-3147 abrt: does not validate contents of uploaded problem reports
1216962 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
abrt-2.0.8-26.el6_6.1.src.rpm
libreport-2.0.9-21.el6_6.1.src.rpm

i386:
abrt-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-python-2.0.8-26.el6_6.1.i686.rpm
abrt-cli-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-desktop-2.0.8-26.el6_6.1.i686.rpm
abrt-gui-2.0.8-26.el6_6.1.i686.rpm
abrt-libs-2.0.8-26.el6_6.1.i686.rpm
abrt-tui-2.0.8-26.el6_6.1.i686.rpm
libreport-2.0.9-21.el6_6.1.i686.rpm
libreport-cli-2.0.9-21.el6_6.1.i686.rpm
libreport-compat-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-2.0.9-21.el6_6.1.i686.rpm
libreport-newt-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.i686.rpm
libreport-python-2.0.9-21.el6_6.1.i686.rpm

x86_64:
abrt-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-python-2.0.8-26.el6_6.1.x86_64.rpm
abrt-cli-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-desktop-2.0.8-26.el6_6.1.x86_64.rpm
abrt-gui-2.0.8-26.el6_6.1.x86_64.rpm
abrt-libs-2.0.8-26.el6_6.1.i686.rpm
abrt-libs-2.0.8-26.el6_6.1.x86_64.rpm
abrt-tui-2.0.8-26.el6_6.1.x86_64.rpm
libreport-2.0.9-21.el6_6.1.i686.rpm
libreport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-cli-2.0.9-21.el6_6.1.x86_64.rpm
libreport-compat-2.0.9-21.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-2.0.9-21.el6_6.1.x86_64.rpm
libreport-newt-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-python-2.0.9-21.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
abrt-addon-vmcore-2.0.8-26.el6_6.1.i686.rpm
abrt-console-notification-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-devel-2.0.8-26.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-filesystem-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.i686.rpm

noarch:
abrt-python-2.0.8-26.el6_6.1.noarch.rpm

x86_64:
abrt-addon-vmcore-2.0.8-26.el6_6.1.x86_64.rpm
abrt-console-notification-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-devel-2.0.8-26.el6_6.1.i686.rpm
abrt-devel-2.0.8-26.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-filesystem-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
abrt-2.0.8-26.el6_6.1.src.rpm
libreport-2.0.9-21.el6_6.1.src.rpm

x86_64:
abrt-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-python-2.0.8-26.el6_6.1.x86_64.rpm
abrt-cli-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-libs-2.0.8-26.el6_6.1.i686.rpm
abrt-libs-2.0.8-26.el6_6.1.x86_64.rpm
abrt-tui-2.0.8-26.el6_6.1.x86_64.rpm
libreport-2.0.9-21.el6_6.1.i686.rpm
libreport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-cli-2.0.9-21.el6_6.1.x86_64.rpm
libreport-compat-2.0.9-21.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-python-2.0.9-21.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
abrt-python-2.0.8-26.el6_6.1.noarch.rpm

x86_64:
abrt-addon-vmcore-2.0.8-26.el6_6.1.x86_64.rpm
abrt-console-notification-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-desktop-2.0.8-26.el6_6.1.x86_64.rpm
abrt-devel-2.0.8-26.el6_6.1.i686.rpm
abrt-devel-2.0.8-26.el6_6.1.x86_64.rpm
abrt-gui-2.0.8-26.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-filesystem-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-newt-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
abrt-2.0.8-26.el6_6.1.src.rpm
libreport-2.0.9-21.el6_6.1.src.rpm

i386:
abrt-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-python-2.0.8-26.el6_6.1.i686.rpm
abrt-cli-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-desktop-2.0.8-26.el6_6.1.i686.rpm
abrt-gui-2.0.8-26.el6_6.1.i686.rpm
abrt-libs-2.0.8-26.el6_6.1.i686.rpm
abrt-tui-2.0.8-26.el6_6.1.i686.rpm
libreport-2.0.9-21.el6_6.1.i686.rpm
libreport-cli-2.0.9-21.el6_6.1.i686.rpm
libreport-compat-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-2.0.9-21.el6_6.1.i686.rpm
libreport-newt-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.i686.rpm
libreport-python-2.0.9-21.el6_6.1.i686.rpm

ppc64:
abrt-2.0.8-26.el6_6.1.ppc64.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.ppc64.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.ppc64.rpm
abrt-addon-python-2.0.8-26.el6_6.1.ppc64.rpm
abrt-cli-2.0.8-26.el6_6.1.ppc64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.ppc.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.ppc64.rpm
abrt-desktop-2.0.8-26.el6_6.1.ppc64.rpm
abrt-gui-2.0.8-26.el6_6.1.ppc64.rpm
abrt-libs-2.0.8-26.el6_6.1.ppc.rpm
abrt-libs-2.0.8-26.el6_6.1.ppc64.rpm
abrt-tui-2.0.8-26.el6_6.1.ppc64.rpm
libreport-2.0.9-21.el6_6.1.ppc.rpm
libreport-2.0.9-21.el6_6.1.ppc64.rpm
libreport-cli-2.0.9-21.el6_6.1.ppc64.rpm
libreport-compat-2.0.9-21.el6_6.1.ppc64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.ppc.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.ppc64.rpm
libreport-gtk-2.0.9-21.el6_6.1.ppc.rpm
libreport-gtk-2.0.9-21.el6_6.1.ppc64.rpm
libreport-newt-2.0.9-21.el6_6.1.ppc64.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.ppc64.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.ppc64.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.ppc64.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.ppc64.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.ppc64.rpm
libreport-python-2.0.9-21.el6_6.1.ppc64.rpm

s390x:
abrt-2.0.8-26.el6_6.1.s390x.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.s390x.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.s390x.rpm
abrt-addon-python-2.0.8-26.el6_6.1.s390x.rpm
abrt-cli-2.0.8-26.el6_6.1.s390x.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.s390.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.s390x.rpm
abrt-desktop-2.0.8-26.el6_6.1.s390x.rpm
abrt-gui-2.0.8-26.el6_6.1.s390x.rpm
abrt-libs-2.0.8-26.el6_6.1.s390.rpm
abrt-libs-2.0.8-26.el6_6.1.s390x.rpm
abrt-tui-2.0.8-26.el6_6.1.s390x.rpm
libreport-2.0.9-21.el6_6.1.s390.rpm
libreport-2.0.9-21.el6_6.1.s390x.rpm
libreport-cli-2.0.9-21.el6_6.1.s390x.rpm
libreport-compat-2.0.9-21.el6_6.1.s390x.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.s390.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.s390x.rpm
libreport-gtk-2.0.9-21.el6_6.1.s390.rpm
libreport-gtk-2.0.9-21.el6_6.1.s390x.rpm
libreport-newt-2.0.9-21.el6_6.1.s390x.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.s390x.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.s390x.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.s390x.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.s390x.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.s390x.rpm
libreport-python-2.0.9-21.el6_6.1.s390x.rpm

x86_64:
abrt-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-python-2.0.8-26.el6_6.1.x86_64.rpm
abrt-cli-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-desktop-2.0.8-26.el6_6.1.x86_64.rpm
abrt-gui-2.0.8-26.el6_6.1.x86_64.rpm
abrt-libs-2.0.8-26.el6_6.1.i686.rpm
abrt-libs-2.0.8-26.el6_6.1.x86_64.rpm
abrt-tui-2.0.8-26.el6_6.1.x86_64.rpm
libreport-2.0.9-21.el6_6.1.i686.rpm
libreport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-cli-2.0.9-21.el6_6.1.x86_64.rpm
libreport-compat-2.0.9-21.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-2.0.9-21.el6_6.1.x86_64.rpm
libreport-newt-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-python-2.0.9-21.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
abrt-addon-vmcore-2.0.8-26.el6_6.1.i686.rpm
abrt-console-notification-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-devel-2.0.8-26.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-filesystem-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.i686.rpm

noarch:
abrt-python-2.0.8-26.el6_6.1.noarch.rpm

ppc64:
abrt-addon-vmcore-2.0.8-26.el6_6.1.ppc64.rpm
abrt-console-notification-2.0.8-26.el6_6.1.ppc64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.ppc.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.ppc64.rpm
abrt-devel-2.0.8-26.el6_6.1.ppc.rpm
abrt-devel-2.0.8-26.el6_6.1.ppc64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.ppc.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.ppc64.rpm
libreport-devel-2.0.9-21.el6_6.1.ppc.rpm
libreport-devel-2.0.9-21.el6_6.1.ppc64.rpm
libreport-filesystem-2.0.9-21.el6_6.1.ppc64.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.ppc.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.ppc64.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.ppc64.rpm

s390x:
abrt-addon-vmcore-2.0.8-26.el6_6.1.s390x.rpm
abrt-console-notification-2.0.8-26.el6_6.1.s390x.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.s390.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.s390x.rpm
abrt-devel-2.0.8-26.el6_6.1.s390.rpm
abrt-devel-2.0.8-26.el6_6.1.s390x.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.s390.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.s390x.rpm
libreport-devel-2.0.9-21.el6_6.1.s390.rpm
libreport-devel-2.0.9-21.el6_6.1.s390x.rpm
libreport-filesystem-2.0.9-21.el6_6.1.s390x.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.s390.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.s390x.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.s390x.rpm

x86_64:
abrt-addon-vmcore-2.0.8-26.el6_6.1.x86_64.rpm
abrt-console-notification-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-devel-2.0.8-26.el6_6.1.i686.rpm
abrt-devel-2.0.8-26.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-filesystem-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
abrt-2.0.8-26.el6_6.1.src.rpm
libreport-2.0.9-21.el6_6.1.src.rpm

i386:
abrt-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.i686.rpm
abrt-addon-python-2.0.8-26.el6_6.1.i686.rpm
abrt-cli-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-desktop-2.0.8-26.el6_6.1.i686.rpm
abrt-gui-2.0.8-26.el6_6.1.i686.rpm
abrt-libs-2.0.8-26.el6_6.1.i686.rpm
abrt-tui-2.0.8-26.el6_6.1.i686.rpm
libreport-2.0.9-21.el6_6.1.i686.rpm
libreport-cli-2.0.9-21.el6_6.1.i686.rpm
libreport-compat-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-2.0.9-21.el6_6.1.i686.rpm
libreport-newt-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.i686.rpm
libreport-python-2.0.9-21.el6_6.1.i686.rpm

x86_64:
abrt-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-ccpp-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-kerneloops-2.0.8-26.el6_6.1.x86_64.rpm
abrt-addon-python-2.0.8-26.el6_6.1.x86_64.rpm
abrt-cli-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-desktop-2.0.8-26.el6_6.1.x86_64.rpm
abrt-gui-2.0.8-26.el6_6.1.x86_64.rpm
abrt-libs-2.0.8-26.el6_6.1.i686.rpm
abrt-libs-2.0.8-26.el6_6.1.x86_64.rpm
abrt-tui-2.0.8-26.el6_6.1.x86_64.rpm
libreport-2.0.9-21.el6_6.1.i686.rpm
libreport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-cli-2.0.9-21.el6_6.1.x86_64.rpm
libreport-compat-2.0.9-21.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-2.0.9-21.el6_6.1.x86_64.rpm
libreport-newt-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-kerneloops-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-logger-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-mailx-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-reportuploader-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-rhtsupport-2.0.9-21.el6_6.1.x86_64.rpm
libreport-python-2.0.9-21.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
abrt-addon-vmcore-2.0.8-26.el6_6.1.i686.rpm
abrt-console-notification-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-devel-2.0.8-26.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-filesystem-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.i686.rpm

noarch:
abrt-python-2.0.8-26.el6_6.1.noarch.rpm

x86_64:
abrt-addon-vmcore-2.0.8-26.el6_6.1.x86_64.rpm
abrt-console-notification-2.0.8-26.el6_6.1.x86_64.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.i686.rpm
abrt-debuginfo-2.0.8-26.el6_6.1.x86_64.rpm
abrt-devel-2.0.8-26.el6_6.1.i686.rpm
abrt-devel-2.0.8-26.el6_6.1.x86_64.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.i686.rpm
libreport-debuginfo-2.0.9-21.el6_6.1.x86_64.rpm
libreport-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-filesystem-2.0.9-21.el6_6.1.x86_64.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.i686.rpm
libreport-gtk-devel-2.0.9-21.el6_6.1.x86_64.rpm
libreport-plugin-bugzilla-2.0.9-21.el6_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1869
https://access.redhat.com/security/cve/CVE-2015-1870
https://access.redhat.com/security/cve/CVE-2015-3142
https://access.redhat.com/security/cve/CVE-2015-3147
https://access.redhat.com/security/cve/CVE-2015-3159
https://access.redhat.com/security/cve/CVE-2015-3315
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVm5FIXlSAg2UNWIIRApV3AJ4j8PI/d/hQbM747E6y6H+0c2atKACfaXhp
OdekPQzDutbWfRogOU3zJgc=
=8jbu
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Jul  7 13:18:12 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 7 Jul 2015 13:18:12 +0000
Subject: [RHSA-2015:1211-01] Important: kernel security and bug fix update
Message-ID: <201507071318.t67DIDqR000696@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2015:1211-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1211.html
Issue date:        2015-07-07
CVE Names:         CVE-2015-1805 
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue and two bugs are now
available for Red Hat Enterprise Linux 6.4 Advanced Update Support.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - i386, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's implementation of vectored pipe read
and write functionality did not take into account the I/O vectors that were
already processed when retrying after a failed atomic access operation,
potentially resulting in memory corruption due to an I/O vector array
overrun. A local, unprivileged user could use this flaw to crash the system
or, potentially, escalate their privileges on the system. (CVE-2015-1805,
Important)

The security impact of this issue was discovered by Red Hat.

This update also fixes the following bugs:

* The backlog data could previously not be consumed when the
audit_log_start() function was running even if audit_log_start() called the
wait_for_auditd() function to consume it. As only auditd could consume the
backlog data, audit_log_start() terminated unexpectedly. Consequently, the
system became unresponsive until the backlog timeout was up. With this
update, audit_log_start() no longer terminates and the system shuts down
and reboots gracefully in a timely manner. (BZ#1140489)

* Direct I/O writes extending a parallel file could previously race to
update the size of the file. If the writes executed in the out-of-order
manner, the file size could move backwards and push a previously completed
write beyond EOF, causing it to be lost. With this update, file size
updates are always executed in appropriate order, thus fixing this bug.
(BZ#1218497)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1202855 - CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
kernel-2.6.32-358.62.1.el6.src.rpm

i386:
kernel-2.6.32-358.62.1.el6.i686.rpm
kernel-debug-2.6.32-358.62.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-358.62.1.el6.i686.rpm
kernel-debug-devel-2.6.32-358.62.1.el6.i686.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.62.1.el6.i686.rpm
kernel-devel-2.6.32-358.62.1.el6.i686.rpm
kernel-headers-2.6.32-358.62.1.el6.i686.rpm
perf-2.6.32-358.62.1.el6.i686.rpm
perf-debuginfo-2.6.32-358.62.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-358.62.1.el6.noarch.rpm
kernel-firmware-2.6.32-358.62.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-358.62.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-358.62.1.el6.ppc64.rpm
kernel-debug-2.6.32-358.62.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-358.62.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-358.62.1.el6.ppc64.rpm
kernel-devel-2.6.32-358.62.1.el6.ppc64.rpm
kernel-headers-2.6.32-358.62.1.el6.ppc64.rpm
perf-2.6.32-358.62.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-358.62.1.el6.s390x.rpm
kernel-debug-2.6.32-358.62.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-358.62.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-358.62.1.el6.s390x.rpm
kernel-devel-2.6.32-358.62.1.el6.s390x.rpm
kernel-headers-2.6.32-358.62.1.el6.s390x.rpm
kernel-kdump-2.6.32-358.62.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-358.62.1.el6.s390x.rpm
perf-2.6.32-358.62.1.el6.s390x.rpm
perf-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-358.62.1.el6.x86_64.rpm
kernel-debug-2.6.32-358.62.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.62.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.62.1.el6.x86_64.rpm
kernel-devel-2.6.32-358.62.1.el6.x86_64.rpm
kernel-headers-2.6.32-358.62.1.el6.x86_64.rpm
perf-2.6.32-358.62.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

Source:
kernel-2.6.32-358.62.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-358.62.1.el6.i686.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.62.1.el6.i686.rpm
perf-debuginfo-2.6.32-358.62.1.el6.i686.rpm
python-perf-2.6.32-358.62.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-358.62.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm
python-perf-2.6.32-358.62.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-358.62.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
perf-debuginfo-2.6.32-358.62.1.el6.s390x.rpm
python-perf-2.6.32-358.62.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.62.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm
python-perf-2.6.32-358.62.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1805
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVm9F9XlSAg2UNWIIRAnwfAJ4pKPJC06hcf+X184arYVjZETcTGQCbBxDu
tYHA8vKmgoddFkWju5zOINQ=
=2YFm
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul  8 20:49:10 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 8 Jul 2015 16:49:10 -0400
Subject: [RHSA-2015:1214-01] Critical: flash-plugin security update
Message-ID: <201507082049.t68KnApc009685@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: flash-plugin security update
Advisory ID:       RHSA-2015:1214-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1214.html
Issue date:        2015-07-08
CVE Names:         CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 
                   CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 
                   CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 
                   CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 
                   CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 
                   CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 
                   CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 
                   CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 
                   CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 
                   CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 
                   CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 
                   CVE-2015-5118 CVE-2015-5119 
=====================================================================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16
listed in the References section.

Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120,
CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3126,
CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131,
CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136,
CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431,
CVE-2015-4432, CVE-2015-4433, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119)

Multiple security bypass flaws were found in flash-plugin that could lead
to the disclosure of sensitive information. (CVE-2014-0578, CVE-2015-3114,
CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.481.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1240832 - CVE-2015-5119 flash-plugin: code execution issue in APSA15-03 / APSB15-16
1241171 - flash-plugin: multiple code execution issues fixed in APSB15-16
1241173 - flash-plugin: information disclosure issues fixed in APSB15-16

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
flash-plugin-11.2.202.481-1.el5.i386.rpm

x86_64:
flash-plugin-11.2.202.481-1.el5.i386.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
flash-plugin-11.2.202.481-1.el5.i386.rpm

x86_64:
flash-plugin-11.2.202.481-1.el5.i386.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
flash-plugin-11.2.202.481-1.el6_6.i686.rpm

x86_64:
flash-plugin-11.2.202.481-1.el6_6.i686.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
flash-plugin-11.2.202.481-1.el6_6.i686.rpm

x86_64:
flash-plugin-11.2.202.481-1.el6_6.i686.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
flash-plugin-11.2.202.481-1.el6_6.i686.rpm

x86_64:
flash-plugin-11.2.202.481-1.el6_6.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-0578
https://access.redhat.com/security/cve/CVE-2015-3114
https://access.redhat.com/security/cve/CVE-2015-3115
https://access.redhat.com/security/cve/CVE-2015-3116
https://access.redhat.com/security/cve/CVE-2015-3117
https://access.redhat.com/security/cve/CVE-2015-3118
https://access.redhat.com/security/cve/CVE-2015-3119
https://access.redhat.com/security/cve/CVE-2015-3120
https://access.redhat.com/security/cve/CVE-2015-3121
https://access.redhat.com/security/cve/CVE-2015-3122
https://access.redhat.com/security/cve/CVE-2015-3123
https://access.redhat.com/security/cve/CVE-2015-3124
https://access.redhat.com/security/cve/CVE-2015-3125
https://access.redhat.com/security/cve/CVE-2015-3126
https://access.redhat.com/security/cve/CVE-2015-3127
https://access.redhat.com/security/cve/CVE-2015-3128
https://access.redhat.com/security/cve/CVE-2015-3129
https://access.redhat.com/security/cve/CVE-2015-3130
https://access.redhat.com/security/cve/CVE-2015-3131
https://access.redhat.com/security/cve/CVE-2015-3132
https://access.redhat.com/security/cve/CVE-2015-3133
https://access.redhat.com/security/cve/CVE-2015-3134
https://access.redhat.com/security/cve/CVE-2015-3135
https://access.redhat.com/security/cve/CVE-2015-3136
https://access.redhat.com/security/cve/CVE-2015-3137
https://access.redhat.com/security/cve/CVE-2015-4428
https://access.redhat.com/security/cve/CVE-2015-4429
https://access.redhat.com/security/cve/CVE-2015-4430
https://access.redhat.com/security/cve/CVE-2015-4431
https://access.redhat.com/security/cve/CVE-2015-4432
https://access.redhat.com/security/cve/CVE-2015-4433
https://access.redhat.com/security/cve/CVE-2015-5116
https://access.redhat.com/security/cve/CVE-2015-5117
https://access.redhat.com/security/cve/CVE-2015-5118
https://access.redhat.com/security/cve/CVE-2015-5119
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVnYzEXlSAg2UNWIIRAiYOAJ4hyudjAqMbqOcLAA47WlvgoVG25gCdF1BZ
bxdi7YGr3vmk1ppaEImDJNg=
=KEcy
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Thu Jul  9 18:56:12 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 9 Jul 2015 14:56:12 -0400
Subject: [RHSA-2015:1218-01] Moderate: php security update
Message-ID: <201507091856.t69IuCKO026329@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: php security update
Advisory ID:       RHSA-2015:1218-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1218.html
Issue date:        2015-07-09
CVE Names:         CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 
                   CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 
                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 
                   CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 
                   CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 
                   CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 
                   CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 
                   CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 
=====================================================================

1. Summary:

Updated php packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,
CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,
CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in
the PHP ZTS module. This flaw could possibly cause a PHP application to
crash. (CVE-2014-9425)

All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy()
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

6. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
php-5.3.3-46.el6_6.src.rpm

i386:
php-5.3.3-46.el6_6.i686.rpm
php-bcmath-5.3.3-46.el6_6.i686.rpm
php-cli-5.3.3-46.el6_6.i686.rpm
php-common-5.3.3-46.el6_6.i686.rpm
php-dba-5.3.3-46.el6_6.i686.rpm
php-debuginfo-5.3.3-46.el6_6.i686.rpm
php-devel-5.3.3-46.el6_6.i686.rpm
php-embedded-5.3.3-46.el6_6.i686.rpm
php-enchant-5.3.3-46.el6_6.i686.rpm
php-fpm-5.3.3-46.el6_6.i686.rpm
php-gd-5.3.3-46.el6_6.i686.rpm
php-imap-5.3.3-46.el6_6.i686.rpm
php-intl-5.3.3-46.el6_6.i686.rpm
php-ldap-5.3.3-46.el6_6.i686.rpm
php-mbstring-5.3.3-46.el6_6.i686.rpm
php-mysql-5.3.3-46.el6_6.i686.rpm
php-odbc-5.3.3-46.el6_6.i686.rpm
php-pdo-5.3.3-46.el6_6.i686.rpm
php-pgsql-5.3.3-46.el6_6.i686.rpm
php-process-5.3.3-46.el6_6.i686.rpm
php-pspell-5.3.3-46.el6_6.i686.rpm
php-recode-5.3.3-46.el6_6.i686.rpm
php-snmp-5.3.3-46.el6_6.i686.rpm
php-soap-5.3.3-46.el6_6.i686.rpm
php-tidy-5.3.3-46.el6_6.i686.rpm
php-xml-5.3.3-46.el6_6.i686.rpm
php-xmlrpc-5.3.3-46.el6_6.i686.rpm
php-zts-5.3.3-46.el6_6.i686.rpm

x86_64:
php-5.3.3-46.el6_6.x86_64.rpm
php-bcmath-5.3.3-46.el6_6.x86_64.rpm
php-cli-5.3.3-46.el6_6.x86_64.rpm
php-common-5.3.3-46.el6_6.x86_64.rpm
php-dba-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
php-devel-5.3.3-46.el6_6.x86_64.rpm
php-embedded-5.3.3-46.el6_6.x86_64.rpm
php-enchant-5.3.3-46.el6_6.x86_64.rpm
php-fpm-5.3.3-46.el6_6.x86_64.rpm
php-gd-5.3.3-46.el6_6.x86_64.rpm
php-imap-5.3.3-46.el6_6.x86_64.rpm
php-intl-5.3.3-46.el6_6.x86_64.rpm
php-ldap-5.3.3-46.el6_6.x86_64.rpm
php-mbstring-5.3.3-46.el6_6.x86_64.rpm
php-mysql-5.3.3-46.el6_6.x86_64.rpm
php-odbc-5.3.3-46.el6_6.x86_64.rpm
php-pdo-5.3.3-46.el6_6.x86_64.rpm
php-pgsql-5.3.3-46.el6_6.x86_64.rpm
php-process-5.3.3-46.el6_6.x86_64.rpm
php-pspell-5.3.3-46.el6_6.x86_64.rpm
php-recode-5.3.3-46.el6_6.x86_64.rpm
php-snmp-5.3.3-46.el6_6.x86_64.rpm
php-soap-5.3.3-46.el6_6.x86_64.rpm
php-tidy-5.3.3-46.el6_6.x86_64.rpm
php-xml-5.3.3-46.el6_6.x86_64.rpm
php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm
php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
php-5.3.3-46.el6_6.src.rpm

x86_64:
php-cli-5.3.3-46.el6_6.x86_64.rpm
php-common-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
php-5.3.3-46.el6_6.x86_64.rpm
php-bcmath-5.3.3-46.el6_6.x86_64.rpm
php-dba-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
php-devel-5.3.3-46.el6_6.x86_64.rpm
php-embedded-5.3.3-46.el6_6.x86_64.rpm
php-enchant-5.3.3-46.el6_6.x86_64.rpm
php-fpm-5.3.3-46.el6_6.x86_64.rpm
php-gd-5.3.3-46.el6_6.x86_64.rpm
php-imap-5.3.3-46.el6_6.x86_64.rpm
php-intl-5.3.3-46.el6_6.x86_64.rpm
php-ldap-5.3.3-46.el6_6.x86_64.rpm
php-mbstring-5.3.3-46.el6_6.x86_64.rpm
php-mysql-5.3.3-46.el6_6.x86_64.rpm
php-odbc-5.3.3-46.el6_6.x86_64.rpm
php-pdo-5.3.3-46.el6_6.x86_64.rpm
php-pgsql-5.3.3-46.el6_6.x86_64.rpm
php-process-5.3.3-46.el6_6.x86_64.rpm
php-pspell-5.3.3-46.el6_6.x86_64.rpm
php-recode-5.3.3-46.el6_6.x86_64.rpm
php-snmp-5.3.3-46.el6_6.x86_64.rpm
php-soap-5.3.3-46.el6_6.x86_64.rpm
php-tidy-5.3.3-46.el6_6.x86_64.rpm
php-xml-5.3.3-46.el6_6.x86_64.rpm
php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm
php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
php-5.3.3-46.el6_6.src.rpm

i386:
php-5.3.3-46.el6_6.i686.rpm
php-cli-5.3.3-46.el6_6.i686.rpm
php-common-5.3.3-46.el6_6.i686.rpm
php-debuginfo-5.3.3-46.el6_6.i686.rpm
php-gd-5.3.3-46.el6_6.i686.rpm
php-ldap-5.3.3-46.el6_6.i686.rpm
php-mysql-5.3.3-46.el6_6.i686.rpm
php-odbc-5.3.3-46.el6_6.i686.rpm
php-pdo-5.3.3-46.el6_6.i686.rpm
php-pgsql-5.3.3-46.el6_6.i686.rpm
php-soap-5.3.3-46.el6_6.i686.rpm
php-xml-5.3.3-46.el6_6.i686.rpm
php-xmlrpc-5.3.3-46.el6_6.i686.rpm

ppc64:
php-5.3.3-46.el6_6.ppc64.rpm
php-cli-5.3.3-46.el6_6.ppc64.rpm
php-common-5.3.3-46.el6_6.ppc64.rpm
php-debuginfo-5.3.3-46.el6_6.ppc64.rpm
php-gd-5.3.3-46.el6_6.ppc64.rpm
php-ldap-5.3.3-46.el6_6.ppc64.rpm
php-mysql-5.3.3-46.el6_6.ppc64.rpm
php-odbc-5.3.3-46.el6_6.ppc64.rpm
php-pdo-5.3.3-46.el6_6.ppc64.rpm
php-pgsql-5.3.3-46.el6_6.ppc64.rpm
php-soap-5.3.3-46.el6_6.ppc64.rpm
php-xml-5.3.3-46.el6_6.ppc64.rpm
php-xmlrpc-5.3.3-46.el6_6.ppc64.rpm

s390x:
php-5.3.3-46.el6_6.s390x.rpm
php-cli-5.3.3-46.el6_6.s390x.rpm
php-common-5.3.3-46.el6_6.s390x.rpm
php-debuginfo-5.3.3-46.el6_6.s390x.rpm
php-gd-5.3.3-46.el6_6.s390x.rpm
php-ldap-5.3.3-46.el6_6.s390x.rpm
php-mysql-5.3.3-46.el6_6.s390x.rpm
php-odbc-5.3.3-46.el6_6.s390x.rpm
php-pdo-5.3.3-46.el6_6.s390x.rpm
php-pgsql-5.3.3-46.el6_6.s390x.rpm
php-soap-5.3.3-46.el6_6.s390x.rpm
php-xml-5.3.3-46.el6_6.s390x.rpm
php-xmlrpc-5.3.3-46.el6_6.s390x.rpm

x86_64:
php-5.3.3-46.el6_6.x86_64.rpm
php-cli-5.3.3-46.el6_6.x86_64.rpm
php-common-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
php-gd-5.3.3-46.el6_6.x86_64.rpm
php-ldap-5.3.3-46.el6_6.x86_64.rpm
php-mysql-5.3.3-46.el6_6.x86_64.rpm
php-odbc-5.3.3-46.el6_6.x86_64.rpm
php-pdo-5.3.3-46.el6_6.x86_64.rpm
php-pgsql-5.3.3-46.el6_6.x86_64.rpm
php-soap-5.3.3-46.el6_6.x86_64.rpm
php-xml-5.3.3-46.el6_6.x86_64.rpm
php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
php-bcmath-5.3.3-46.el6_6.i686.rpm
php-dba-5.3.3-46.el6_6.i686.rpm
php-debuginfo-5.3.3-46.el6_6.i686.rpm
php-devel-5.3.3-46.el6_6.i686.rpm
php-embedded-5.3.3-46.el6_6.i686.rpm
php-enchant-5.3.3-46.el6_6.i686.rpm
php-fpm-5.3.3-46.el6_6.i686.rpm
php-imap-5.3.3-46.el6_6.i686.rpm
php-intl-5.3.3-46.el6_6.i686.rpm
php-mbstring-5.3.3-46.el6_6.i686.rpm
php-process-5.3.3-46.el6_6.i686.rpm
php-pspell-5.3.3-46.el6_6.i686.rpm
php-recode-5.3.3-46.el6_6.i686.rpm
php-snmp-5.3.3-46.el6_6.i686.rpm
php-tidy-5.3.3-46.el6_6.i686.rpm
php-zts-5.3.3-46.el6_6.i686.rpm

ppc64:
php-bcmath-5.3.3-46.el6_6.ppc64.rpm
php-dba-5.3.3-46.el6_6.ppc64.rpm
php-debuginfo-5.3.3-46.el6_6.ppc64.rpm
php-devel-5.3.3-46.el6_6.ppc64.rpm
php-embedded-5.3.3-46.el6_6.ppc64.rpm
php-enchant-5.3.3-46.el6_6.ppc64.rpm
php-fpm-5.3.3-46.el6_6.ppc64.rpm
php-imap-5.3.3-46.el6_6.ppc64.rpm
php-intl-5.3.3-46.el6_6.ppc64.rpm
php-mbstring-5.3.3-46.el6_6.ppc64.rpm
php-process-5.3.3-46.el6_6.ppc64.rpm
php-pspell-5.3.3-46.el6_6.ppc64.rpm
php-recode-5.3.3-46.el6_6.ppc64.rpm
php-snmp-5.3.3-46.el6_6.ppc64.rpm
php-tidy-5.3.3-46.el6_6.ppc64.rpm
php-zts-5.3.3-46.el6_6.ppc64.rpm

s390x:
php-bcmath-5.3.3-46.el6_6.s390x.rpm
php-dba-5.3.3-46.el6_6.s390x.rpm
php-debuginfo-5.3.3-46.el6_6.s390x.rpm
php-devel-5.3.3-46.el6_6.s390x.rpm
php-embedded-5.3.3-46.el6_6.s390x.rpm
php-enchant-5.3.3-46.el6_6.s390x.rpm
php-fpm-5.3.3-46.el6_6.s390x.rpm
php-imap-5.3.3-46.el6_6.s390x.rpm
php-intl-5.3.3-46.el6_6.s390x.rpm
php-mbstring-5.3.3-46.el6_6.s390x.rpm
php-process-5.3.3-46.el6_6.s390x.rpm
php-pspell-5.3.3-46.el6_6.s390x.rpm
php-recode-5.3.3-46.el6_6.s390x.rpm
php-snmp-5.3.3-46.el6_6.s390x.rpm
php-tidy-5.3.3-46.el6_6.s390x.rpm
php-zts-5.3.3-46.el6_6.s390x.rpm

x86_64:
php-bcmath-5.3.3-46.el6_6.x86_64.rpm
php-dba-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
php-devel-5.3.3-46.el6_6.x86_64.rpm
php-embedded-5.3.3-46.el6_6.x86_64.rpm
php-enchant-5.3.3-46.el6_6.x86_64.rpm
php-fpm-5.3.3-46.el6_6.x86_64.rpm
php-imap-5.3.3-46.el6_6.x86_64.rpm
php-intl-5.3.3-46.el6_6.x86_64.rpm
php-mbstring-5.3.3-46.el6_6.x86_64.rpm
php-process-5.3.3-46.el6_6.x86_64.rpm
php-pspell-5.3.3-46.el6_6.x86_64.rpm
php-recode-5.3.3-46.el6_6.x86_64.rpm
php-snmp-5.3.3-46.el6_6.x86_64.rpm
php-tidy-5.3.3-46.el6_6.x86_64.rpm
php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
php-5.3.3-46.el6_6.src.rpm

i386:
php-5.3.3-46.el6_6.i686.rpm
php-cli-5.3.3-46.el6_6.i686.rpm
php-common-5.3.3-46.el6_6.i686.rpm
php-debuginfo-5.3.3-46.el6_6.i686.rpm
php-gd-5.3.3-46.el6_6.i686.rpm
php-ldap-5.3.3-46.el6_6.i686.rpm
php-mysql-5.3.3-46.el6_6.i686.rpm
php-odbc-5.3.3-46.el6_6.i686.rpm
php-pdo-5.3.3-46.el6_6.i686.rpm
php-pgsql-5.3.3-46.el6_6.i686.rpm
php-soap-5.3.3-46.el6_6.i686.rpm
php-xml-5.3.3-46.el6_6.i686.rpm
php-xmlrpc-5.3.3-46.el6_6.i686.rpm

x86_64:
php-5.3.3-46.el6_6.x86_64.rpm
php-cli-5.3.3-46.el6_6.x86_64.rpm
php-common-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
php-gd-5.3.3-46.el6_6.x86_64.rpm
php-ldap-5.3.3-46.el6_6.x86_64.rpm
php-mysql-5.3.3-46.el6_6.x86_64.rpm
php-odbc-5.3.3-46.el6_6.x86_64.rpm
php-pdo-5.3.3-46.el6_6.x86_64.rpm
php-pgsql-5.3.3-46.el6_6.x86_64.rpm
php-soap-5.3.3-46.el6_6.x86_64.rpm
php-xml-5.3.3-46.el6_6.x86_64.rpm
php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
php-bcmath-5.3.3-46.el6_6.i686.rpm
php-dba-5.3.3-46.el6_6.i686.rpm
php-debuginfo-5.3.3-46.el6_6.i686.rpm
php-devel-5.3.3-46.el6_6.i686.rpm
php-embedded-5.3.3-46.el6_6.i686.rpm
php-enchant-5.3.3-46.el6_6.i686.rpm
php-fpm-5.3.3-46.el6_6.i686.rpm
php-imap-5.3.3-46.el6_6.i686.rpm
php-intl-5.3.3-46.el6_6.i686.rpm
php-mbstring-5.3.3-46.el6_6.i686.rpm
php-process-5.3.3-46.el6_6.i686.rpm
php-pspell-5.3.3-46.el6_6.i686.rpm
php-recode-5.3.3-46.el6_6.i686.rpm
php-snmp-5.3.3-46.el6_6.i686.rpm
php-tidy-5.3.3-46.el6_6.i686.rpm
php-zts-5.3.3-46.el6_6.i686.rpm

x86_64:
php-bcmath-5.3.3-46.el6_6.x86_64.rpm
php-dba-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
php-devel-5.3.3-46.el6_6.x86_64.rpm
php-embedded-5.3.3-46.el6_6.x86_64.rpm
php-enchant-5.3.3-46.el6_6.x86_64.rpm
php-fpm-5.3.3-46.el6_6.x86_64.rpm
php-imap-5.3.3-46.el6_6.x86_64.rpm
php-intl-5.3.3-46.el6_6.x86_64.rpm
php-mbstring-5.3.3-46.el6_6.x86_64.rpm
php-process-5.3.3-46.el6_6.x86_64.rpm
php-pspell-5.3.3-46.el6_6.x86_64.rpm
php-recode-5.3.3-46.el6_6.x86_64.rpm
php-snmp-5.3.3-46.el6_6.x86_64.rpm
php-tidy-5.3.3-46.el6_6.x86_64.rpm
php-zts-5.3.3-46.el6_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-9425
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip
/jsvmaEr/ag17pZ7M9fXiz4=
=vWCv
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Thu Jul  9 18:56:31 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 9 Jul 2015 14:56:31 -0400
Subject: [RHSA-2015:1219-01] Moderate: php54-php security update
Message-ID: <201507091856.t69IuVuU030509@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: php54-php security update
Advisory ID:       RHSA-2015:1219-01
Product:           Red Hat Software Collections
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1219.html
Issue date:        2015-07-09
CVE Names:         CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 
                   CVE-2015-4025 CVE-2015-4026 CVE-2015-4598 
=====================================================================

1. Summary:

Updated php54-php packages that fix multiple security issues are now
available for Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)

An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)

It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)

An integer underflow flaw leading to out-of-bounds memory access was found
in the way PHP's Phar extension parsed Phar archives. A specially crafted
archive could cause PHP to crash or, possibly, execute arbitrary code when
opened. (CVE-2015-4021)

All php54-php users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, the httpd service must be restarted for the update
to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
php54-php-5.4.40-3.el6.src.rpm

x86_64:
php54-php-5.4.40-3.el6.x86_64.rpm
php54-php-bcmath-5.4.40-3.el6.x86_64.rpm
php54-php-cli-5.4.40-3.el6.x86_64.rpm
php54-php-common-5.4.40-3.el6.x86_64.rpm
php54-php-dba-5.4.40-3.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-3.el6.x86_64.rpm
php54-php-devel-5.4.40-3.el6.x86_64.rpm
php54-php-enchant-5.4.40-3.el6.x86_64.rpm
php54-php-fpm-5.4.40-3.el6.x86_64.rpm
php54-php-gd-5.4.40-3.el6.x86_64.rpm
php54-php-imap-5.4.40-3.el6.x86_64.rpm
php54-php-intl-5.4.40-3.el6.x86_64.rpm
php54-php-ldap-5.4.40-3.el6.x86_64.rpm
php54-php-mbstring-5.4.40-3.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-3.el6.x86_64.rpm
php54-php-odbc-5.4.40-3.el6.x86_64.rpm
php54-php-pdo-5.4.40-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-3.el6.x86_64.rpm
php54-php-process-5.4.40-3.el6.x86_64.rpm
php54-php-pspell-5.4.40-3.el6.x86_64.rpm
php54-php-recode-5.4.40-3.el6.x86_64.rpm
php54-php-snmp-5.4.40-3.el6.x86_64.rpm
php54-php-soap-5.4.40-3.el6.x86_64.rpm
php54-php-tidy-5.4.40-3.el6.x86_64.rpm
php54-php-xml-5.4.40-3.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source:
php54-php-5.4.40-3.el6.src.rpm

x86_64:
php54-php-5.4.40-3.el6.x86_64.rpm
php54-php-bcmath-5.4.40-3.el6.x86_64.rpm
php54-php-cli-5.4.40-3.el6.x86_64.rpm
php54-php-common-5.4.40-3.el6.x86_64.rpm
php54-php-dba-5.4.40-3.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-3.el6.x86_64.rpm
php54-php-devel-5.4.40-3.el6.x86_64.rpm
php54-php-enchant-5.4.40-3.el6.x86_64.rpm
php54-php-fpm-5.4.40-3.el6.x86_64.rpm
php54-php-gd-5.4.40-3.el6.x86_64.rpm
php54-php-imap-5.4.40-3.el6.x86_64.rpm
php54-php-intl-5.4.40-3.el6.x86_64.rpm
php54-php-ldap-5.4.40-3.el6.x86_64.rpm
php54-php-mbstring-5.4.40-3.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-3.el6.x86_64.rpm
php54-php-odbc-5.4.40-3.el6.x86_64.rpm
php54-php-pdo-5.4.40-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-3.el6.x86_64.rpm
php54-php-process-5.4.40-3.el6.x86_64.rpm
php54-php-pspell-5.4.40-3.el6.x86_64.rpm
php54-php-recode-5.4.40-3.el6.x86_64.rpm
php54-php-snmp-5.4.40-3.el6.x86_64.rpm
php54-php-soap-5.4.40-3.el6.x86_64.rpm
php54-php-tidy-5.4.40-3.el6.x86_64.rpm
php54-php-xml-5.4.40-3.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source:
php54-php-5.4.40-3.el6.src.rpm

x86_64:
php54-php-5.4.40-3.el6.x86_64.rpm
php54-php-bcmath-5.4.40-3.el6.x86_64.rpm
php54-php-cli-5.4.40-3.el6.x86_64.rpm
php54-php-common-5.4.40-3.el6.x86_64.rpm
php54-php-dba-5.4.40-3.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-3.el6.x86_64.rpm
php54-php-devel-5.4.40-3.el6.x86_64.rpm
php54-php-enchant-5.4.40-3.el6.x86_64.rpm
php54-php-fpm-5.4.40-3.el6.x86_64.rpm
php54-php-gd-5.4.40-3.el6.x86_64.rpm
php54-php-imap-5.4.40-3.el6.x86_64.rpm
php54-php-intl-5.4.40-3.el6.x86_64.rpm
php54-php-ldap-5.4.40-3.el6.x86_64.rpm
php54-php-mbstring-5.4.40-3.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-3.el6.x86_64.rpm
php54-php-odbc-5.4.40-3.el6.x86_64.rpm
php54-php-pdo-5.4.40-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-3.el6.x86_64.rpm
php54-php-process-5.4.40-3.el6.x86_64.rpm
php54-php-pspell-5.4.40-3.el6.x86_64.rpm
php54-php-recode-5.4.40-3.el6.x86_64.rpm
php54-php-snmp-5.4.40-3.el6.x86_64.rpm
php54-php-soap-5.4.40-3.el6.x86_64.rpm
php54-php-tidy-5.4.40-3.el6.x86_64.rpm
php54-php-xml-5.4.40-3.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
php54-php-5.4.40-3.el6.src.rpm

x86_64:
php54-php-5.4.40-3.el6.x86_64.rpm
php54-php-bcmath-5.4.40-3.el6.x86_64.rpm
php54-php-cli-5.4.40-3.el6.x86_64.rpm
php54-php-common-5.4.40-3.el6.x86_64.rpm
php54-php-dba-5.4.40-3.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-3.el6.x86_64.rpm
php54-php-devel-5.4.40-3.el6.x86_64.rpm
php54-php-enchant-5.4.40-3.el6.x86_64.rpm
php54-php-fpm-5.4.40-3.el6.x86_64.rpm
php54-php-gd-5.4.40-3.el6.x86_64.rpm
php54-php-imap-5.4.40-3.el6.x86_64.rpm
php54-php-intl-5.4.40-3.el6.x86_64.rpm
php54-php-ldap-5.4.40-3.el6.x86_64.rpm
php54-php-mbstring-5.4.40-3.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-3.el6.x86_64.rpm
php54-php-odbc-5.4.40-3.el6.x86_64.rpm
php54-php-pdo-5.4.40-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-3.el6.x86_64.rpm
php54-php-process-5.4.40-3.el6.x86_64.rpm
php54-php-pspell-5.4.40-3.el6.x86_64.rpm
php54-php-recode-5.4.40-3.el6.x86_64.rpm
php54-php-snmp-5.4.40-3.el6.x86_64.rpm
php54-php-soap-5.4.40-3.el6.x86_64.rpm
php54-php-tidy-5.4.40-3.el6.x86_64.rpm
php54-php-xml-5.4.40-3.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
php54-php-5.4.40-3.el7.src.rpm

x86_64:
php54-php-5.4.40-3.el7.x86_64.rpm
php54-php-bcmath-5.4.40-3.el7.x86_64.rpm
php54-php-cli-5.4.40-3.el7.x86_64.rpm
php54-php-common-5.4.40-3.el7.x86_64.rpm
php54-php-dba-5.4.40-3.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-3.el7.x86_64.rpm
php54-php-devel-5.4.40-3.el7.x86_64.rpm
php54-php-enchant-5.4.40-3.el7.x86_64.rpm
php54-php-fpm-5.4.40-3.el7.x86_64.rpm
php54-php-gd-5.4.40-3.el7.x86_64.rpm
php54-php-intl-5.4.40-3.el7.x86_64.rpm
php54-php-ldap-5.4.40-3.el7.x86_64.rpm
php54-php-mbstring-5.4.40-3.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-3.el7.x86_64.rpm
php54-php-odbc-5.4.40-3.el7.x86_64.rpm
php54-php-pdo-5.4.40-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-3.el7.x86_64.rpm
php54-php-process-5.4.40-3.el7.x86_64.rpm
php54-php-pspell-5.4.40-3.el7.x86_64.rpm
php54-php-recode-5.4.40-3.el7.x86_64.rpm
php54-php-snmp-5.4.40-3.el7.x86_64.rpm
php54-php-soap-5.4.40-3.el7.x86_64.rpm
php54-php-xml-5.4.40-3.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):

Source:
php54-php-5.4.40-3.el7.src.rpm

x86_64:
php54-php-5.4.40-3.el7.x86_64.rpm
php54-php-bcmath-5.4.40-3.el7.x86_64.rpm
php54-php-cli-5.4.40-3.el7.x86_64.rpm
php54-php-common-5.4.40-3.el7.x86_64.rpm
php54-php-dba-5.4.40-3.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-3.el7.x86_64.rpm
php54-php-devel-5.4.40-3.el7.x86_64.rpm
php54-php-enchant-5.4.40-3.el7.x86_64.rpm
php54-php-fpm-5.4.40-3.el7.x86_64.rpm
php54-php-gd-5.4.40-3.el7.x86_64.rpm
php54-php-intl-5.4.40-3.el7.x86_64.rpm
php54-php-ldap-5.4.40-3.el7.x86_64.rpm
php54-php-mbstring-5.4.40-3.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-3.el7.x86_64.rpm
php54-php-odbc-5.4.40-3.el7.x86_64.rpm
php54-php-pdo-5.4.40-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-3.el7.x86_64.rpm
php54-php-process-5.4.40-3.el7.x86_64.rpm
php54-php-pspell-5.4.40-3.el7.x86_64.rpm
php54-php-recode-5.4.40-3.el7.x86_64.rpm
php54-php-snmp-5.4.40-3.el7.x86_64.rpm
php54-php-soap-5.4.40-3.el7.x86_64.rpm
php54-php-xml-5.4.40-3.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
php54-php-5.4.40-3.el7.src.rpm

x86_64:
php54-php-5.4.40-3.el7.x86_64.rpm
php54-php-bcmath-5.4.40-3.el7.x86_64.rpm
php54-php-cli-5.4.40-3.el7.x86_64.rpm
php54-php-common-5.4.40-3.el7.x86_64.rpm
php54-php-dba-5.4.40-3.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-3.el7.x86_64.rpm
php54-php-devel-5.4.40-3.el7.x86_64.rpm
php54-php-enchant-5.4.40-3.el7.x86_64.rpm
php54-php-fpm-5.4.40-3.el7.x86_64.rpm
php54-php-gd-5.4.40-3.el7.x86_64.rpm
php54-php-intl-5.4.40-3.el7.x86_64.rpm
php54-php-ldap-5.4.40-3.el7.x86_64.rpm
php54-php-mbstring-5.4.40-3.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-3.el7.x86_64.rpm
php54-php-odbc-5.4.40-3.el7.x86_64.rpm
php54-php-pdo-5.4.40-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-3.el7.x86_64.rpm
php54-php-process-5.4.40-3.el7.x86_64.rpm
php54-php-pspell-5.4.40-3.el7.x86_64.rpm
php54-php-recode-5.4.40-3.el7.x86_64.rpm
php54-php-snmp-5.4.40-3.el7.x86_64.rpm
php54-php-soap-5.4.40-3.el7.x86_64.rpm
php54-php-xml-5.4.40-3.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD4DBQFVnsPdXlSAg2UNWIIRAtkpAKCaPlXtfx2zzrmV7YGE8hCfsq+/fQCXR38s
UDpPuMJPZV37OeNo5dh9Iw==
=6uSr
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue Jul 14 15:24:38 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 14 Jul 2015 15:24:38 +0000
Subject: [RHSA-2015:1221-01] Moderate: kernel security, bug fix,
	and enhancement update
Message-ID: <201507141524.t6EFOcDn026813@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1221-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1221.html
Issue date:        2015-07-14
CVE Names:         CVE-2011-5321 CVE-2015-1593 CVE-2015-2830 
                   CVE-2015-2922 CVE-2015-3636 
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues, several bugs,
and add one enhancement are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A NULL pointer dereference flaw was found in the way the Linux kernel's
virtual console implementation handled reference counting when accessing
pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker
could use this flaw to crash the system. (CVE-2011-5321, Moderate)

* It was found that the Linux kernel's ping socket implementation did not
properly handle socket unhashing during spurious disconnects, which could
lead to a use-after-free flaw. On x86-64 architecture systems, a local user
able to create ping sockets could use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping
sockets could use this flaw to escalate their privileges on the system.
(CVE-2015-3636, Moderate)

* An integer overflow flaw was found in the way the Linux kernel randomized
the stack for processes on certain 64-bit architecture systems, such as
x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593,
Low)

* A flaw was found in the way the Linux kernel's 32-bit emulation
implementation handled forking or closing of a task with an 'int80' entry.
A local user could potentially use this flaw to escalate their privileges
on the system. (CVE-2015-2830, Low)

* It was found that the Linux kernel's TCP/IP protocol suite implementation
for IPv6 allowed the Hop Limit value to be set to a smaller value than the
default one. An attacker on a local network could use this flaw to prevent
systems on that network from sending or receiving network packets.
(CVE-2015-2922, Low)

These updated kernel packages also include numerous bug fixes and one
enhancement. Space precludes documenting all of these changes in this
advisory. For information on the most significant of these changes, users
are directed to the following article on the Red Hat Customer Portal:

https://access.redhat.com/articles/1506133

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1192519 - CVE-2015-1593 kernel: Linux stack ASLR implementation Integer overflow
1201887 - CVE-2011-5321 Kernel: tty: driver reference leakage in tty_open
1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
1208598 - CVE-2015-2830 kernel: int80 fork from 64-bit tasks mishandling
1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-504.30.3.el6.src.rpm

i386:
kernel-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-504.30.3.el6.i686.rpm
kernel-devel-2.6.32-504.30.3.el6.i686.rpm
kernel-headers-2.6.32-504.30.3.el6.i686.rpm
perf-2.6.32-504.30.3.el6.i686.rpm
perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-504.30.3.el6.noarch.rpm
kernel-doc-2.6.32-504.30.3.el6.noarch.rpm
kernel-firmware-2.6.32-504.30.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
kernel-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-headers-2.6.32-504.30.3.el6.x86_64.rpm
perf-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-504.30.3.el6.i686.rpm
perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm
python-perf-2.6.32-504.30.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-504.30.3.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-504.30.3.el6.noarch.rpm
kernel-doc-2.6.32-504.30.3.el6.noarch.rpm
kernel-firmware-2.6.32-504.30.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
kernel-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-headers-2.6.32-504.30.3.el6.x86_64.rpm
perf-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-504.30.3.el6.src.rpm

i386:
kernel-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-504.30.3.el6.i686.rpm
kernel-devel-2.6.32-504.30.3.el6.i686.rpm
kernel-headers-2.6.32-504.30.3.el6.i686.rpm
perf-2.6.32-504.30.3.el6.i686.rpm
perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-504.30.3.el6.noarch.rpm
kernel-doc-2.6.32-504.30.3.el6.noarch.rpm
kernel-firmware-2.6.32-504.30.3.el6.noarch.rpm

ppc64:
kernel-2.6.32-504.30.3.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-504.30.3.el6.ppc64.rpm
kernel-debug-2.6.32-504.30.3.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.ppc64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-504.30.3.el6.ppc64.rpm
kernel-devel-2.6.32-504.30.3.el6.ppc64.rpm
kernel-headers-2.6.32-504.30.3.el6.ppc64.rpm
perf-2.6.32-504.30.3.el6.ppc64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm

s390x:
kernel-2.6.32-504.30.3.el6.s390x.rpm
kernel-debug-2.6.32-504.30.3.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.s390x.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-504.30.3.el6.s390x.rpm
kernel-devel-2.6.32-504.30.3.el6.s390x.rpm
kernel-headers-2.6.32-504.30.3.el6.s390x.rpm
kernel-kdump-2.6.32-504.30.3.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
kernel-kdump-devel-2.6.32-504.30.3.el6.s390x.rpm
perf-2.6.32-504.30.3.el6.s390x.rpm
perf-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.s390x.rpm

x86_64:
kernel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
kernel-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-headers-2.6.32-504.30.3.el6.x86_64.rpm
perf-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-504.30.3.el6.i686.rpm
perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm
python-perf-2.6.32-504.30.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-504.30.3.el6.ppc64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm
python-perf-2.6.32-504.30.3.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-504.30.3.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
perf-debuginfo-2.6.32-504.30.3.el6.s390x.rpm
python-perf-2.6.32-504.30.3.el6.s390x.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-504.30.3.el6.src.rpm

i386:
kernel-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-504.30.3.el6.i686.rpm
kernel-devel-2.6.32-504.30.3.el6.i686.rpm
kernel-headers-2.6.32-504.30.3.el6.i686.rpm
perf-2.6.32-504.30.3.el6.i686.rpm
perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-504.30.3.el6.noarch.rpm
kernel-doc-2.6.32-504.30.3.el6.noarch.rpm
kernel-firmware-2.6.32-504.30.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
kernel-devel-2.6.32-504.30.3.el6.x86_64.rpm
kernel-headers-2.6.32-504.30.3.el6.x86_64.rpm
perf-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-504.30.3.el6.i686.rpm
perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm
python-perf-2.6.32-504.30.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-2.6.32-504.30.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2011-5321
https://access.redhat.com/security/cve/CVE-2015-1593
https://access.redhat.com/security/cve/CVE-2015-2830
https://access.redhat.com/security/cve/CVE-2015-2922
https://access.redhat.com/security/cve/CVE-2015-3636
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/1506133

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVpSlZXlSAg2UNWIIRAiH6AJ0f+4MsyH6Y0JvQ7hYGYeDCc5xQ9gCgq2xn
pASawK+hDHii812IfMoudgU=
=kEoA
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 15 12:55:13 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 15 Jul 2015 12:55:13 +0000
Subject: [RHSA-2015:1228-01] Important: java-1.8.0-openjdk security update
Message-ID: <201507151255.t6FCtDXK017461@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update
Advisory ID:       RHSA-2015:1228-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1228.html
Issue date:        2015-07-15
CVE Names:         CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 
                   CVE-2015-2659 CVE-2015-2808 CVE-2015-3149 
                   CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 
                   CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 
                   CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.8.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI
components in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2015-4760,
CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK verified
Online Certificate Status Protocol (OCSP) responses. An OCSP response with
no nextUpdate date specified was incorrectly handled as having unlimited
validity, possibly causing a revoked X.509 certificate to be interpreted as
valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use constant
time comparisons in multiple cases. An attacker could possibly use these
flaws to disclose sensitive information by measuring the time used to
perform operations using these non-constant time comparisons.
(CVE-2015-2601)

It was discovered that the GCM (Galois Counter Mode) implementation in the
Security component of OpenJDK failed to properly perform a null check.
This could cause the Java Virtual Machine to crash when an application
performed encryption using a block cipher in the GCM mode. (CVE-2015-2659)

A flaw was found in the RC4 encryption algorithm. When using certain keys
for RC4 encryption, an attacker could obtain portions of the plain text
from the cipher text without the knowledge of the encryption key.
(CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by
default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug
1207101, linked to in the References section, for additional details about
this change.

A flaw was found in the way the TLS protocol composed the Diffie-Hellman
(DH) key exchange. A man-in-the-middle attacker could use this flaw to
force the use of weak 512 bit export-grade keys during the key exchange,
allowing them do decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK to
reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211,
linked to in the References section, for additional details about this
change.

It was discovered that the JNDI component in OpenJDK did not handle DNS
resolutions correctly. An attacker able to trigger such DNS errors could
cause a Java application using JNDI to consume memory and CPU time, and
possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D components in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed X.509
certificate identity verification when establishing a TLS/SSL connection to
a host identified by an IP address. In certain cases, the certificate was
accepted as valid if it was issued for a host name to which the IP address
resolves rather than for the IP address. (CVE-2015-2625)

Multiple insecure temporary file use issues were found in the way the
Hotspot component in OpenJDK created performance statistics and error log
files. A local attacker could possibly make a victim using OpenJDK
overwrite arbitrary files using a symlink attack. Note: This issue was
originally fixed as CVE-2015-0383, but the fix was regressed in the
RHSA-2015:0809 advisory. (CVE-2015-3149)

All users of java-1.8.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
1213365 - CVE-2015-3149 OpenJDK8: insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242144 - CVE-2015-2659 OpenJDK: GCM cipher issue causing JVM crash (Security, 8067648)
1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.src.rpm

i386:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.51-0.b16.el6_6.i686.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-src-1.8.0.51-0.b16.el6_6.i686.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-0.b16.el6_6.noarch.rpm

x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-0.b16.el6_6.noarch.rpm

x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.src.rpm

i386:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.51-0.b16.el6_6.i686.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-src-1.8.0.51-0.b16.el6_6.i686.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-0.b16.el6_6.noarch.rpm

x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.src.rpm

i386:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.51-0.b16.el6_6.i686.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.51-0.b16.el6_6.i686.rpm
java-1.8.0-openjdk-src-1.8.0.51-0.b16.el6_6.i686.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-0.b16.el6_6.noarch.rpm

x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-0.b16.el6_6.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-0.b16.el6_6.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-1.b16.el7_1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-1.b16.el7_1.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-1.b16.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-1.b16.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-1.b16.el7_1.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-1.b16.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.src.rpm

ppc64:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.ppc64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-1.b16.el7_1.ppc64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-1.b16.el7_1.ppc64.rpm

s390x:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.51-1.b16.el7_1.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.51-1.b16.el7_1.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-1.b16.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.51-1.b16.ael7b_1.src.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-1.b16.el7_1.noarch.rpm

ppc64:
java-1.8.0-openjdk-accessibility-1.8.0.51-1.b16.el7_1.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.ppc64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-1.b16.el7_1.ppc64.rpm
java-1.8.0-openjdk-src-1.8.0.51-1.b16.el7_1.ppc64.rpm

s390x:
java-1.8.0-openjdk-accessibility-1.8.0.51-1.b16.el7_1.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.51-1.b16.el7_1.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.51-1.b16.el7_1.s390x.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-1.b16.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-1.b16.ael7b_1.noarch.rpm

ppc64le:
java-1.8.0-openjdk-accessibility-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.51-1.b16.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.51-1.b16.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.51-1.b16.el7_1.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.51-1.b16.el7_1.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.51-1.b16.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2628
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2659
https://access.redhat.com/security/cve/CVE-2015-2808
https://access.redhat.com/security/cve/CVE-2015-3149
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVpldOXlSAg2UNWIIRAu9SAJ92MiEsuPBvTxxbyV6QS9HV1Y53rQCgpe2m
01qo91WXwuMDSBGf90l0Ky4=
=SsFY
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 15 12:57:33 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 15 Jul 2015 12:57:33 +0000
Subject: [RHSA-2015:1229-01] Critical: java-1.7.0-openjdk security update
Message-ID: <201507151257.t6FCvXtV031255@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.7.0-openjdk security update
Advisory ID:       RHSA-2015:1229-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1229.html
Issue date:        2015-07-15
CVE Names:         CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 
                   CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 
                   CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 
                   CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.7.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI
components in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2015-4760,
CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK verified
Online Certificate Status Protocol (OCSP) responses. An OCSP response with
no nextUpdate date specified was incorrectly handled as having unlimited
validity, possibly causing a revoked X.509 certificate to be interpreted as
valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use constant
time comparisons in multiple cases. An attacker could possibly use these
flaws to disclose sensitive information by measuring the time used to
perform operations using these non-constant time comparisons.
(CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain keys
for RC4 encryption, an attacker could obtain portions of the plain text
from the cipher text without the knowledge of the encryption key.
(CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by
default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug
1207101, linked to in the References section, for additional details about
this change.

A flaw was found in the way the TLS protocol composed the Diffie-Hellman
(DH) key exchange. A man-in-the-middle attacker could use this flaw to
force the use of weak 512 bit export-grade keys during the key exchange,
allowing them do decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK to
reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211,
linked to in the References section, for additional details about this
change.

It was discovered that the JNDI component in OpenJDK did not handle DNS
resolutions correctly. An attacker able to trigger such DNS errors could
cause a Java application using JNDI to consume memory and CPU time, and
possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D components in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed X.509
certificate identity verification when establishing a TLS/SSL connection to
a host identified by an IP address. In certain cases, the certificate was
accepted as valid if it was issued for a host name to which the IP address
resolves rather than for the IP address. (CVE-2015-2625)

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

ppc64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm

s390x:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.s390x.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.src.rpm

ppc64le:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

ppc64:
java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm

s390x:
java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.s390x.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.ael7b_1.noarch.rpm

ppc64le:
java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2628
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2808
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#critical
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVpliAXlSAg2UNWIIRAmDIAKC0SKJPEBiUrI0sgDcQMZTM/nm7nwCfUIje
QU57Hj/UGZeY+OmKchPFPcI=
=miFC
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 15 13:00:38 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 15 Jul 2015 13:00:38 +0000
Subject: [RHSA-2015:1230-01] Important: java-1.7.0-openjdk security update
Message-ID: <201507151300.t6FD0dTN021037@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.7.0-openjdk security update
Advisory ID:       RHSA-2015:1230-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1230.html
Issue date:        2015-07-15
CVE Names:         CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 
                   CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 
                   CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 
                   CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.7.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI
components in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760,
CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK verified
Online Certificate Status Protocol (OCSP) responses. An OCSP response with
no nextUpdate date specified was incorrectly handled as having unlimited
validity, possibly causing a revoked X.509 certificate to be interpreted as
valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use constant
time comparisons in multiple cases. An attacker could possibly use these
flaws to disclose sensitive information by measuring the time used to
perform operations using these non-constant time comparisons.
(CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain keys
for RC4 encryption, an attacker could obtain portions of the plain text
from the cipher text without the knowledge of the encryption key.
(CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 SSL/TLS cipher suites by
default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug
1207101, linked to in the References section, for additional details about
this change.

A flaw was found in the way the TLS protocol composed the Diffie-Hellman
(DH) key exchange. A man-in-the-middle attacker could use this flaw to
force the use of weak 512 bit export-grade keys during the key exchange,
allowing them do decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK to
reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211,
linked to in the References section, for additional details about this
change.

It was discovered that the JNDI component in OpenJDK did not handle DNS
resolutions correctly. An attacker able to trigger such DNS errors could
cause a Java application using JNDI to consume memory and CPU time, and
possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D components in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed X.509
certificate identity verification when establishing a TLS/SSL connection to
a host identified by an IP address. In certain cases, the certificate was
accepted as valid if it was issued for a host name to which the IP address
resolves rather than for the IP address. (CVE-2015-2625)

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.i386.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.i386.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.i386.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2628
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2808
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVpljRXlSAg2UNWIIRAl93AJ0bTWDExJ3gT6Vf3jj7gLWm1931JQCfSHwy
geoA6gBwA56Ep9ZcHnUCxAU=
=qQgk
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Jul 16 17:10:28 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 16 Jul 2015 13:10:28 -0400
Subject: [RHSA-2015:1235-01] Critical: flash-plugin security update
Message-ID: <201507161710.t6GHAS5v026959@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: flash-plugin security update
Advisory ID:       RHSA-2015:1235-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1235.html
Issue date:        2015-07-16
CVE Names:         CVE-2015-5122 CVE-2015-5123 
=====================================================================

1. Summary:

An updated Adobe Flash Player package that fixes two security issues is now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes two vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-18
listed in the References section.

Two flaws were found in the way flash-plugin displayed certain SWF content.
An attacker could use these flaws to create a specially crafted SWF file
that would cause flash-plugin to crash or, potentially, execute arbitrary
code when the victim loaded a page containing the malicious SWF content.
(CVE-2015-5122, CVE-2015-5123)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.491.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1242216 - CVE-2015-5122 CVE-2015-5123 flash-plugin: two code execution issues in APSA15-04 / APSB15-18

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
flash-plugin-11.2.202.491-1.el5.i386.rpm

x86_64:
flash-plugin-11.2.202.491-1.el5.i386.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
flash-plugin-11.2.202.491-1.el5.i386.rpm

x86_64:
flash-plugin-11.2.202.491-1.el5.i386.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
flash-plugin-11.2.202.491-1.el6_6.i686.rpm

x86_64:
flash-plugin-11.2.202.491-1.el6_6.i686.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
flash-plugin-11.2.202.491-1.el6_6.i686.rpm

x86_64:
flash-plugin-11.2.202.491-1.el6_6.i686.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
flash-plugin-11.2.202.491-1.el6_6.i686.rpm

x86_64:
flash-plugin-11.2.202.491-1.el6_6.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-5122
https://access.redhat.com/security/cve/CVE-2015-5123
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVp+WCXlSAg2UNWIIRAsPvAKC4jqtQIpeXv33Wj/vKMotQ4sdPZwCgibDD
MzLG3LQTopnph72hflS2aDE=
=XzfT
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Fri Jul 17 08:12:12 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 17 Jul 2015 08:12:12 +0000
Subject: [RHSA-2015:1241-01] Critical: java-1.8.0-oracle security update
Message-ID: <201507170812.t6H8CDuL015384@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.8.0-oracle security update
Advisory ID:       RHSA-2015:1241-01
Product:           Oracle Java for Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1241.html
Issue date:        2015-07-17
CVE Names:         CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 
                   CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 
                   CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 
                   CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 
                   CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 
                   CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 
                   CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 
                   CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.8.0-oracle packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64
Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 8 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621,
CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637,
CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000,
CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736,
CVE-2015-4748, CVE-2015-4749, CVE-2015-4760)

Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla
bug 1207101, linked to in the References section, for additional details
about this change.

Note: This update forces the TLS/SSL client implementation in Oracle JDK to
reject DH key sizes below 768 bits to address the CVE-2015-4000 issue.
Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,
for additional details about this change.

All users of java-1.8.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 8 Update 51 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242144 - CVE-2015-2659 OpenJDK: GCM cipher issue causing JVM crash (Security, 8067648)
1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)
1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243291 - CVE-2015-2627 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Install)
1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)

6. Package List:

Oracle Java for Red Hat Enterprise Linux Desktop 6:

i386:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.i686.rpm

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux HPC Node 6:

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Server 6:

i386:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.i686.rpm

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Workstation 6:

i386:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.i686.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.i686.rpm

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Client (v. 7):

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7):

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Server (v. 7):

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Workstation (v. 7):

x86_64:
java-1.8.0-oracle-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el7_1.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2613
https://access.redhat.com/security/cve/CVE-2015-2619
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2627
https://access.redhat.com/security/cve/CVE-2015-2628
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2637
https://access.redhat.com/security/cve/CVE-2015-2638
https://access.redhat.com/security/cve/CVE-2015-2659
https://access.redhat.com/security/cve/CVE-2015-2664
https://access.redhat.com/security/cve/CVE-2015-2808
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4729
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4736
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVqLh3XlSAg2UNWIIRAg4lAJ9JxQXiR0q2W+1AjS0MQsPXh9KJcwCglatz
BcA6pGcDVhK5CWrc7VD+U7I=
=KJKN
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri Jul 17 08:14:49 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 17 Jul 2015 08:14:49 +0000
Subject: [RHSA-2015:1242-01] Critical: java-1.7.0-oracle security update
Message-ID: <201507170814.t6H8Eo2Z005519@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.7.0-oracle security update
Advisory ID:       RHSA-2015:1242-01
Product:           Oracle Java for Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1242.html
Issue date:        2015-07-17
CVE Names:         CVE-2015-2590 CVE-2015-2596 CVE-2015-2601 
                   CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 
                   CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 
                   CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 
                   CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 
                   CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 
                   CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.7.0-oracle packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619,
CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632,
CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000,
CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736,
CVE-2015-4748, CVE-2015-4749, CVE-2015-4760)

Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla
bug 1207101, linked to in the References section, for additional details
about this change.

Note: This update forces the TLS/SSL client implementation in Oracle JDK to
reject DH key sizes below 768 bits to address the CVE-2015-4000 issue.
Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,
for additional details about this change.

All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 85 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)
1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243288 - CVE-2015-2596 Oracle JDK: unspecified vulnerability fixed in 7u85 (Hotspot)
1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243291 - CVE-2015-2627 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Install)
1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)

6. Package List:

Oracle Java for Red Hat Enterprise Linux Client 5:

i386:
java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.i586.rpm

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Desktop 5:

i386:
java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.i586.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.i586.rpm

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Desktop 6:

i386:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux HPC Node 6:

i386:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Server 6:

i386:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Workstation 6:

i386:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Client (v. 7):

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7):

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Server (v. 7):

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Workstation (v. 7):

x86_64:
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm
java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el7_1.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2596
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2613
https://access.redhat.com/security/cve/CVE-2015-2619
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2627
https://access.redhat.com/security/cve/CVE-2015-2628
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2637
https://access.redhat.com/security/cve/CVE-2015-2638
https://access.redhat.com/security/cve/CVE-2015-2664
https://access.redhat.com/security/cve/CVE-2015-2808
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4729
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4736
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVqLkQXlSAg2UNWIIRApPYAJ9mDcyE1m+byX7SKQCYCjCAkFjAOwCgqaS3
39j8idlEHkcFVfGf9Ka+tVc=
=i6Lu
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri Jul 17 08:19:23 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 17 Jul 2015 08:19:23 +0000
Subject: [RHSA-2015:1243-01] Important: java-1.6.0-sun security update
Message-ID: <201507170819.t6H8JOrL015470@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.6.0-sun security update
Advisory ID:       RHSA-2015:1243-01
Product:           Oracle Java for Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1243.html
Issue date:        2015-07-17
CVE Names:         CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 
                   CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 
                   CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 
                   CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 
                   CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627,
CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664,
CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733,
CVE-2015-4748, CVE-2015-4749, CVE-2015-4760)

Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla
bug 1207101, linked to in the References section, for additional details
about this change.

Note: This update forces the TLS/SSL client implementation in Oracle JDK to
reject DH key sizes below 768 bits to address the CVE-2015-4000 issue.
Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,
for additional details about this change.

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 101 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243291 - CVE-2015-2627 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Install)
1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)

6. Package List:

Oracle Java for Red Hat Enterprise Linux Client 5:

i386:
java-1.6.0-sun-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el5_11.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el5_11.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Desktop 5:

i386:
java-1.6.0-sun-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el5_11.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el5_11.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el5_11.i586.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el5_11.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Desktop 6:

i386:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux HPC Node 6:

i386:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Server 6:

i386:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Workstation 6:

i386:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el6_6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el6_6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Client (v. 7):

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7):

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Server (v. 7):

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el7_1.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux Workstation (v. 7):

x86_64:
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.i686.rpm
java-1.6.0-sun-devel-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.101-1jpp.1.el7_1.x86_64.rpm
java-1.6.0-sun-src-1.6.0.101-1jpp.1.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2627
https://access.redhat.com/security/cve/CVE-2015-2628
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2637
https://access.redhat.com/security/cve/CVE-2015-2638
https://access.redhat.com/security/cve/CVE-2015-2664
https://access.redhat.com/security/cve/CVE-2015-2808
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#important
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVqLm+XlSAg2UNWIIRAmqWAJ4kyvLDxDGV47RXb4dcVG2ZmSZ5ygCgvcHE
y8dq5EZIYIIFkIl8UrukDXA=
=zhej
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Jul 20 16:36:49 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 Jul 2015 12:36:49 -0400
Subject: [RHSA-2015:1443-01] Important: bind security update
Message-ID: <201507201636.t6KGanEx010005@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: bind security update
Advisory ID:       RHSA-2015:1443-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1443.html
Issue date:        2015-07-20
CVE Names:         CVE-2015-4620 
=====================================================================

1. Summary:

Updated bind packages that fix one security issue are now available for Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND performed DNSSEC validation. An attacker
able to make BIND (functioning as a DNS resolver with DNSSEC validation
enabled) resolve a name in an attacker-controlled domain could cause named
to exit unexpectedly with an assertion failure. (CVE-2015-4620)

Red Hat would like to thank ISC for reporting this issue.

All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1237258 - CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
bind-9.9.4-18.el7_1.2.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.2.noarch.rpm

x86_64:
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-9.9.4-18.el7_1.2.i686.rpm
bind-libs-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm
bind-utils-9.9.4-18.el7_1.2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bind-9.9.4-18.el7_1.2.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-devel-9.9.4-18.el7_1.2.i686.rpm
bind-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
bind-9.9.4-18.el7_1.2.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.2.noarch.rpm

x86_64:
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-9.9.4-18.el7_1.2.i686.rpm
bind-libs-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm
bind-utils-9.9.4-18.el7_1.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bind-9.9.4-18.el7_1.2.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-devel-9.9.4-18.el7_1.2.i686.rpm
bind-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
bind-9.9.4-18.el7_1.2.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.2.noarch.rpm

ppc64:
bind-9.9.4-18.el7_1.2.ppc64.rpm
bind-chroot-9.9.4-18.el7_1.2.ppc64.rpm
bind-debuginfo-9.9.4-18.el7_1.2.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.2.ppc64.rpm
bind-libs-9.9.4-18.el7_1.2.ppc.rpm
bind-libs-9.9.4-18.el7_1.2.ppc64.rpm
bind-libs-lite-9.9.4-18.el7_1.2.ppc.rpm
bind-libs-lite-9.9.4-18.el7_1.2.ppc64.rpm
bind-utils-9.9.4-18.el7_1.2.ppc64.rpm

s390x:
bind-9.9.4-18.el7_1.2.s390x.rpm
bind-chroot-9.9.4-18.el7_1.2.s390x.rpm
bind-debuginfo-9.9.4-18.el7_1.2.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.2.s390x.rpm
bind-libs-9.9.4-18.el7_1.2.s390.rpm
bind-libs-9.9.4-18.el7_1.2.s390x.rpm
bind-libs-lite-9.9.4-18.el7_1.2.s390.rpm
bind-libs-lite-9.9.4-18.el7_1.2.s390x.rpm
bind-utils-9.9.4-18.el7_1.2.s390x.rpm

x86_64:
bind-9.9.4-18.el7_1.2.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-9.9.4-18.el7_1.2.i686.rpm
bind-libs-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm
bind-utils-9.9.4-18.el7_1.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
bind-9.9.4-18.ael7b_1.2.src.rpm

noarch:
bind-license-9.9.4-18.ael7b_1.2.noarch.rpm

ppc64le:
bind-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-chroot-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-debuginfo-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-libs-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-libs-lite-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-utils-9.9.4-18.ael7b_1.2.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bind-debuginfo-9.9.4-18.el7_1.2.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.2.ppc64.rpm
bind-devel-9.9.4-18.el7_1.2.ppc.rpm
bind-devel-9.9.4-18.el7_1.2.ppc64.rpm
bind-lite-devel-9.9.4-18.el7_1.2.ppc.rpm
bind-lite-devel-9.9.4-18.el7_1.2.ppc64.rpm
bind-sdb-9.9.4-18.el7_1.2.ppc64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.2.ppc64.rpm

s390x:
bind-debuginfo-9.9.4-18.el7_1.2.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.2.s390x.rpm
bind-devel-9.9.4-18.el7_1.2.s390.rpm
bind-devel-9.9.4-18.el7_1.2.s390x.rpm
bind-lite-devel-9.9.4-18.el7_1.2.s390.rpm
bind-lite-devel-9.9.4-18.el7_1.2.s390x.rpm
bind-sdb-9.9.4-18.el7_1.2.s390x.rpm
bind-sdb-chroot-9.9.4-18.el7_1.2.s390x.rpm

x86_64:
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-devel-9.9.4-18.el7_1.2.i686.rpm
bind-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le:
bind-debuginfo-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-devel-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-lite-devel-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-sdb-9.9.4-18.ael7b_1.2.ppc64le.rpm
bind-sdb-chroot-9.9.4-18.ael7b_1.2.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
bind-9.9.4-18.el7_1.2.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.2.noarch.rpm

x86_64:
bind-9.9.4-18.el7_1.2.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-9.9.4-18.el7_1.2.i686.rpm
bind-libs-9.9.4-18.el7_1.2.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm
bind-utils-9.9.4-18.el7_1.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm
bind-devel-9.9.4-18.el7_1.2.i686.rpm
bind-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-4620
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrSOfXlSAg2UNWIIRAjE2AJwLMq6iJxePYpd9dGwC7hDW/FOJkgCff3lG
RAy0mT5xI+tv+CZjJV1+fpU=
=4EM5
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Mon Jul 20 16:37:06 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 Jul 2015 12:37:06 -0400
Subject: [RHSA-2015:1455-01] Important: thunderbird security update
Message-ID: <201507201637.t6KGb63d026071@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2015:1455-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1455.html
Issue date:        2015-07-20
CVE Names:         CVE-2015-2724 CVE-2015-2725 CVE-2015-2731 
                   CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 
                   CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 
                   CVE-2015-2740 CVE-2015-2741 
=====================================================================

1. Summary:

An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,
CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,
CVE-2015-2740)

It was found that Thunderbird skipped key-pinning checks when handling an
error that could be overridden by the user (for example an expired
certificate error). This flaw allowed a user to override a pinned
certificate, which is an action the user should not be able to perform.
(CVE-2015-2741)

Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew
McCreight, Herre, Ronald Crane, and David Keeler as the original reporters
of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 31.8. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 31.8, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1236947 - CVE-2015-2724 CVE-2015-2725 Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)
1236953 - CVE-2015-2731 Mozilla: Use-after-free in Content Policy due to microtask execution error (MFSA 2015-63)
1236956 - CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
1236963 - CVE-2015-2741 Mozilla: Key pinning is ignored when overridable errors are encountered (MFSA 2015-67)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
thunderbird-31.8.0-1.el5_11.src.rpm

i386:
thunderbird-31.8.0-1.el5_11.i386.rpm
thunderbird-debuginfo-31.8.0-1.el5_11.i386.rpm

x86_64:
thunderbird-31.8.0-1.el5_11.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el5_11.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server):

Source:
thunderbird-31.8.0-1.el5_11.src.rpm

i386:
thunderbird-31.8.0-1.el5_11.i386.rpm
thunderbird-debuginfo-31.8.0-1.el5_11.i386.rpm

x86_64:
thunderbird-31.8.0-1.el5_11.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el5_11.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
thunderbird-31.8.0-1.el6_6.src.rpm

i386:
thunderbird-31.8.0-1.el6_6.i686.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.i686.rpm

x86_64:
thunderbird-31.8.0-1.el6_6.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
thunderbird-31.8.0-1.el6_6.src.rpm

i386:
thunderbird-31.8.0-1.el6_6.i686.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.i686.rpm

ppc64:
thunderbird-31.8.0-1.el6_6.ppc64.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.ppc64.rpm

s390x:
thunderbird-31.8.0-1.el6_6.s390x.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.s390x.rpm

x86_64:
thunderbird-31.8.0-1.el6_6.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
thunderbird-31.8.0-1.el6_6.src.rpm

i386:
thunderbird-31.8.0-1.el6_6.i686.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.i686.rpm

x86_64:
thunderbird-31.8.0-1.el6_6.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el6_6.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
thunderbird-31.8.0-1.el7_1.src.rpm

x86_64:
thunderbird-31.8.0-1.el7_1.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-31.8.0-1.el7_1.src.rpm

x86_64:
thunderbird-31.8.0-1.el7_1.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-31.8.0-1.ael7b_1.src.rpm

ppc64le:
thunderbird-31.8.0-1.ael7b_1.ppc64le.rpm
thunderbird-debuginfo-31.8.0-1.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
thunderbird-31.8.0-1.el7_1.src.rpm

x86_64:
thunderbird-31.8.0-1.el7_1.x86_64.rpm
thunderbird-debuginfo-31.8.0-1.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2724
https://access.redhat.com/security/cve/CVE-2015-2725
https://access.redhat.com/security/cve/CVE-2015-2731
https://access.redhat.com/security/cve/CVE-2015-2734
https://access.redhat.com/security/cve/CVE-2015-2735
https://access.redhat.com/security/cve/CVE-2015-2736
https://access.redhat.com/security/cve/CVE-2015-2737
https://access.redhat.com/security/cve/CVE-2015-2738
https://access.redhat.com/security/cve/CVE-2015-2739
https://access.redhat.com/security/cve/CVE-2015-2740
https://access.redhat.com/security/cve/CVE-2015-2741
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.8

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrSOwXlSAg2UNWIIRAiveAJ9gTMGzmAc929En6Bjxqe2I2XqnuACfUhLD
r4JlNJIaJeHSScuSU2rn8vE=
=bpNq
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Wed Jul 22 06:25:03 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:25:03 +0000
Subject: [RHSA-2015:1249-02] Low: httpd security, bug fix,
	and enhancement update
Message-ID: <201507220612.t6M6CHjP013081@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: httpd security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1249-02
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1249.html
Issue date:        2015-07-22
Updated on:        2014-12-08
CVE Names:         CVE-2013-5704 
=====================================================================

1. Summary:

Updated httpd packages that fix one security issue, several bugs, and add
one enhancement are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,
and extensible web server.

A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could use
Trailer headers to set additional HTTP headers after header processing was
performed by other modules. This could, for example, lead to a bypass of
header restrictions defined with mod_headers. (CVE-2013-5704)

This update also fixes the following bugs:

* The order of mod_proxy workers was not checked when httpd configuration
was reloaded. When mod_proxy workers were removed, added, or their order
was changed, their parameters and scores could become mixed. The order of
mod_proxy workers has been made internally consistent during configuration
reload. (BZ#1149906)

* The local host certificate created during firstboot contained CA
extensions, which caused the httpd service to return warning messages.
This has been addressed by local host certificates being generated with the
"-extensions v3_req" option. (BZ#906476)

* The default mod_ssl configuration no longer enables support for SSL
cipher suites using the single DES, IDEA, or SEED encryption algorithms.
(BZ#1086771)

* The apachectl script did not take into account the HTTPD_LANG variable
set in the /etc/sysconfig/httpd file during graceful restarts.
Consequently, httpd did not use a changed value of HTTPD_LANG when the
daemon was restarted gracefully. The script has been fixed to handle the
HTTPD_LANG variable correctly. (BZ#963146)

* The mod_deflate module failed to check the original file size while
extracting files larger than 4 GB, making it impossible to extract large
files. Now, mod_deflate checks the original file size properly according to
RFC1952, and it is able to decompress files larger than 4 GB. (BZ#1057695)

* The httpd service did not check configuration before restart. When a
configuration contained an error, an attempt to restart httpd gracefully
failed. Now, httpd checks configuration before restart and if the
configuration is in an inconsistent state, an error message is printed,
httpd is not stopped and a restart is not performed. (BZ#1146194)

* The SSL_CLIENT_VERIFY environment variable was incorrectly handled when
the "SSLVerifyClient optional_no_ca" and "SSLSessionCache" options were
used. When an SSL session was resumed, the SSL_CLIENT_VERIFY value was set
to "SUCCESS" instead of the previously set "GENEROUS". SSL_CLIENT_VERIFY is
now correctly set to GENEROUS in this scenario. (BZ#1149703)

* The ab utility did not correctly handle situations when an SSL connection
was closed after some data had already been read. As a consequence, ab did
not work correctly with SSL servers and printed "SSL read failed" error
messages. With this update, ab works as expected with HTTPS servers.
(BZ#1045477)

* When a client presented a revoked certificate, log entries were created
only at the debug level. The log level of messages regarding a revoked
certificate has been increased to INFO, and administrators are now properly
informed of this situation. (BZ#1161328)

In addition, this update adds the following enhancement:

* A mod_proxy worker can now be set into drain mode (N) using the
balancer-manager web interface or using the httpd configuration file.
A worker in drain mode accepts only existing sticky sessions destined for
itself and ignores all other requests. The worker waits until all clients
currently connected to this worker complete their work before the worker is
stopped. As a result, drain mode enables to perform maintenance on a worker
without affecting clients. (BZ#767130)

Users of httpd are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement. After installing the updated packages, the httpd service will
be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

922844 - rotatelogs %Z does not use correct timezone respecting DST
963146 - HTTPD_LANG doesn't effect when httpd starts by graceful.
987590 - Apache startup fails with misleading error if DocumentRoot has context type user_home_t
1045477 - "ab" to https sites broken
1057695 - mod_deflate does not decompress files larger than 4GB
1069625 - httpd.conf uses icon bomb.gif for all files/dirs ending with core
1082903 - CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
1125269 - ab fails when domain name resolved to IPv6 adress
1149703 - bad SSL_CLIENT_VERIFY value on resumed session with "SSLVerifyClient optional_no_ca"
1149906 - Mixed up mod_proxy_balancer jvmRoutes causing sticky session breaks
1161328 - [mod_ssl] Revoked Certificates are logged at the DEBUG level
1162268 - Misspelling in patch file causes failure to build against older OpenSSL releases

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
httpd-2.2.15-45.el6.src.rpm

i386:
httpd-2.2.15-45.el6.i686.rpm
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-tools-2.2.15-45.el6.i686.rpm

x86_64:
httpd-2.2.15-45.el6.x86_64.rpm
httpd-debuginfo-2.2.15-45.el6.x86_64.rpm
httpd-tools-2.2.15-45.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-devel-2.2.15-45.el6.i686.rpm
mod_ssl-2.2.15-45.el6.i686.rpm

noarch:
httpd-manual-2.2.15-45.el6.noarch.rpm

x86_64:
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-debuginfo-2.2.15-45.el6.x86_64.rpm
httpd-devel-2.2.15-45.el6.i686.rpm
httpd-devel-2.2.15-45.el6.x86_64.rpm
mod_ssl-2.2.15-45.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
httpd-2.2.15-45.el6.src.rpm

x86_64:
httpd-2.2.15-45.el6.x86_64.rpm
httpd-debuginfo-2.2.15-45.el6.x86_64.rpm
httpd-tools-2.2.15-45.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
httpd-manual-2.2.15-45.el6.noarch.rpm

x86_64:
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-debuginfo-2.2.15-45.el6.x86_64.rpm
httpd-devel-2.2.15-45.el6.i686.rpm
httpd-devel-2.2.15-45.el6.x86_64.rpm
mod_ssl-2.2.15-45.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
httpd-2.2.15-45.el6.src.rpm

i386:
httpd-2.2.15-45.el6.i686.rpm
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-devel-2.2.15-45.el6.i686.rpm
httpd-tools-2.2.15-45.el6.i686.rpm
mod_ssl-2.2.15-45.el6.i686.rpm

noarch:
httpd-manual-2.2.15-45.el6.noarch.rpm

ppc64:
httpd-2.2.15-45.el6.ppc64.rpm
httpd-debuginfo-2.2.15-45.el6.ppc.rpm
httpd-debuginfo-2.2.15-45.el6.ppc64.rpm
httpd-devel-2.2.15-45.el6.ppc.rpm
httpd-devel-2.2.15-45.el6.ppc64.rpm
httpd-tools-2.2.15-45.el6.ppc64.rpm
mod_ssl-2.2.15-45.el6.ppc64.rpm

s390x:
httpd-2.2.15-45.el6.s390x.rpm
httpd-debuginfo-2.2.15-45.el6.s390.rpm
httpd-debuginfo-2.2.15-45.el6.s390x.rpm
httpd-devel-2.2.15-45.el6.s390.rpm
httpd-devel-2.2.15-45.el6.s390x.rpm
httpd-tools-2.2.15-45.el6.s390x.rpm
mod_ssl-2.2.15-45.el6.s390x.rpm

x86_64:
httpd-2.2.15-45.el6.x86_64.rpm
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-debuginfo-2.2.15-45.el6.x86_64.rpm
httpd-devel-2.2.15-45.el6.i686.rpm
httpd-devel-2.2.15-45.el6.x86_64.rpm
httpd-tools-2.2.15-45.el6.x86_64.rpm
mod_ssl-2.2.15-45.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
httpd-2.2.15-45.el6.src.rpm

i386:
httpd-2.2.15-45.el6.i686.rpm
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-devel-2.2.15-45.el6.i686.rpm
httpd-tools-2.2.15-45.el6.i686.rpm
mod_ssl-2.2.15-45.el6.i686.rpm

noarch:
httpd-manual-2.2.15-45.el6.noarch.rpm

x86_64:
httpd-2.2.15-45.el6.x86_64.rpm
httpd-debuginfo-2.2.15-45.el6.i686.rpm
httpd-debuginfo-2.2.15-45.el6.x86_64.rpm
httpd-devel-2.2.15-45.el6.i686.rpm
httpd-devel-2.2.15-45.el6.x86_64.rpm
httpd-tools-2.2.15-45.el6.x86_64.rpm
mod_ssl-2.2.15-45.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2013-5704
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzQyXlSAg2UNWIIRAqudAKC9mhglS6BG4HofyduoRGIk0AQmYQCfdX7e
ZFaoxBsObcWEFLGgT549OX4=
=WbEF
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:26:23 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:26:23 +0000
Subject: [RHSA-2015:1254-02] Moderate: curl security, bug fix,
	and enhancement update
Message-ID: <201507220613.t6M6DaqH013672@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1254-02
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1254.html
Issue date:        2015-07-22
Updated on:        2014-12-15
CVE Names:         CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 
                   CVE-2015-3143 CVE-2015-3148 
=====================================================================

1. Summary:

Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.

It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)

A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)

It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl to access a specially crafted URL via an HTTP
proxy could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)

It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)

Red Hat would like to thank the cURL project for reporting these issues.

Bug fixes:

* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available
with libcurl. Attackers could abuse the fallback to force downgrade of the
SSL version. The fallback has been removed from libcurl. Users requiring
this functionality can explicitly enable SSLv3.0 through the libcurl API.
(BZ#1154059)

* A single upload transfer through the FILE protocol opened the destination
file twice. If the inotify kernel subsystem monitored the file, two events
were produced unnecessarily. The file is now opened only once per upload.
(BZ#883002)

* Utilities using libcurl for SCP/SFTP transfers could terminate
unexpectedly when the system was running in FIPS mode. (BZ#1008178)

* Using the "--retry" option with the curl utility could cause curl to
terminate unexpectedly with a segmentation fault. Now, adding "--retry" no
longer causes curl to crash. (BZ#1009455)

* The "curl --trace-time" command did not use the correct local time when
printing timestamps. Now, "curl --trace-time" works as expected.
(BZ#1120196)

* The valgrind utility could report dynamically allocated memory leaks on
curl exit. Now, curl performs a global shutdown of the NetScape Portable
Runtime (NSPR) library on exit, and valgrind no longer reports the memory
leaks. (BZ#1146528)

* Previously, libcurl returned an incorrect value of the
CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to
the HTTP response. Now, the returned value is valid. (BZ#1161163)

Enhancements:

* The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for
specifying the minor version of the TLS protocol to be negotiated by NSS.
The "--tlsv1" option now negotiates the highest version of the TLS protocol
supported by both the client and the server. (BZ#1012136)

* It is now possible to explicitly enable or disable the ECC and the new
AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)

All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

835898 - Bug in DNS cache causes connections until restart of libcurl-using processes
883002 - curl used with file:// protocol opens and closes a destination file twice
997185 - sendrecv.c example incorrect type for sockfd
1008178 - curl scp download fails in fips mode
1011083 - CA certificate cannot be specified by nickname [documentation bug]
1011101 - manpage typos found using aspell
1058767 - curl does not support ECDSA certificates
1104160 - Link in curl man page is wrong
1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain
1154059 - curl: Disable out-of-protocol fallback to SSL 3.0
1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS
1156422 - curl does not allow explicit control of DHE ciphers
1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE
1168137 - curl closes connection after HEAD request fails
1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
curl-7.19.7-46.el6.src.rpm

i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm

x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm

x86_64:
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
curl-7.19.7-46.el6.src.rpm

x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
curl-7.19.7-46.el6.src.rpm

i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm

ppc64:
curl-7.19.7-46.el6.ppc64.rpm
curl-debuginfo-7.19.7-46.el6.ppc.rpm
curl-debuginfo-7.19.7-46.el6.ppc64.rpm
libcurl-7.19.7-46.el6.ppc.rpm
libcurl-7.19.7-46.el6.ppc64.rpm
libcurl-devel-7.19.7-46.el6.ppc.rpm
libcurl-devel-7.19.7-46.el6.ppc64.rpm

s390x:
curl-7.19.7-46.el6.s390x.rpm
curl-debuginfo-7.19.7-46.el6.s390.rpm
curl-debuginfo-7.19.7-46.el6.s390x.rpm
libcurl-7.19.7-46.el6.s390.rpm
libcurl-7.19.7-46.el6.s390x.rpm
libcurl-devel-7.19.7-46.el6.s390.rpm
libcurl-devel-7.19.7-46.el6.s390x.rpm

x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
curl-7.19.7-46.el6.src.rpm

i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm

x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-3613
https://access.redhat.com/security/cve/CVE-2014-3707
https://access.redhat.com/security/cve/CVE-2014-8150
https://access.redhat.com/security/cve/CVE-2015-3143
https://access.redhat.com/security/cve/CVE-2015-3148
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn
emWApg/iYw5vIs3rWoqmU7A=
=p+Xb
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:27:35 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:27:35 +0000
Subject: [RHSA-2015:1272-01] Moderate: kernel security, bug fix,
	and enhancement update
Message-ID: <201507220614.t6M6Em1M013633@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1272-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1272.html
Issue date:        2015-07-22
Updated on:        2015-01-12
CVE Names:         CVE-2014-3184 CVE-2014-3940 CVE-2014-4652 
                   CVE-2014-8133 CVE-2014-8709 CVE-2014-9683 
                   CVE-2015-0239 CVE-2015-3339 
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues, address several
hundred bugs, and add numerous enhancements are now available as part of
the ongoing support and maintenance of Red Hat Enterprise Linux version 6.
This is the seventh regular update.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)
implementation handled non-huge page migration. A local, unprivileged user
could use this flaw to crash the kernel by migrating transparent hugepages.
(CVE-2014-3940, Moderate)

* A buffer overflow flaw was found in the way the Linux kernel's eCryptfs
implementation decoded encrypted file names. A local, unprivileged user
could use this flaw to crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-9683, Moderate)

* A race condition flaw was found between the chown and execve system
calls. When changing the owner of a setuid user binary to root, the race
condition could momentarily make the binary setuid root. A local,
unprivileged user could potentially use this flaw to escalate their
privileges on the system. (CVE-2015-3339, Moderate)

* Multiple out-of-bounds write flaws were found in the way the Cherry
Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
control driver, and Sunplus wireless desktop driver handled HID reports
with an invalid report descriptor size. An attacker with physical access to
the system could use either of these flaws to write data past an allocated
memory buffer. (CVE-2014-3184, Low)

* An information leak flaw was found in the way the Linux kernel's Advanced
Linux Sound Architecture (ALSA) implementation handled access of the user
control's state. A local, privileged user could use this flaw to leak
kernel memory to user space. (CVE-2014-4652, Low)

* It was found that the espfix functionality could be bypassed by
installing a 16-bit RW data segment into GDT instead of LDT (which espfix
checks), and using that segment on the stack. A local, unprivileged user
could potentially use this flaw to leak kernel stack addresses.
(CVE-2014-8133, Low)

* An information leak flaw was found in the Linux kernel's IEEE 802.11
wireless networking implementation. When software encryption was used, a
remote attacker could use this flaw to leak up to 8 bytes of plaintext.
(CVE-2014-8709, Low)

* It was found that the Linux kernel KVM subsystem's sysenter instruction
emulation was not sufficient. An unprivileged guest user could use this
flaw to escalate their privileges by tricking the hypervisor to emulate a
SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the
SYSENTER model-specific registers (MSRs). Note: Certified guest operating
systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER
MSRs and are thus not vulnerable to this issue when running on a KVM
hypervisor. (CVE-2015-0239, Low)

Red Hat would like to thank Andy Lutomirski for reporting the CVE-2014-8133
issue, and Nadav Amit for reporting the CVE-2015-0239 issue.

This update fixes several hundred bugs and adds numerous enhancements.
Refer to the Red Hat Enterprise Linux 6.7 Release Notes for information on
the most significant of these changes, and the following Knowledgebase
article for further information:

https://access.redhat.com/articles/1466073

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

734360 - "opcontrol --deinit" cause kernel panic inside guest os.
840708 - misleading (typo) print for "max_report_luns"
986761 - guest kernel will print many "serial8250: too much work for irq3" when using kvm with isa-serial
1025868 - kernel panic when installing RHEL4 with Opteron G3 CPU model
1066702 - Hugepage allocations hang on numa nodes with insufficient memory
1104097 - CVE-2014-3940 Kernel: missing check during hugepage migration
1113406 - CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & memory disclosure
1115545 - NFS4: remove incorrect "Lock reclaim failed!" warning when delegations are used
1116398 - RHEV-H crashes and reboots when ksmd (MOM) is enabled
1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines
1144128 - FUSE: Scheduling while atomic OOPSes when using inval_entry
1145751 - kvm_clock lacks protection against tsc going backwards
1150510 - kernel ignores ACPI memory devices (PNP0C80) present at boot time
1156661 - Kernel crash when unmounting Ext4 filesystem
1171317 - xfs may crash after unmount if a log write is delayed
1172797 - CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS
1173580 - CVE-2014-8709 kernel: net: mac80211: plain text information leak
1183773 - clock_event_device:min_delta_ns can overflow and can never go down
1186448 - CVE-2015-0239  kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1187940 - Regression: Loading memory mapped files does not use the optimal sized (large) I/O any more in kernel 2.6.32-504.3.3.el6.x86_64
1193830 - CVE-2014-9683 kernel: buffer overflow in eCryptfs
1196319 - Backport the dm-switch target to RHEL 6
1200541 - Reset socket ignored when socket state is LAST-ACK and connection state is SYN-SENT
1208065 - O_TRUNC ignored on NFS file with invalid cache entry
1214030 - CVE-2015-3339 kernel: race condition between chown() and execve()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-573.el6.src.rpm

i386:
kernel-2.6.32-573.el6.i686.rpm
kernel-debug-2.6.32-573.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
kernel-devel-2.6.32-573.el6.i686.rpm
kernel-headers-2.6.32-573.el6.i686.rpm
perf-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm
kernel-doc-2.6.32-573.el6.noarch.rpm
kernel-firmware-2.6.32-573.el6.noarch.rpm

x86_64:
kernel-2.6.32-573.el6.x86_64.rpm
kernel-debug-2.6.32-573.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debug-devel-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
kernel-devel-2.6.32-573.el6.x86_64.rpm
kernel-headers-2.6.32-573.el6.x86_64.rpm
perf-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-573.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm
kernel-doc-2.6.32-573.el6.noarch.rpm
kernel-firmware-2.6.32-573.el6.noarch.rpm

x86_64:
kernel-2.6.32-573.el6.x86_64.rpm
kernel-debug-2.6.32-573.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debug-devel-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
kernel-devel-2.6.32-573.el6.x86_64.rpm
kernel-headers-2.6.32-573.el6.x86_64.rpm
perf-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-573.el6.src.rpm

i386:
kernel-2.6.32-573.el6.i686.rpm
kernel-debug-2.6.32-573.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
kernel-devel-2.6.32-573.el6.i686.rpm
kernel-headers-2.6.32-573.el6.i686.rpm
perf-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm
kernel-doc-2.6.32-573.el6.noarch.rpm
kernel-firmware-2.6.32-573.el6.noarch.rpm

ppc64:
kernel-2.6.32-573.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-573.el6.ppc64.rpm
kernel-debug-2.6.32-573.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-573.el6.ppc64.rpm
kernel-debug-devel-2.6.32-573.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.el6.ppc64.rpm
kernel-devel-2.6.32-573.el6.ppc64.rpm
kernel-headers-2.6.32-573.el6.ppc64.rpm
perf-2.6.32-573.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.el6.ppc64.rpm

s390x:
kernel-2.6.32-573.el6.s390x.rpm
kernel-debug-2.6.32-573.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-573.el6.s390x.rpm
kernel-debug-devel-2.6.32-573.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.el6.s390x.rpm
kernel-devel-2.6.32-573.el6.s390x.rpm
kernel-headers-2.6.32-573.el6.s390x.rpm
kernel-kdump-2.6.32-573.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.el6.s390x.rpm
kernel-kdump-devel-2.6.32-573.el6.s390x.rpm
perf-2.6.32-573.el6.s390x.rpm
perf-debuginfo-2.6.32-573.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.el6.s390x.rpm

x86_64:
kernel-2.6.32-573.el6.x86_64.rpm
kernel-debug-2.6.32-573.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debug-devel-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
kernel-devel-2.6.32-573.el6.x86_64.rpm
kernel-headers-2.6.32-573.el6.x86_64.rpm
perf-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-573.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.el6.ppc64.rpm
python-perf-2.6.32-573.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-573.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.el6.s390x.rpm
perf-debuginfo-2.6.32-573.el6.s390x.rpm
python-perf-2.6.32-573.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-573.el6.src.rpm

i386:
kernel-2.6.32-573.el6.i686.rpm
kernel-debug-2.6.32-573.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
kernel-devel-2.6.32-573.el6.i686.rpm
kernel-headers-2.6.32-573.el6.i686.rpm
perf-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm
kernel-doc-2.6.32-573.el6.noarch.rpm
kernel-firmware-2.6.32-573.el6.noarch.rpm

x86_64:
kernel-2.6.32-573.el6.x86_64.rpm
kernel-debug-2.6.32-573.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debug-devel-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
kernel-devel-2.6.32-573.el6.x86_64.rpm
kernel-headers-2.6.32-573.el6.x86_64.rpm
perf-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-2.6.32-573.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
perf-debuginfo-2.6.32-573.el6.i686.rpm
python-perf-2.6.32-573.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.el6.x86_64.rpm
python-perf-2.6.32-573.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-3184
https://access.redhat.com/security/cve/CVE-2014-3940
https://access.redhat.com/security/cve/CVE-2014-4652
https://access.redhat.com/security/cve/CVE-2014-8133
https://access.redhat.com/security/cve/CVE-2014-8709
https://access.redhat.com/security/cve/CVE-2014-9683
https://access.redhat.com/security/cve/CVE-2015-0239
https://access.redhat.com/security/cve/CVE-2015-3339
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/1466073

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzTRXlSAg2UNWIIRAuMoAKCdM22Fjbq4liPP0n4IrSdD0uZG/wCfcBZ7
AuD0gbXmegcZfF4suxZ4rwo=
=XJDi
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:28:40 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:28:40 +0000
Subject: [RHSA-2015:1287-01] Moderate: freeradius security, bug fix,
	and enhancement update
Message-ID: <201507220615.t6M6Frn0014158@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: freeradius security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1287-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1287.html
Issue date:        2015-07-22
Updated on:        2015-01-27
CVE Names:         CVE-2014-2015 
=====================================================================

1. Summary:

Updated freeradius packages that fix one security issue, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.

A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap
module handled long password hashes. An attacker able to make radiusd
process a malformed password hash could cause the daemon to crash.
(CVE-2014-2015)

The freeradius packages have been upgraded to upstream version 2.2.6, which
provides a number of bug fixes and enhancements over the previous version,
including:

* The number of dictionaries have been updated.

* This update implements several Extensible Authentication Protocol
(EAP) improvements.

* A number of new expansions have been added, including: %{randstr:...},
%{hex:...}, %{sha1:...}, %{base64:...}, %{tobase64:...}, and
%{base64tohex:...}.

* Hexadecimal numbers (0x...) are now supported in %{expr:...} expansions.

* This update adds operator support to the rlm_python module.

* The Dynamic Host Configuration Protocol (DHCP) and DHCP relay code have
been finalized.

* This update adds the rlm_cache module to cache arbitrary attributes.

For a complete list of bug fixes and enhancements provided by this rebase,
see the freeradius changelog linked to in the References section.

(BZ#1078736)

This update also fixes the following bugs:

* The /var/log/radius/radutmp file was configured to rotate at one-month
intervals, even though this was unnecessary. This update removes
/var/log/radius/radutmp from the installed logrotate utility configuration
in the /etc/logrotate.d/radiusd file, and /var/log/radius/radutmp is no
longer rotated. (BZ#904578)

* The radiusd service could not write the output file created by the
raddebug utility. The raddebug utility now sets appropriate ownership to
the output file, allowing radiusd to write the output. (BZ#921563)

* After starting raddebug using the "raddebug -t 0" command, raddebug
exited immediately. A typo in the special case comparison has been fixed,
and raddebug now runs for 11.5 days in this situation. (BZ#921567)

* MS-CHAP authentication failed when the User-Name and MS-CHAP-User-Name
attributes used different encodings, even when the user provided correct
credentials. Now, MS-CHAP authentication properly handles mismatching
character encodings. Authentication with correct credentials no longer
fails in this situation. (BZ#1060319)

* Automatically generated default certificates used the SHA-1 algorithm
message digest, which is considered insecure. The default certificates now
use the more secure SHA-256 algorithm message digest. (BZ#1135439)

* During the Online Certificate Status Protocol (OCSP) validation, radiusd
terminated unexpectedly with a segmentation fault after attempting to
access the next update field that was not provided by the OCSP responder.
Now, radiusd does not crash in this situation and instead continues to
complete the OCSP validation. (BZ#1142669)

* Prior to this update, radiusd failed to work with some of the more recent
MikroTIK attributes, because the installed directory.mikrotik file did not
include them. This update adds MikroTIK attributes with IDs up to 22 to
dictionary.mikrotik, and radiusd now works as expected with these
attributes. (BZ#1173388)

Users of freeradius are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. After installing this
update, the radiusd service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

904578 - radutmp should not rotate
921563 - raddebug not working correctly
921567 - raddebug -t 0 exists immediately
1060319 - MSCHAP Authentication is not working using automatic windows user credentials.
1066761 - CVE-2014-2015 freeradius: stack-based buffer overflow flaw in rlm_pap module
1078736 - Rebase FreeRADIUS to 2.2.4
1135439 - Default message digest defaults to sha1
1142669 - EAP-TLS and OCSP validation causing segmentation fault + patch
1173388 - dictionary.mikrotik missing Attributes
1189011 - FreeRADIUS doesn't start after upgrade due to failing OpenSSL version check
1189386 - radiusd fails to start after 'clean' installation
1189394 - radiusd segfaults after update

6. Package List:

Red Hat Enterprise Linux Server (v. 6):

Source:
freeradius-2.2.6-4.el6.src.rpm

i386:
freeradius-2.2.6-4.el6.i686.rpm
freeradius-debuginfo-2.2.6-4.el6.i686.rpm

ppc64:
freeradius-2.2.6-4.el6.ppc64.rpm
freeradius-debuginfo-2.2.6-4.el6.ppc64.rpm

s390x:
freeradius-2.2.6-4.el6.s390x.rpm
freeradius-debuginfo-2.2.6-4.el6.s390x.rpm

x86_64:
freeradius-2.2.6-4.el6.x86_64.rpm
freeradius-debuginfo-2.2.6-4.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
freeradius-debuginfo-2.2.6-4.el6.i686.rpm
freeradius-krb5-2.2.6-4.el6.i686.rpm
freeradius-ldap-2.2.6-4.el6.i686.rpm
freeradius-mysql-2.2.6-4.el6.i686.rpm
freeradius-perl-2.2.6-4.el6.i686.rpm
freeradius-postgresql-2.2.6-4.el6.i686.rpm
freeradius-python-2.2.6-4.el6.i686.rpm
freeradius-unixODBC-2.2.6-4.el6.i686.rpm
freeradius-utils-2.2.6-4.el6.i686.rpm

ppc64:
freeradius-debuginfo-2.2.6-4.el6.ppc64.rpm
freeradius-krb5-2.2.6-4.el6.ppc64.rpm
freeradius-ldap-2.2.6-4.el6.ppc64.rpm
freeradius-mysql-2.2.6-4.el6.ppc64.rpm
freeradius-perl-2.2.6-4.el6.ppc64.rpm
freeradius-postgresql-2.2.6-4.el6.ppc64.rpm
freeradius-python-2.2.6-4.el6.ppc64.rpm
freeradius-unixODBC-2.2.6-4.el6.ppc64.rpm
freeradius-utils-2.2.6-4.el6.ppc64.rpm

s390x:
freeradius-debuginfo-2.2.6-4.el6.s390x.rpm
freeradius-krb5-2.2.6-4.el6.s390x.rpm
freeradius-ldap-2.2.6-4.el6.s390x.rpm
freeradius-mysql-2.2.6-4.el6.s390x.rpm
freeradius-perl-2.2.6-4.el6.s390x.rpm
freeradius-postgresql-2.2.6-4.el6.s390x.rpm
freeradius-python-2.2.6-4.el6.s390x.rpm
freeradius-unixODBC-2.2.6-4.el6.s390x.rpm
freeradius-utils-2.2.6-4.el6.s390x.rpm

x86_64:
freeradius-debuginfo-2.2.6-4.el6.x86_64.rpm
freeradius-krb5-2.2.6-4.el6.x86_64.rpm
freeradius-ldap-2.2.6-4.el6.x86_64.rpm
freeradius-mysql-2.2.6-4.el6.x86_64.rpm
freeradius-perl-2.2.6-4.el6.x86_64.rpm
freeradius-postgresql-2.2.6-4.el6.x86_64.rpm
freeradius-python-2.2.6-4.el6.x86_64.rpm
freeradius-unixODBC-2.2.6-4.el6.x86_64.rpm
freeradius-utils-2.2.6-4.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
freeradius-2.2.6-4.el6.src.rpm

i386:
freeradius-2.2.6-4.el6.i686.rpm
freeradius-debuginfo-2.2.6-4.el6.i686.rpm

x86_64:
freeradius-2.2.6-4.el6.x86_64.rpm
freeradius-debuginfo-2.2.6-4.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
freeradius-debuginfo-2.2.6-4.el6.i686.rpm
freeradius-krb5-2.2.6-4.el6.i686.rpm
freeradius-ldap-2.2.6-4.el6.i686.rpm
freeradius-mysql-2.2.6-4.el6.i686.rpm
freeradius-perl-2.2.6-4.el6.i686.rpm
freeradius-postgresql-2.2.6-4.el6.i686.rpm
freeradius-python-2.2.6-4.el6.i686.rpm
freeradius-unixODBC-2.2.6-4.el6.i686.rpm
freeradius-utils-2.2.6-4.el6.i686.rpm

x86_64:
freeradius-debuginfo-2.2.6-4.el6.x86_64.rpm
freeradius-krb5-2.2.6-4.el6.x86_64.rpm
freeradius-ldap-2.2.6-4.el6.x86_64.rpm
freeradius-mysql-2.2.6-4.el6.x86_64.rpm
freeradius-perl-2.2.6-4.el6.x86_64.rpm
freeradius-postgresql-2.2.6-4.el6.x86_64.rpm
freeradius-python-2.2.6-4.el6.x86_64.rpm
freeradius-unixODBC-2.2.6-4.el6.x86_64.rpm
freeradius-utils-2.2.6-4.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-2015
https://access.redhat.com/security/updates/classification/#moderate
https://raw.githubusercontent.com/FreeRADIUS/freeradius-server/v3.0.x/doc/ChangeLog

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzUSXlSAg2UNWIIRAlXvAKCGbM03lnaYHB5ENL3mdWmlD7y9/wCfQ6qs
ZktUshJBSMnnKKxbIV4RjzU=
=zekX
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:29:49 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:29:49 +0000
Subject: [RHSA-2015:1320-01] Moderate: ppc64-diag security,
	bug fix and enhancement update
Message-ID: <201507220617.t6M6H2rH014769@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: ppc64-diag security, bug fix and enhancement update
Advisory ID:       RHSA-2015:1320-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1320.html
Issue date:        2015-07-22
Updated on:        2015-02-18
CVE Names:         CVE-2014-4038 CVE-2014-4039 
=====================================================================

1. Summary:

Updated ppc64-diag packages that fix two security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6) - ppc64

3. Description:

The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit
PowerPC platforms. The platform diagnostics write events reported by the
firmware to the service log, provide automated responses to urgent events,
and notify system administrators or connected service frameworks about the
reported events.

Multiple insecure temporary file use flaws were found in the way the
ppc64-diag utility created certain temporary files. A local attacker could
possibly use either of these flaws to perform a symbolic link attack and
overwrite arbitrary files with the privileges of the user running
ppc64-diag, or obtain sensitive information from the temporary files.
(CVE-2014-4038, CVE-2014-4039)

The ppc64-diag packages have been upgraded to upstream version 2.6.7, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1148142)

This update also fixes the following bugs:

* Previously, the "explain_syslog" and "syslog_to_svclog" commands failed
with a "No such file or directory" error message. With this update, the
ppc64-diag package specifies the location of the message_catalog directory
correctly, which prevents the described error from occurring. (BZ#1139655)

* Prior to this update, the /var/lock/subsys/rtas_errd file was incorrectly
labeled for SELinux as "system_u:object_r:var_lock_t:s0". This update
corrects the SELinux label to "system_u:object_r:rtas_errd_var_lock_t:s0".
(BZ#1131501)

Users of ppc64-diag are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1109371 - CVE-2014-4038 CVE-2014-4039 ppc64-diag: multiple temporary file races
1131501 - Mislabeled file '/var/lock/subsys/rtas_errd' found

6. Package List:

Red Hat Enterprise Linux Server (v. 6):

Source:
ppc64-diag-2.6.7-4.el6.src.rpm

ppc64:
ppc64-diag-2.6.7-4.el6.ppc64.rpm
ppc64-diag-debuginfo-2.6.7-4.el6.ppc64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-4038
https://access.redhat.com/security/cve/CVE-2014-4039
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzVCXlSAg2UNWIIRAopkAKCgptTD4iNAPSH8C0UFCsCoj4WWiACghmHH
wGDaSPi7/lTsvd+VfEn33EA=
=2L9M
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:30:31 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:30:31 +0000
Subject: [RHSA-2015:1330-01] Moderate: python security, bug fix,
	and enhancement update
Message-ID: <201507220617.t6M6HiV2009882@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: python security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1330-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1330.html
Issue date:        2015-07-22
Updated on:        2015-02-19
CVE Names:         CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 
                   CVE-2014-7185 
=====================================================================

1. Summary:

Updated python packages that fix multiple security issues, several bugs
and add one enhancement are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming language
often compared to Tcl, Perl, Scheme, or Java. Python includes modules,
classes, exceptions, very high level dynamic data types and dynamic typing.
Python supports interfaces to many system calls and libraries, as well as
to various windowing systems (X11, Motif, Tk, Mac and MFC).

It was discovered that the socket.recvfrom_into() function failed to check
the size of the supplied buffer. This could lead to a buffer overflow when
the function was called with an insufficiently sized buffer.
(CVE-2014-1912)

It was discovered that multiple Python standard library modules
implementing network protocols (such as httplib or smtplib) failed to
restrict the sizes of server responses. A malicious server could cause a
client using one of the affected modules to consume an excessive amount of
memory. (CVE-2013-1752)

It was discovered that the CGIHTTPServer module incorrectly handled URL
encoded paths. A remote attacker could use this flaw to execute scripts
outside of the cgi-bin directory, or disclose the source code of the
scripts in the cgi-bin directory. (CVE-2014-4650)

An integer overflow flaw was found in the way the buffer() function handled
its offset and size arguments. An attacker able to control these arguments
could use this flaw to disclose portions of the application memory or cause
it to crash. (CVE-2014-7185)

These updated python packages also include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. For information on the most significant of these changes, users
are directed to the following article on the Red Hat Customer Portal:

https://access.redhat.com/articles/1495363

All python users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

794632 - Python 2.6 installation is not 64 bit clean
1046174 - CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib
1062370 - CVE-2014-1912 python: buffer overflow in socket.recvfrom_into()
1073165 - subprocess.Popen.communicate() fails with: IOError: [Errno 4] Interrupted system call
1113527 - CVE-2014-4650 python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs
1146026 - CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read
1160640 - cProfile main() traceback if options syntax is invalid
1180864 - multiprocessing BaseManager serve_client() does not check EINTR on recv
1199997 - python-libs should have "Provides: python-ordereddict"
1223037 - Python raises exception on deepcopy of instance methods

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
python-2.6.6-64.el6.src.rpm

i386:
python-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.i686.rpm
python-libs-2.6.6-64.el6.i686.rpm
tkinter-2.6.6-64.el6.i686.rpm

x86_64:
python-2.6.6-64.el6.x86_64.rpm
python-debuginfo-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-libs-2.6.6-64.el6.i686.rpm
python-libs-2.6.6-64.el6.x86_64.rpm
tkinter-2.6.6-64.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
python-debuginfo-2.6.6-64.el6.i686.rpm
python-devel-2.6.6-64.el6.i686.rpm
python-test-2.6.6-64.el6.i686.rpm
python-tools-2.6.6-64.el6.i686.rpm

x86_64:
python-debuginfo-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-devel-2.6.6-64.el6.i686.rpm
python-devel-2.6.6-64.el6.x86_64.rpm
python-test-2.6.6-64.el6.x86_64.rpm
python-tools-2.6.6-64.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
python-2.6.6-64.el6.src.rpm

x86_64:
python-2.6.6-64.el6.x86_64.rpm
python-debuginfo-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-devel-2.6.6-64.el6.i686.rpm
python-devel-2.6.6-64.el6.x86_64.rpm
python-libs-2.6.6-64.el6.i686.rpm
python-libs-2.6.6-64.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-test-2.6.6-64.el6.x86_64.rpm
python-tools-2.6.6-64.el6.x86_64.rpm
tkinter-2.6.6-64.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
python-2.6.6-64.el6.src.rpm

i386:
python-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.i686.rpm
python-devel-2.6.6-64.el6.i686.rpm
python-libs-2.6.6-64.el6.i686.rpm
tkinter-2.6.6-64.el6.i686.rpm

ppc64:
python-2.6.6-64.el6.ppc64.rpm
python-debuginfo-2.6.6-64.el6.ppc.rpm
python-debuginfo-2.6.6-64.el6.ppc64.rpm
python-devel-2.6.6-64.el6.ppc.rpm
python-devel-2.6.6-64.el6.ppc64.rpm
python-libs-2.6.6-64.el6.ppc.rpm
python-libs-2.6.6-64.el6.ppc64.rpm
tkinter-2.6.6-64.el6.ppc64.rpm

s390x:
python-2.6.6-64.el6.s390x.rpm
python-debuginfo-2.6.6-64.el6.s390.rpm
python-debuginfo-2.6.6-64.el6.s390x.rpm
python-devel-2.6.6-64.el6.s390.rpm
python-devel-2.6.6-64.el6.s390x.rpm
python-libs-2.6.6-64.el6.s390.rpm
python-libs-2.6.6-64.el6.s390x.rpm

x86_64:
python-2.6.6-64.el6.x86_64.rpm
python-debuginfo-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-devel-2.6.6-64.el6.i686.rpm
python-devel-2.6.6-64.el6.x86_64.rpm
python-libs-2.6.6-64.el6.i686.rpm
python-libs-2.6.6-64.el6.x86_64.rpm
tkinter-2.6.6-64.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
python-debuginfo-2.6.6-64.el6.i686.rpm
python-test-2.6.6-64.el6.i686.rpm
python-tools-2.6.6-64.el6.i686.rpm

ppc64:
python-debuginfo-2.6.6-64.el6.ppc64.rpm
python-test-2.6.6-64.el6.ppc64.rpm
python-tools-2.6.6-64.el6.ppc64.rpm

s390x:
python-debuginfo-2.6.6-64.el6.s390x.rpm
python-test-2.6.6-64.el6.s390x.rpm
python-tools-2.6.6-64.el6.s390x.rpm
tkinter-2.6.6-64.el6.s390x.rpm

x86_64:
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-test-2.6.6-64.el6.x86_64.rpm
python-tools-2.6.6-64.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
python-2.6.6-64.el6.src.rpm

i386:
python-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.i686.rpm
python-devel-2.6.6-64.el6.i686.rpm
python-libs-2.6.6-64.el6.i686.rpm
tkinter-2.6.6-64.el6.i686.rpm

x86_64:
python-2.6.6-64.el6.x86_64.rpm
python-debuginfo-2.6.6-64.el6.i686.rpm
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-devel-2.6.6-64.el6.i686.rpm
python-devel-2.6.6-64.el6.x86_64.rpm
python-libs-2.6.6-64.el6.i686.rpm
python-libs-2.6.6-64.el6.x86_64.rpm
tkinter-2.6.6-64.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
python-debuginfo-2.6.6-64.el6.i686.rpm
python-test-2.6.6-64.el6.i686.rpm
python-tools-2.6.6-64.el6.i686.rpm

x86_64:
python-debuginfo-2.6.6-64.el6.x86_64.rpm
python-test-2.6.6-64.el6.x86_64.rpm
python-tools-2.6.6-64.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2013-1752
https://access.redhat.com/security/cve/CVE-2014-1912
https://access.redhat.com/security/cve/CVE-2014-4650
https://access.redhat.com/security/cve/CVE-2014-7185
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/1495363

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzWCXlSAg2UNWIIRAmbAAJ9YDzzJqDNBnjqgX0HEx+qgx40AUgCfXfNu
9pRTeYJiNHuQq9uyL7NWhEE=
=/dSQ
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:31:11 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:31:11 +0000
Subject: [RHSA-2015:1344-01] Moderate: autofs security and bug fix update
Message-ID: <201507220618.t6M6IOeo010288@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: autofs security and bug fix update
Advisory ID:       RHSA-2015:1344-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1344.html
Issue date:        2015-07-22
Updated on:        2015-02-23
CVE Names:         CVE-2014-8169 
=====================================================================

1. Summary:

Updated autofs packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The autofs utility controls the operation of the automount daemon. The 
daemon automatically mounts file systems when in use and unmounts them when
they are not busy.

It was found that program-based automounter maps that used interpreted
languages such as Python would use standard environment variables to locate
and load modules of those languages. A local attacker could potentially use
this flaw to escalate their privileges on the system. (CVE-2014-8169)

Note: This issue has been fixed by adding the "AUTOFS_" prefix to the
affected environment variables so that they are not used to subvert the
system. A configuration option ("force_standard_program_map_env") to
override this prefix and to use the environment variables without the
prefix has been added. In addition, warnings have been added to the manual
page and to the installed configuration file. Now, by default the standard
variables of the program map are provided only with the prefix added to
its name.

Red Hat would like to thank the Georgia Institute of Technology for
reporting this issue.

Bug fixes:

* If the "ls *" command was executed before a valid mount, the autofs
program failed on further mount attempts inside the mount point, whether
the mount point was valid or not. While attempting to mount, the "ls *"
command of the root directory of an indirect mount was executed, which
led to an attempt to mount "*", causing it to be added to the negative
map entry cache. This bug has been fixed by checking for and not adding
"*" while updating the negative map entry cache. (BZ#1163957)

* The autofs program by design did not mount host map entries that were
duplicate exports in an NFS server export list. The duplicate entries in a
multi-mount map entry were recognized as a syntax error and autofs refused
to perform mounts when the duplicate entries occurred. Now, autofs has been
changed to continue mounting the last seen instance of the duplicate entry
rather than fail, and to report the problem in the log files to alert the
system administrator. (BZ#1124083)

* The autofs program did not recognize the yp map type in the master map.
This was caused by another change in the master map parser to fix a problem
with detecting the map format associated with mapping the type in the
master map. The change led to an incorrect length for the type comparison
of yp maps that resulted in a match operation failure. This bug has been
fixed by correcting the length which is used for the comparison.
(BZ#1153130)

* The autofs program did not update the export list of the Sun-format maps
of the network shares exported from an NFS server. This happened due to a
change of the Sun-format map parser leading to the hosts map update to stop
working on the map re-read operation. The bug has been now fixed by
selectively preventing this type of update only for the Sun-formatted maps.
The updates of the export list on the Sun-format maps are now visible and
refreshing of the export list is no longer supported for the Sun-formatted
hosts map. (BZ#1156387)

* Within changes made for adding of the Sun-format maps, an incorrect check
was added that caused a segmentation fault in the Sun-format map parser in 
certain circumstances. This has been now fixed by analyzing the intent of 
the incorrect check and changing it in order to properly identify the 
conditions without causing a fault. (BZ#1175671)

* A bug in the autofs program map lookup module caused an incorrect map
format type comparison. The incorrect comparison affected the Sun-format
program maps where it led to the unused macro definitions. The bug in the
comparison has been fixed so that the macro definitions are not present for
the Sun-format program maps. (BZ#1201195)

Users of autofs are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1153130 - autofs-5.0.5-109 with upgrade to RHEL 6.6 no longer recognizes +yp: in auto.master
1163957 - Autofs unable to mount indirect after attempt to mount wildcard
1175671 - automount segment fault in parse_sun.so for negative parser tests
1192565 - CVE-2014-8169 autofs: priv escalation via interpreter load path for program based automount maps
1201195 - autofs: MAPFMT_DEFAULT is not macro in lookup_program.c

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
autofs-5.0.5-113.el6.src.rpm

i386:
autofs-5.0.5-113.el6.i686.rpm
autofs-debuginfo-5.0.5-113.el6.i686.rpm

x86_64:
autofs-5.0.5-113.el6.x86_64.rpm
autofs-debuginfo-5.0.5-113.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
autofs-5.0.5-113.el6.src.rpm

x86_64:
autofs-5.0.5-113.el6.x86_64.rpm
autofs-debuginfo-5.0.5-113.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
autofs-5.0.5-113.el6.src.rpm

i386:
autofs-5.0.5-113.el6.i686.rpm
autofs-debuginfo-5.0.5-113.el6.i686.rpm

ppc64:
autofs-5.0.5-113.el6.ppc64.rpm
autofs-debuginfo-5.0.5-113.el6.ppc64.rpm

s390x:
autofs-5.0.5-113.el6.s390x.rpm
autofs-debuginfo-5.0.5-113.el6.s390x.rpm

x86_64:
autofs-5.0.5-113.el6.x86_64.rpm
autofs-debuginfo-5.0.5-113.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
autofs-5.0.5-113.el6.src.rpm

i386:
autofs-5.0.5-113.el6.i686.rpm
autofs-debuginfo-5.0.5-113.el6.i686.rpm

x86_64:
autofs-5.0.5-113.el6.x86_64.rpm
autofs-debuginfo-5.0.5-113.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-8169
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzWdXlSAg2UNWIIRAj9hAJ9LWXaOTk8hCfT6RskwDGGp2+AGVgCghC69
2Sn4Oby4RJCLIABE6Teb72Q=
=9YtZ
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:31:42 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:31:42 +0000
Subject: [RHSA-2015:1347-01] Moderate: pki-core security and bug fix update
Message-ID: <201507220618.t6M6ItEa010515@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: pki-core security and bug fix update
Advisory ID:       RHSA-2015:1347-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1347.html
Issue date:        2015-07-22
Updated on:        2015-02-24
CVE Names:         CVE-2012-2662 
=====================================================================

1. Summary:

Updated pki-core packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - noarch
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch

3. Description:

Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments. PKI Core
contains fundamental packages required by Red Hat Certificate System, which
comprise the Certificate Authority (CA) subsystem.

Multiple cross-site scripting flaws were discovered in the Red Hat
Certificate System Agent and End Entity pages. An attacker could use these
flaws to perform a cross-site scripting (XSS) attack against victims using
the Certificate System's web interface. (CVE-2012-2662)

This update also fixes the following bugs:

* Previously, pki-core required the SSL version 3 (SSLv3) protocol ranges
to communicate with the 389-ds-base packages. However, recent changes to
389-ds-base disabled the default use of SSLv3 and enforced using protocol
ranges supported by secure protocols, such as the TLS protocol. As a
consequence, the CA failed to install during an Identity Management (IdM)
server installation. This update adds TLS-related parameters to the
server.xml file of the CA to fix this problem, and running the
ipa-server-install command now installs the CA as expected. (BZ#1171848)

* Previously, the ipa-server-install script failed when attempting to
configure a stand-alone CA on systems with OpenJDK version 1.8.0 installed.
The pki-core build and runtime dependencies have been modified to use
OpenJDK version 1.7.0 during the stand-alone CA configuration. As a result,
ipa-server-install no longer fails in this situation. (BZ#1212557)

* Creating a Red Hat Enterprise Linux 7 replica from a Red Hat Enterprise
Linux 6 replica running the CA service sometimes failed in IdM deployments
where the initial Red Hat Enterprise Linux 6 CA master had been removed.
This could cause problems in some situations, such as when migrating from
Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7. The bug occurred
due to a problem in a previous version of IdM where the subsystem user,
created during the initial CA server installation, was removed together
with the initial master. This update adds the restore-subsystem-user.py
script that restores the subsystem user in the described situation, thus
enabling administrators to create a Red Hat Enterprise Linux 7 replica in
this scenario. (BZ#1225589)

* Several Java import statements specify wildcard arguments. However, due
to the use of wildcard arguments in the import statements of the source
code contained in the Red Hat Enterprise Linux 6 maintenance branch, a name
space collision created the potential for an incorrect class to be
utilized. As a consequence, the Token Processing System (TPS) rebuild test
failed with an error message. This update addresses the bug by supplying
the fully named class in all of the affected areas, and the TPS rebuild
test no longer fails. (BZ#1144188)

* Previously, pki-core failed to build with the rebased version of the
CMake build system during the TPS rebuild test. The pki-core build files
have been updated to comply with the rebased version of CMake. As a result,
pki-core builds successfully in the described scenario. (BZ#1144608)

Users of pki-core are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

826646 - CVE-2012-2662 Certificate System: multiple XSS flaws
1144188 - TPS tests: RPM rebuild failure due to wildcard imports
1144608 - pki-core failed to build with cmake-2.8.12.2-4.el6
1225589 - unable to create rhel 7.1 replica from rhel 6 replica CA because subsystem user does not exist

6. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
pki-core-9.0.3-43.el6.src.rpm

i386:
pki-core-debuginfo-9.0.3-43.el6.i686.rpm
pki-native-tools-9.0.3-43.el6.i686.rpm
pki-symkey-9.0.3-43.el6.i686.rpm

noarch:
pki-ca-9.0.3-43.el6.noarch.rpm
pki-common-9.0.3-43.el6.noarch.rpm
pki-common-javadoc-9.0.3-43.el6.noarch.rpm
pki-java-tools-9.0.3-43.el6.noarch.rpm
pki-java-tools-javadoc-9.0.3-43.el6.noarch.rpm
pki-selinux-9.0.3-43.el6.noarch.rpm
pki-setup-9.0.3-43.el6.noarch.rpm
pki-silent-9.0.3-43.el6.noarch.rpm
pki-util-9.0.3-43.el6.noarch.rpm
pki-util-javadoc-9.0.3-43.el6.noarch.rpm

x86_64:
pki-core-debuginfo-9.0.3-43.el6.x86_64.rpm
pki-native-tools-9.0.3-43.el6.x86_64.rpm
pki-symkey-9.0.3-43.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
pki-core-9.0.3-43.el6.src.rpm

noarch:
pki-ca-9.0.3-43.el6.noarch.rpm
pki-common-9.0.3-43.el6.noarch.rpm
pki-common-javadoc-9.0.3-43.el6.noarch.rpm
pki-java-tools-9.0.3-43.el6.noarch.rpm
pki-java-tools-javadoc-9.0.3-43.el6.noarch.rpm
pki-selinux-9.0.3-43.el6.noarch.rpm
pki-setup-9.0.3-43.el6.noarch.rpm
pki-silent-9.0.3-43.el6.noarch.rpm
pki-util-9.0.3-43.el6.noarch.rpm
pki-util-javadoc-9.0.3-43.el6.noarch.rpm

x86_64:
pki-core-debuginfo-9.0.3-43.el6.x86_64.rpm
pki-native-tools-9.0.3-43.el6.x86_64.rpm
pki-symkey-9.0.3-43.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
pki-core-9.0.3-43.el6.src.rpm

i386:
pki-core-debuginfo-9.0.3-43.el6.i686.rpm
pki-native-tools-9.0.3-43.el6.i686.rpm
pki-symkey-9.0.3-43.el6.i686.rpm

noarch:
pki-ca-9.0.3-43.el6.noarch.rpm
pki-common-9.0.3-43.el6.noarch.rpm
pki-java-tools-9.0.3-43.el6.noarch.rpm
pki-selinux-9.0.3-43.el6.noarch.rpm
pki-setup-9.0.3-43.el6.noarch.rpm
pki-silent-9.0.3-43.el6.noarch.rpm
pki-util-9.0.3-43.el6.noarch.rpm

x86_64:
pki-core-debuginfo-9.0.3-43.el6.x86_64.rpm
pki-native-tools-9.0.3-43.el6.x86_64.rpm
pki-symkey-9.0.3-43.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

noarch:
pki-common-javadoc-9.0.3-43.el6.noarch.rpm
pki-java-tools-javadoc-9.0.3-43.el6.noarch.rpm
pki-util-javadoc-9.0.3-43.el6.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
pki-core-9.0.3-43.el6.src.rpm

i386:
pki-core-debuginfo-9.0.3-43.el6.i686.rpm
pki-native-tools-9.0.3-43.el6.i686.rpm
pki-symkey-9.0.3-43.el6.i686.rpm

noarch:
pki-ca-9.0.3-43.el6.noarch.rpm
pki-common-9.0.3-43.el6.noarch.rpm
pki-java-tools-9.0.3-43.el6.noarch.rpm
pki-selinux-9.0.3-43.el6.noarch.rpm
pki-setup-9.0.3-43.el6.noarch.rpm
pki-silent-9.0.3-43.el6.noarch.rpm
pki-util-9.0.3-43.el6.noarch.rpm

x86_64:
pki-core-debuginfo-9.0.3-43.el6.x86_64.rpm
pki-native-tools-9.0.3-43.el6.x86_64.rpm
pki-symkey-9.0.3-43.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

noarch:
pki-common-javadoc-9.0.3-43.el6.noarch.rpm
pki-java-tools-javadoc-9.0.3-43.el6.noarch.rpm
pki-util-javadoc-9.0.3-43.el6.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2012-2662
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzXHXlSAg2UNWIIRAvpCAJsHtzcKWY+v0Y9O97lmN9zkgb7kPQCgomXE
3FtdW0kth7ZkdqvhK2D8bEw=
=2C6k
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:32:28 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:32:28 +0000
Subject: [RHSA-2015:1378-01] Moderate: hivex security and bug fix update
Message-ID: <201507220619.t6M6Jfrg016242@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: hivex security and bug fix update
Advisory ID:       RHSA-2015:1378-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1378.html
Issue date:        2015-07-22
Updated on:        2015-02-27
CVE Names:         CVE-2014-9273 
=====================================================================

1. Summary:

Updated hivex packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64

3. Description:

Hivex is a library that can read and write Hive files, undocumented binary
files that Windows uses to store the Windows Registry on disk.

It was found that hivex attempted to read, and possibly write, beyond its
allocated buffer when reading a hive file with a very small size or with a
truncated or improperly formatted content. An attacker able to supply a
specially crafted hive file to an application using the hivex library could
possibly use this flaw to execute arbitrary code with the privileges of the
user running that application. (CVE-2014-9273)

Red Hat would like to thank Mahmoud Al-Qudsi of NeoSmart Technologies for
reporting this issue.

This update also fixes the following bug:

* The hivex(3) man page previously contained a typographical error. This
update fixes the typo. (BZ#1164693)

All hivex users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1158993 - CVE-2014-9273 hivex: missing checks for small/truncated files [rhel-6.7]
1164693 - typo error in man page Win::Hivex.3pm.gz
1167756 - CVE-2014-9273 hivex: missing checks for small-sized files

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
hivex-1.3.3-4.3.el6.src.rpm

x86_64:
hivex-1.3.3-4.3.el6.i686.rpm
hivex-1.3.3-4.3.el6.x86_64.rpm
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
perl-hivex-1.3.3-4.3.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

x86_64:
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
hivex-devel-1.3.3-4.3.el6.i686.rpm
hivex-devel-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm
python-hivex-1.3.3-4.3.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
hivex-1.3.3-4.3.el6.src.rpm

x86_64:
hivex-1.3.3-4.3.el6.i686.rpm
hivex-1.3.3-4.3.el6.x86_64.rpm
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
perl-hivex-1.3.3-4.3.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
hivex-devel-1.3.3-4.3.el6.i686.rpm
hivex-devel-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm
python-hivex-1.3.3-4.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
hivex-1.3.3-4.3.el6.src.rpm

x86_64:
hivex-1.3.3-4.3.el6.i686.rpm
hivex-1.3.3-4.3.el6.x86_64.rpm
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
perl-hivex-1.3.3-4.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

x86_64:
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
hivex-devel-1.3.3-4.3.el6.i686.rpm
hivex-devel-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm
python-hivex-1.3.3-4.3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
hivex-1.3.3-4.3.el6.src.rpm

x86_64:
hivex-1.3.3-4.3.el6.i686.rpm
hivex-1.3.3-4.3.el6.x86_64.rpm
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
perl-hivex-1.3.3-4.3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

x86_64:
hivex-debuginfo-1.3.3-4.3.el6.i686.rpm
hivex-debuginfo-1.3.3-4.3.el6.x86_64.rpm
hivex-devel-1.3.3-4.3.el6.i686.rpm
hivex-devel-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-1.3.3-4.3.el6.x86_64.rpm
ocaml-hivex-devel-1.3.3-4.3.el6.x86_64.rpm
python-hivex-1.3.3-4.3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-9273
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzX4XlSAg2UNWIIRAuUyAKC/ug1QkWFynzeqLr4ov/btutgqfACggYed
Z7uCWVBzFQFmWkHGdkIXkqo=
=8o16
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:33:07 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:33:07 +0000
Subject: [RHSA-2015:1385-01] Moderate: net-snmp security and bug fix update
Message-ID: <201507220620.t6M6KK1L016661@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: net-snmp security and bug fix update
Advisory ID:       RHSA-2015:1385-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1385.html
Issue date:        2015-07-22
Updated on:        2015-03-02
CVE Names:         CVE-2014-3565 
=====================================================================

1. Summary:

Updated net-snmp packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The net-snmp packages provide various libraries and tools for the Simple
Network Management Protocol (SNMP), including an SNMP library, an
extensible agent, tools for requesting or setting information from SNMP
agents, tools for generating and handling SNMP traps, a version of the
netstat command which uses SNMP, and a Tk/Perl Management Information Base
(MIB) browser.

A denial of service flaw was found in the way snmptrapd handled certain
SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP
trap containing a variable with a NULL type where an integer variable type
was expected, it would cause snmptrapd to crash. (CVE-2014-3565)

This update also fixes the following bugs:

* The HOST-RESOURCES-MIB::hrSystemProcesses object was not implemented
because parts of the HOST-RESOURCES-MIB module were rewritten in an earlier
version of net-snmp. Consequently, HOST-RESOURCES-MIB::hrSystemProcesses
did not provide information on the number of currently loaded or running
processes. With this update, HOST-RESOURCES-MIB::hrSystemProcesses has been
implemented, and the net-snmp daemon reports as expected. (BZ#1134335)

* The Net-SNMP agent daemon, snmpd, reloaded the system ARP table every 60
seconds. As a consequence, snmpd could cause a short CPU usage spike on
busy systems with a large APR table. With this update, snmpd does not
reload the full ARP table periodically, but monitors the table changes
using a netlink socket. (BZ#789500)

* Previously, snmpd used an invalid pointer to the current time when
periodically checking certain conditions specified by the "monitor" option
in the /etc/snmpd/snmpd.conf file. Consequently, snmpd terminated
unexpectedly on start with a segmentation fault if a certain entry with the
"monitor" option was used. Now, snmpd initializes the correct pointer
to the current time, and snmpd no longer crashes on start. (BZ#1050970)

* Previously, snmpd expected 8-bit network interface indices when
processing HOST-RESOURCES-MIB::hrDeviceTable. If an interface index of a
local network interface was larger than 30,000 items, snmpd could terminate
unexpectedly due to accessing invalid memory. Now, processing of all
network sizes is enabled, and snmpd no longer crashes in the described
situation. (BZ#1195547)

* The snmpdtrapd service incorrectly checked for errors when forwarding a
trap with a RequestID value of 0, and logged "Forward failed" even though
the trap was successfully forwarded. This update fixes snmptrapd checks and
the aforementioned message is now logged only when appropriate.
(BZ#1146948)

* Previously, snmpd ignored the value of the "storageUseNFS" option in the
/etc/snmpd/snmpd.conf file. As a consequence, NFS drivers were shown as
"Network Disks", even though "storageUseNFS" was set to "2" to report them
as "Fixed Disks" in HOST-RESOURCES-MIB::hrStorageTable. With this update,
snmpd takes the "storageUseNFS" option value into account, and "Fixed
Disks"
NFS drives are reported correctly. (BZ#1125793)

* Previously, the Net-SNMP python binding used an incorrect size (8 bytes
instead of 4) for variables of IPADDRESS type. Consequently, applications
that were using Net-SNMP Python bindings could send malformed SNMP
messages. With this update, the bindings now use 4 bytes for variables with
IPADRESS type, and only valid SNMP messages are sent. (BZ#1100099)

* Previously, the snmpd service did not cut values in
HOST-RESOURCES-MIB::hrStorageTable to signed 32-bit integers, as required
by SNMP standards, and provided the values as unsigned integers. As a
consequence, the HOST-RESOURCES-MIB::hrStorageTable implementation did not
conform to RFC 2790. The values are now cut to 32-bit signed integers, and
snmpd is therefore standard compliant. (BZ#1104293)

Users of net-snmp are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

886468 - snmpd does not report error when clientaddr <ip>:<port> cannot bind to the specified port
967871 - net-snmp does not display correct lm_sensors sensor data / missing CPU cores
1023570 - libnetsnmpagent.so crash under certain conditions - patched upstream in 2009
1034441 - Net-SNMP libraries and headers are invalid due to hyphens.
1069046 - snmpd returns truncated value for Counter64 taken from smuxpeer
1070075 - SNMP HRPROCESSORLOAD RETURNS INCORRECT VALUES FOR PROCESSOR #'S > 100
1073544 - net-snmp.rpm is not multilib safe
1100099 - net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid
1119567 - After installation of net-snmp-devel-5.5-44.el6_4.4.x86_64 the command '$ man snmp_read' fails
1125155 - CVE-2014-3565 net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type
1125793 - [RHEL6] net-snmp "storageUseNFS 2" option does not report NFS mount as "Fixed Disks"
1126914 - Ocetets Truncated with Python Bindings
1134335 - hrSystemProcesses is missing (net-snmp-5.5-49.el6_5.2)
1157373 - README file in net-snmp-python package is wrong
1181994 - net-snmp package does not compile on Fedora 21
1188295 - net-snmp snmpd fork() overhead [fix available]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
net-snmp-5.5-54.el6.src.rpm

i386:
net-snmp-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-libs-5.5-54.el6.i686.rpm

x86_64:
net-snmp-5.5-54.el6.x86_64.rpm
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.x86_64.rpm
net-snmp-libs-5.5-54.el6.i686.rpm
net-snmp-libs-5.5-54.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-devel-5.5-54.el6.i686.rpm
net-snmp-perl-5.5-54.el6.i686.rpm
net-snmp-python-5.5-54.el6.i686.rpm
net-snmp-utils-5.5-54.el6.i686.rpm

x86_64:
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.x86_64.rpm
net-snmp-devel-5.5-54.el6.i686.rpm
net-snmp-devel-5.5-54.el6.x86_64.rpm
net-snmp-perl-5.5-54.el6.x86_64.rpm
net-snmp-python-5.5-54.el6.x86_64.rpm
net-snmp-utils-5.5-54.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
net-snmp-5.5-54.el6.src.rpm

x86_64:
net-snmp-5.5-54.el6.x86_64.rpm
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.x86_64.rpm
net-snmp-libs-5.5-54.el6.i686.rpm
net-snmp-libs-5.5-54.el6.x86_64.rpm
net-snmp-perl-5.5-54.el6.x86_64.rpm
net-snmp-python-5.5-54.el6.x86_64.rpm
net-snmp-utils-5.5-54.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.x86_64.rpm
net-snmp-devel-5.5-54.el6.i686.rpm
net-snmp-devel-5.5-54.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
net-snmp-5.5-54.el6.src.rpm

i386:
net-snmp-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-devel-5.5-54.el6.i686.rpm
net-snmp-libs-5.5-54.el6.i686.rpm
net-snmp-perl-5.5-54.el6.i686.rpm
net-snmp-python-5.5-54.el6.i686.rpm
net-snmp-utils-5.5-54.el6.i686.rpm

ppc64:
net-snmp-5.5-54.el6.ppc64.rpm
net-snmp-debuginfo-5.5-54.el6.ppc.rpm
net-snmp-debuginfo-5.5-54.el6.ppc64.rpm
net-snmp-devel-5.5-54.el6.ppc.rpm
net-snmp-devel-5.5-54.el6.ppc64.rpm
net-snmp-libs-5.5-54.el6.ppc.rpm
net-snmp-libs-5.5-54.el6.ppc64.rpm
net-snmp-perl-5.5-54.el6.ppc64.rpm
net-snmp-python-5.5-54.el6.ppc64.rpm
net-snmp-utils-5.5-54.el6.ppc64.rpm

s390x:
net-snmp-5.5-54.el6.s390x.rpm
net-snmp-debuginfo-5.5-54.el6.s390.rpm
net-snmp-debuginfo-5.5-54.el6.s390x.rpm
net-snmp-devel-5.5-54.el6.s390.rpm
net-snmp-devel-5.5-54.el6.s390x.rpm
net-snmp-libs-5.5-54.el6.s390.rpm
net-snmp-libs-5.5-54.el6.s390x.rpm
net-snmp-perl-5.5-54.el6.s390x.rpm
net-snmp-python-5.5-54.el6.s390x.rpm
net-snmp-utils-5.5-54.el6.s390x.rpm

x86_64:
net-snmp-5.5-54.el6.x86_64.rpm
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.x86_64.rpm
net-snmp-devel-5.5-54.el6.i686.rpm
net-snmp-devel-5.5-54.el6.x86_64.rpm
net-snmp-libs-5.5-54.el6.i686.rpm
net-snmp-libs-5.5-54.el6.x86_64.rpm
net-snmp-perl-5.5-54.el6.x86_64.rpm
net-snmp-python-5.5-54.el6.x86_64.rpm
net-snmp-utils-5.5-54.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
net-snmp-5.5-54.el6.src.rpm

i386:
net-snmp-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-devel-5.5-54.el6.i686.rpm
net-snmp-libs-5.5-54.el6.i686.rpm
net-snmp-perl-5.5-54.el6.i686.rpm
net-snmp-python-5.5-54.el6.i686.rpm
net-snmp-utils-5.5-54.el6.i686.rpm

x86_64:
net-snmp-5.5-54.el6.x86_64.rpm
net-snmp-debuginfo-5.5-54.el6.i686.rpm
net-snmp-debuginfo-5.5-54.el6.x86_64.rpm
net-snmp-devel-5.5-54.el6.i686.rpm
net-snmp-devel-5.5-54.el6.x86_64.rpm
net-snmp-libs-5.5-54.el6.i686.rpm
net-snmp-libs-5.5-54.el6.x86_64.rpm
net-snmp-perl-5.5-54.el6.x86_64.rpm
net-snmp-python-5.5-54.el6.x86_64.rpm
net-snmp-utils-5.5-54.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-3565
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzYVXlSAg2UNWIIRAh4WAJ9qV50d0M2RuutHtf3bGj5Gz7Z9pgCfVPGq
mY6TkK/8TscxmjL7zjvCerk=
=3pS+
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:33:55 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:33:55 +0000
Subject: [RHSA-2015:1409-01] Moderate: sudo security, bug fix,
	and enhancement update
Message-ID: <201507220621.t6M6L8QL012146@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: sudo security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1409-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1409.html
Issue date:        2015-07-22
Updated on:        2015-03-04
CVE Names:         CVE-2014-9680 
=====================================================================

1. Summary:

Updated sudo packages that fix one security issue, three bugs, and add one
enhancement are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system 
administrators to provide certain users with the permission to execute 
privileged commands, which are used for system management purposes, without
having to log in as root.

It was discovered that sudo did not perform any checks of the TZ
environment variable value. If sudo was configured to preserve the TZ
environment variable, a local user with privileges to execute commands via
sudo could possibly use this flaw to achieve system state changes not
permitted by the configured commands. (CVE-2014-9680)

Note: The default sudoers configuration in Red Hat Enterprise Linux removes
the TZ variable from the environment in which commands run by sudo are
executed.

This update also fixes the following bugs:

* Previously, the sudo utility child processes could sometimes become
unresponsive because they ignored the SIGPIPE signal. With this update,
SIGPIPE handler is properly restored in the function that reads passwords
from the user, and the child processes no longer ignore SIGPIPE. As a
result, sudo child processes do not hang in this situation. (BZ#1094548)

* Prior to this update, the order in which sudo rules were processed did
not honor the user-defined sudoOrder attribute. Consequently, sudo rules
were processed in an undefined order even when the user defined the order
in sudoOrder. The implementation of SSSD support in sudo has been modified
to sort the rules according to the sudoOrder value, and sudo rules are now
sorted in the order defined by the user in sudoOrder. (BZ#1138581)

* Previously, sudo became unresponsive after the user issued a command when
a sudoers source was mentioned multiple times in the /etc/nsswitch.conf
file. The problem occurred when nsswitch.conf contained, for example, the
"sudoers: files sss sss" entry. The sudoers source processing code has been
fixed to correctly handle multiple instances of the same sudoers source.
As a result, sudo no longer hangs when a sudoers source is mentioned
multiple times in /etc/nsswitch.conf. (BZ#1147498)

In addition, this update adds the following enhancement:

* The sudo utility now supports I/O logs compressed using the zlib library.
With this update, sudo can generate zlib compressed I/O logs and also
process zlib compressed I/O logs generated by other versions of sudo with
zlib support. (BZ#1106433)

All sudo users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1138267 - sudoers.ldap man page has typos in description
1138581 - sudo with sssd doesn't  work correctly with sudoOrder option
1142122 - sudo option mail_no_user doesn't work
1144448 - sudo with ldap doesn't work correctly with 'listpw=all' and 'verifypw=all' in sudoOption entry
1147498 - duplicate sss module in nsswitch breaks sudo
1191144 - CVE-2014-9680 sudo: unsafe handling of TZ environment variable

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
sudo-1.8.6p3-19.el6.src.rpm

i386:
sudo-1.8.6p3-19.el6.i686.rpm
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm

x86_64:
sudo-1.8.6p3-19.el6.x86_64.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm
sudo-devel-1.8.6p3-19.el6.i686.rpm

x86_64:
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm
sudo-devel-1.8.6p3-19.el6.i686.rpm
sudo-devel-1.8.6p3-19.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
sudo-1.8.6p3-19.el6.src.rpm

x86_64:
sudo-1.8.6p3-19.el6.x86_64.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm
sudo-devel-1.8.6p3-19.el6.i686.rpm
sudo-devel-1.8.6p3-19.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
sudo-1.8.6p3-19.el6.src.rpm

i386:
sudo-1.8.6p3-19.el6.i686.rpm
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm

ppc64:
sudo-1.8.6p3-19.el6.ppc64.rpm
sudo-debuginfo-1.8.6p3-19.el6.ppc64.rpm

s390x:
sudo-1.8.6p3-19.el6.s390x.rpm
sudo-debuginfo-1.8.6p3-19.el6.s390x.rpm

x86_64:
sudo-1.8.6p3-19.el6.x86_64.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm
sudo-devel-1.8.6p3-19.el6.i686.rpm

ppc64:
sudo-debuginfo-1.8.6p3-19.el6.ppc.rpm
sudo-debuginfo-1.8.6p3-19.el6.ppc64.rpm
sudo-devel-1.8.6p3-19.el6.ppc.rpm
sudo-devel-1.8.6p3-19.el6.ppc64.rpm

s390x:
sudo-debuginfo-1.8.6p3-19.el6.s390.rpm
sudo-debuginfo-1.8.6p3-19.el6.s390x.rpm
sudo-devel-1.8.6p3-19.el6.s390.rpm
sudo-devel-1.8.6p3-19.el6.s390x.rpm

x86_64:
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm
sudo-devel-1.8.6p3-19.el6.i686.rpm
sudo-devel-1.8.6p3-19.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
sudo-1.8.6p3-19.el6.src.rpm

i386:
sudo-1.8.6p3-19.el6.i686.rpm
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm

x86_64:
sudo-1.8.6p3-19.el6.x86_64.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm
sudo-devel-1.8.6p3-19.el6.i686.rpm

x86_64:
sudo-debuginfo-1.8.6p3-19.el6.i686.rpm
sudo-debuginfo-1.8.6p3-19.el6.x86_64.rpm
sudo-devel-1.8.6p3-19.el6.i686.rpm
sudo-devel-1.8.6p3-19.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-9680
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzZIXlSAg2UNWIIRAkA6AKC6ey0k/O5Uup2y+xyQV0lxjT11+QCeNslJ
r7MCDUkZh+ton7kfp3316bo=
=XG/2
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:35:08 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:35:08 +0000
Subject: [RHSA-2015:1417-01] Moderate: mailman security and bug fix update
Message-ID: <201507220622.t6M6MLQq012755@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: mailman security and bug fix update
Advisory ID:       RHSA-2015:1417-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1417.html
Issue date:        2015-07-22
Updated on:        2015-03-16
CVE Names:         CVE-2002-0389 CVE-2015-2775 
=====================================================================

1. Summary:

Updated mailman packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Mailman is a program used to help manage e-mail discussion lists.

It was found that mailman did not sanitize the list name before passing it
to certain MTAs. A local attacker could use this flaw to execute arbitrary
code as the user running mailman. (CVE-2015-2775)

It was found that mailman stored private email messages in a world-readable
directory. A local user could use this flaw to read private mailing list
archives. (CVE-2002-0389)

This update also fixes the following bugs:

* Previously, it was impossible to configure Mailman in a way that
Domain-based Message Authentication, Reporting & Conformance (DMARC) would
recognize Sender alignment for Domain Key Identified Mail (DKIM)
signatures. Consequently, Mailman list subscribers that belonged to a mail
server with a "reject" policy for DMARC, such as yahoo.com or AOL.com, were
unable to receive Mailman forwarded messages from senders residing in any
domain that provided DKIM signatures. With this update, domains with a
"reject" DMARC policy are recognized correctly, and Mailman list
administrators are able to configure the way these messages are handled.
As a result, after a proper configuration, subscribers now correctly
receive Mailman forwarded messages in this scenario. (BZ#1095359)

* Mailman used a console encoding when generating a subject for a "welcome
email" when new mailing lists were created by the "newlist" command.
Consequently, when the console encoding did not match the encoding used by
Mailman for that particular language, characters in the "welcome email"
could be displayed incorrectly. Mailman has been fixed to use the correct
encoding, and characters in the "welcome email" are now displayed properly.
(BZ#1056366)

* The "rmlist" command used a hardcoded path to list data based on the
VAR_PREFIX configuration variable. As a consequence, when the list was
created outside of VAR_PREFIX, it was impossible to remove it using the
"rmlist" command. With this update, the "rmlist" command uses the correct
LIST_DATA_DIR value instead of VAR_PREFIX, and it is now possible to remove
the list in described situation. (BZ#1008139)

* Due to an incompatibility between Python and Mailman in Red Hat
Enterprise Linux 6, when moderators were approving a moderated message to a
mailing list and checked the "Preserve messages for the site administrator"
checkbox, Mailman failed to approve the message and returned an error.
This incompatibility has been fixed, and Mailman now approves messages as
expected in this scenario. (BZ#765807)

* When Mailman was set to not archive a list but the archive was not set to
private, attachments sent to that list were placed in a public archive.
Consequently, users of Mailman web interface could list private attachments
because httpd configuration of public archive directory allows listing all
files in the archive directory. The httpd configuration of Mailman has been
fixed to not allow listing of private archive directory, and users of
Mailman web interface are no longer able to list private attachments.
(BZ#745409)

Users of mailman are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

723584 - CVE-2002-0389 mailman: Local users able to read private mailing list archives
745409 - default httpd config for Mailman offers directory listings for lists with disabled but public archives
765807 - Messages to moderated queues are put in shunt box
1008139 - rmlist fails if list_data_dir is not a child of var_prefix
1056366 - The subject of the welcome email is character garbled when creating a new mailing list with the new list command of mailman.
1095359 - Yahoo.com and AOL DMARC reject policies cripples Mailman-2.1.12 - update to newer release
1208059 - CVE-2015-2775 mailman: directory traversal in MTA transports that deliver programmatically

6. Package List:

Red Hat Enterprise Linux Server (v. 6):

Source:
mailman-2.1.12-25.el6.src.rpm

i386:
mailman-2.1.12-25.el6.i686.rpm
mailman-debuginfo-2.1.12-25.el6.i686.rpm

ppc64:
mailman-2.1.12-25.el6.ppc64.rpm
mailman-debuginfo-2.1.12-25.el6.ppc64.rpm

s390x:
mailman-2.1.12-25.el6.s390x.rpm
mailman-debuginfo-2.1.12-25.el6.s390x.rpm

x86_64:
mailman-2.1.12-25.el6.x86_64.rpm
mailman-debuginfo-2.1.12-25.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
mailman-2.1.12-25.el6.src.rpm

i386:
mailman-2.1.12-25.el6.i686.rpm
mailman-debuginfo-2.1.12-25.el6.i686.rpm

x86_64:
mailman-2.1.12-25.el6.x86_64.rpm
mailman-debuginfo-2.1.12-25.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2002-0389
https://access.redhat.com/security/cve/CVE-2015-2775
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzaMXlSAg2UNWIIRAlYTAKCbD3DLuXQkBw6nLzSYUSQeOs+TJgCgwv6O
4G6fvU2dMvXPlJGbYXYEkWg=
=miZh
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:35:42 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:35:42 +0000
Subject: [RHSA-2015:1419-01] Low: libxml2 security and bug fix update
Message-ID: <201507220622.t6M6Mtc5018327@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: libxml2 security and bug fix update
Advisory ID:       RHSA-2015:1419-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1419.html
Issue date:        2015-07-22
Updated on:        2015-03-16
CVE Names:         CVE-2015-1819 
=====================================================================

1. Summary:

Updated libxml2 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The libxml2 library is a development toolbox providing the implementation
of various XML standards.

A denial of service flaw was found in the way the libxml2 library parsed
certain XML files. An attacker could provide a specially crafted XML file
that, when parsed by an application using libxml2, could cause that
application to use an excessive amount of memory. (CVE-2015-1819)

This issue was discovered by Florian Weimer of Red Hat Product Security.

This update also fixes the following bug:

This update fixes an error that occurred when running a test case for the
serialization of HTML documents. (BZ#1004513)

Users of libxml2 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The desktop must be
restarted (log out, then log back in) for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1211278 - CVE-2015-1819 libxml2: denial of service processing a crafted XML document

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
libxml2-2.7.6-20.el6.src.rpm

i386:
libxml2-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-python-2.7.6-20.el6.i686.rpm

x86_64:
libxml2-2.7.6-20.el6.i686.rpm
libxml2-2.7.6-20.el6.x86_64.rpm
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-python-2.7.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-devel-2.7.6-20.el6.i686.rpm
libxml2-static-2.7.6-20.el6.i686.rpm

x86_64:
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-devel-2.7.6-20.el6.i686.rpm
libxml2-devel-2.7.6-20.el6.x86_64.rpm
libxml2-static-2.7.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
libxml2-2.7.6-20.el6.src.rpm

x86_64:
libxml2-2.7.6-20.el6.i686.rpm
libxml2-2.7.6-20.el6.x86_64.rpm
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-python-2.7.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-devel-2.7.6-20.el6.i686.rpm
libxml2-devel-2.7.6-20.el6.x86_64.rpm
libxml2-static-2.7.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
libxml2-2.7.6-20.el6.src.rpm

i386:
libxml2-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-devel-2.7.6-20.el6.i686.rpm
libxml2-python-2.7.6-20.el6.i686.rpm

ppc64:
libxml2-2.7.6-20.el6.ppc.rpm
libxml2-2.7.6-20.el6.ppc64.rpm
libxml2-debuginfo-2.7.6-20.el6.ppc.rpm
libxml2-debuginfo-2.7.6-20.el6.ppc64.rpm
libxml2-devel-2.7.6-20.el6.ppc.rpm
libxml2-devel-2.7.6-20.el6.ppc64.rpm
libxml2-python-2.7.6-20.el6.ppc64.rpm

s390x:
libxml2-2.7.6-20.el6.s390.rpm
libxml2-2.7.6-20.el6.s390x.rpm
libxml2-debuginfo-2.7.6-20.el6.s390.rpm
libxml2-debuginfo-2.7.6-20.el6.s390x.rpm
libxml2-devel-2.7.6-20.el6.s390.rpm
libxml2-devel-2.7.6-20.el6.s390x.rpm
libxml2-python-2.7.6-20.el6.s390x.rpm

x86_64:
libxml2-2.7.6-20.el6.i686.rpm
libxml2-2.7.6-20.el6.x86_64.rpm
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-devel-2.7.6-20.el6.i686.rpm
libxml2-devel-2.7.6-20.el6.x86_64.rpm
libxml2-python-2.7.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-static-2.7.6-20.el6.i686.rpm

ppc64:
libxml2-debuginfo-2.7.6-20.el6.ppc64.rpm
libxml2-static-2.7.6-20.el6.ppc64.rpm

s390x:
libxml2-debuginfo-2.7.6-20.el6.s390x.rpm
libxml2-static-2.7.6-20.el6.s390x.rpm

x86_64:
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-static-2.7.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
libxml2-2.7.6-20.el6.src.rpm

i386:
libxml2-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-devel-2.7.6-20.el6.i686.rpm
libxml2-python-2.7.6-20.el6.i686.rpm

x86_64:
libxml2-2.7.6-20.el6.i686.rpm
libxml2-2.7.6-20.el6.x86_64.rpm
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-devel-2.7.6-20.el6.i686.rpm
libxml2-devel-2.7.6-20.el6.x86_64.rpm
libxml2-python-2.7.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
libxml2-debuginfo-2.7.6-20.el6.i686.rpm
libxml2-static-2.7.6-20.el6.i686.rpm

x86_64:
libxml2-debuginfo-2.7.6-20.el6.x86_64.rpm
libxml2-static-2.7.6-20.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1819
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrza1XlSAg2UNWIIRAu9TAJ9Y3uufrIqNlOFBc+SyHf6XIW3q1ACgh4l1
ADax77dyxndjDZjV8ad5zHk=
=kHjR
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:36:10 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:36:10 +0000
Subject: [RHSA-2015:1424-01] Moderate: pacemaker security and bug fix update
Message-ID: <201507220623.t6M6NMXT019422@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: pacemaker security and bug fix update
Advisory ID:       RHSA-2015:1424-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1424.html
Issue date:        2015-07-22
Updated on:        2015-03-31
CVE Names:         CVE-2015-1867 
=====================================================================

1. Summary:

Updated pacemaker packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64
Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64

3. Description:

The Pacemaker Resource Manager is a collection of technologies working
together to provide data integrity and the ability to maintain application
availability in the event of a failure.

A flaw was found in the way pacemaker, a cluster resource manager,
evaluated added nodes in certain situations. A user with read-only access
could potentially assign any other existing roles to themselves and then
add privileges to other users as well. (CVE-2015-1867)

This update also fixes the following bugs:

* Due to a race condition, nodes that gracefully shut down occasionally had
difficulty rejoining the cluster. As a consequence, nodes could come online
and be shut down again immediately by the cluster. This bug has been fixed,
and the "shutdown" attribute is now cleared properly. (BZ#1198638)

* Prior to this update, the pacemaker utility caused an unexpected
termination of the attrd daemon after a system update to Red Hat Enterprise
Linux 6.6. The bug has been fixed so that attrd no longer crashes when
pacemaker starts. (BZ#1205292)

* Previously, the access control list (ACL) of the pacemaker utility
allowed a role assignment to the Cluster Information Base (CIB) with a
read-only permission. With this update, ACL is enforced and can no longer
be bypassed by the user without the write permission, thus fixing this bug.
(BZ#1207621)

* Prior to this update, the ClusterMon (crm_mon) utility did not trigger an
external agent script with the "-E" parameter to monitor the Cluster
Information Base (CIB) when the pacemaker utility was used. A patch has
been provided to fix this bug, and crm_mon now calls the agent script when
the "-E" parameter is used. (BZ#1208896)

Users of pacemaker are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1163982 - Upgrading pacemaker-1.3-style configuration to pacemaker-2.0 with upgrade-1.3.xsl every 15 minutes
1177821 - Init script: Does not export sysconfig environment variables before starting daemon
1207621 - pacemaker (1.1.12-4.el6.x86_64) acl read-only access allow role assignment
1211370 - CVE-2015-1867 pacemaker: acl read-only access allow role assignment

6. Package List:

Red Hat Enterprise Linux High Availability (v. 6):

Source:
pacemaker-1.1.12-8.el6.src.rpm

i386:
pacemaker-1.1.12-8.el6.i686.rpm
pacemaker-cli-1.1.12-8.el6.i686.rpm
pacemaker-cluster-libs-1.1.12-8.el6.i686.rpm
pacemaker-cts-1.1.12-8.el6.i686.rpm
pacemaker-debuginfo-1.1.12-8.el6.i686.rpm
pacemaker-doc-1.1.12-8.el6.i686.rpm
pacemaker-libs-1.1.12-8.el6.i686.rpm
pacemaker-libs-devel-1.1.12-8.el6.i686.rpm
pacemaker-remote-1.1.12-8.el6.i686.rpm

x86_64:
pacemaker-1.1.12-8.el6.x86_64.rpm
pacemaker-cli-1.1.12-8.el6.x86_64.rpm
pacemaker-cluster-libs-1.1.12-8.el6.i686.rpm
pacemaker-cluster-libs-1.1.12-8.el6.x86_64.rpm
pacemaker-cts-1.1.12-8.el6.x86_64.rpm
pacemaker-debuginfo-1.1.12-8.el6.i686.rpm
pacemaker-debuginfo-1.1.12-8.el6.x86_64.rpm
pacemaker-doc-1.1.12-8.el6.x86_64.rpm
pacemaker-libs-1.1.12-8.el6.i686.rpm
pacemaker-libs-1.1.12-8.el6.x86_64.rpm
pacemaker-libs-devel-1.1.12-8.el6.i686.rpm
pacemaker-libs-devel-1.1.12-8.el6.x86_64.rpm
pacemaker-remote-1.1.12-8.el6.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage (v. 6):

Source:
pacemaker-1.1.12-8.el6.src.rpm

i386:
pacemaker-1.1.12-8.el6.i686.rpm
pacemaker-cli-1.1.12-8.el6.i686.rpm
pacemaker-cluster-libs-1.1.12-8.el6.i686.rpm
pacemaker-cts-1.1.12-8.el6.i686.rpm
pacemaker-debuginfo-1.1.12-8.el6.i686.rpm
pacemaker-doc-1.1.12-8.el6.i686.rpm
pacemaker-libs-1.1.12-8.el6.i686.rpm
pacemaker-libs-devel-1.1.12-8.el6.i686.rpm
pacemaker-remote-1.1.12-8.el6.i686.rpm

x86_64:
pacemaker-1.1.12-8.el6.x86_64.rpm
pacemaker-cli-1.1.12-8.el6.x86_64.rpm
pacemaker-cluster-libs-1.1.12-8.el6.i686.rpm
pacemaker-cluster-libs-1.1.12-8.el6.x86_64.rpm
pacemaker-cts-1.1.12-8.el6.x86_64.rpm
pacemaker-debuginfo-1.1.12-8.el6.i686.rpm
pacemaker-debuginfo-1.1.12-8.el6.x86_64.rpm
pacemaker-doc-1.1.12-8.el6.x86_64.rpm
pacemaker-libs-1.1.12-8.el6.i686.rpm
pacemaker-libs-1.1.12-8.el6.x86_64.rpm
pacemaker-libs-devel-1.1.12-8.el6.i686.rpm
pacemaker-libs-devel-1.1.12-8.el6.x86_64.rpm
pacemaker-remote-1.1.12-8.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1867
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzbMXlSAg2UNWIIRAiYNAKCSVt+eONJYRCvn3D8Y0TLOBFal2ACgodaU
Wc3PvcL5YVl9nF7vWIxU4P0=
=92kZ
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:38:01 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:38:01 +0000
Subject: [RHSA-2015:1439-01] Low: wpa_supplicant security and enhancement
	update
Message-ID: <201507220625.t6M6PDDM014241@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: wpa_supplicant security and enhancement update
Advisory ID:       RHSA-2015:1439-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1439.html
Issue date:        2015-07-22
Updated on:        2015-05-27
CVE Names:         CVE-2015-4142 
=====================================================================

1. Summary:

An updated wpa_supplicant package that fixes one security issue and adds
one enhancement is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The wpa_supplicant package contains an 802.1X Supplicant with support for
WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication
methods. It implements key negotiation with a WPA Authenticator for client
stations and controls the roaming and IEEE 802.11 authentication and
association of the WLAN driver.

An integer underflow flaw, leading to a buffer over-read, was found in the
way wpa_supplicant handled WMM Action frames. A specially crafted frame
could possibly allow an attacker within Wi-Fi radio range to cause
wpa_supplicant to crash. (CVE-2015-4142)

This update includes the following enhancement:

* Prior to this update, wpa_supplicant did not provide a way to require the
host name to be listed in an X.509 certificate's Common Name or Subject
Alternative Name, and only allowed host name suffix or subject substring
checks. This update introduces a new configuration directive,
'domain_match', which adds a full host name check. (BZ#1186806)

All wpa_supplicant users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue and adds this
enhancement. After installing this update, the wpa_supplicant service will
be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1221178 - CVE-2015-4142 wpa_supplicant and hostapd: integer underflow in AP mode WMM Action frame processing

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
wpa_supplicant-0.7.3-6.el6.src.rpm

i386:
wpa_supplicant-0.7.3-6.el6.i686.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.i686.rpm

x86_64:
wpa_supplicant-0.7.3-6.el6.x86_64.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
wpa_supplicant-0.7.3-6.el6.src.rpm

x86_64:
wpa_supplicant-0.7.3-6.el6.x86_64.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
wpa_supplicant-0.7.3-6.el6.src.rpm

i386:
wpa_supplicant-0.7.3-6.el6.i686.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.i686.rpm

ppc64:
wpa_supplicant-0.7.3-6.el6.ppc64.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.ppc64.rpm

s390x:
wpa_supplicant-0.7.3-6.el6.s390x.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.s390x.rpm

x86_64:
wpa_supplicant-0.7.3-6.el6.x86_64.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
wpa_supplicant-0.7.3-6.el6.src.rpm

i386:
wpa_supplicant-0.7.3-6.el6.i686.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.i686.rpm

x86_64:
wpa_supplicant-0.7.3-6.el6.x86_64.rpm
wpa_supplicant-debuginfo-0.7.3-6.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-4142
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzdFXlSAg2UNWIIRApXaAKCiCshtXHBP+XQsR1LzqgRpPH31zgCgmZeu
g28kC23tTBJZyqARdyFSLAU=
=Dmgb
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:38:40 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:38:40 +0000
Subject: [RHSA-2015:1447-01] Low: grep security, bug fix,
	and enhancement update
Message-ID: <201507220625.t6M6Pr00019882@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: grep security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1447-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1447.html
Issue date:        2015-07-22
Updated on:        2015-01-29
CVE Names:         CVE-2012-5667 CVE-2015-1345 
=====================================================================

1. Summary:

Updated grep packages that fix two security issues, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Low security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The grep utility searches through textual input for lines that contain a
match to a specified pattern and then prints the matching lines. The GNU
grep utilities include grep, egrep, and fgrep.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way grep parsed large lines of data. An attacker able to trick
a user into running grep on a specially crafted data file could use this
flaw to crash grep or, potentially, execute arbitrary code with the
privileges of the user running grep. (CVE-2012-5667)

A heap-based buffer overflow flaw was found in the way grep processed
certain pattern and text combinations. An attacker able to trick a user
into running grep on specially crafted input could use this flaw to crash
grep or, potentially, read from uninitialized memory. (CVE-2015-1345)

The grep packages have been upgraded to upstream version 2.20, which
provides a number of bug fixes and enhancements over the previous version.
Notably, the speed of various operations has been improved significantly.
Now, the recursive grep utility uses the fts function of the gnulib library
for directory traversal, so that it can handle much larger directories
without reporting the "File name too long" error message, and it can
operate faster when dealing with large directory hierarchies. (BZ#982215,
BZ#1064668, BZ#1126757, BZ#1167766, BZ#1171806)

This update also fixes the following bugs:

* Prior to this update, the \w and \W symbols were inconsistently matched
to the [:alnum:] character class. Consequently, regular expressions that
used \w and \W in some cases had incorrect results. An upstream patch which
fixes the matching problem has been applied, and \w is now matched to the
[_[:alnum:]] character and \W to the [^_[:alnum:]] character consistently.
(BZ#799863)

* Previously, the "--fixed-regexp" command-line option was not included in
the grep(1) manual page. Consequently, the manual page was inconsistent
with the built-in help of the grep utility. To fix this bug, grep(1) has
been updated to include a note informing the user that "--fixed-regexp" is
an obsolete option. Now, the built-in help and manual page are consistent
regarding the "--fixed-regexp" option. (BZ#1103270)

* Previously, the Perl Compatible Regular Expression (PCRE) library did not
work correctly when matching non-UTF-8 text in UTF-8 mode. Consequently, an
error message about invalid UTF-8 byte sequence characters was returned.
To fix this bug, patches from upstream have been applied to the PCRE
library and the grep utility. As a result, PCRE now skips non-UTF-8
characters as non-matching text without returning any error message.
(BZ#1193030)

All grep users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

799863 - inconsistent \w and [[:alnum:]] behaviour
889935 - CVE-2012-5667 grep: Integer overflow leading to heap-based buffer-overflow when reading large lines
982215 - word boundary error near an utf8 character
1103270 - undocumented option --fixed-regexp
1167766 - grep Abandons (with core dump in some systems) when invoked with recurse and perl switches
1171806 - grep matches lowercase when only searching for uppercase range
1183651 - CVE-2015-1345 grep: heap buffer overrun

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
grep-2.20-3.el6.src.rpm

i386:
grep-2.20-3.el6.i686.rpm
grep-debuginfo-2.20-3.el6.i686.rpm

x86_64:
grep-2.20-3.el6.x86_64.rpm
grep-debuginfo-2.20-3.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
grep-2.20-3.el6.src.rpm

x86_64:
grep-2.20-3.el6.x86_64.rpm
grep-debuginfo-2.20-3.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
grep-2.20-3.el6.src.rpm

i386:
grep-2.20-3.el6.i686.rpm
grep-debuginfo-2.20-3.el6.i686.rpm

ppc64:
grep-2.20-3.el6.ppc64.rpm
grep-debuginfo-2.20-3.el6.ppc64.rpm

s390x:
grep-2.20-3.el6.s390x.rpm
grep-debuginfo-2.20-3.el6.s390x.rpm

x86_64:
grep-2.20-3.el6.x86_64.rpm
grep-debuginfo-2.20-3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
grep-2.20-3.el6.src.rpm

i386:
grep-2.20-3.el6.i686.rpm
grep-debuginfo-2.20-3.el6.i686.rpm

x86_64:
grep-2.20-3.el6.x86_64.rpm
grep-debuginfo-2.20-3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2012-5667
https://access.redhat.com/security/cve/CVE-2015-1345
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzdZXlSAg2UNWIIRAj2EAJ4j6tghq1ELtqNIxJohjpJZVSfBVACfQcMc
hXM2QBvvG/zZmzSGXqdoLWQ=
=Ae4W
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:39:20 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:39:20 +0000
Subject: [RHSA-2015:1457-01] Moderate: gnutls security and bug fix update
Message-ID: <201507220626.t6M6QYWU020729@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: gnutls security and bug fix update
Advisory ID:       RHSA-2015:1457-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1457.html
Issue date:        2015-07-22
Updated on:        2015-01-15
CVE Names:         CVE-2014-8155 CVE-2015-0282 CVE-2015-0294 
=====================================================================

1. Summary:

Updated gnutls packages that fix three security issues and one bug are now
available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

It was found that GnuTLS did not check activation and expiration dates of
CA certificates. This could cause an application using GnuTLS to
incorrectly accept a certificate as valid when its issuing CA is already
expired. (CVE-2014-8155)

It was found that GnuTLS did not verify whether a hashing algorithm listed
in a signature matched the hashing algorithm listed in the certificate.
An attacker could create a certificate that used a different hashing
algorithm than it claimed, possibly causing GnuTLS to use an insecure,
disallowed hashing algorithm during certificate verification.
(CVE-2015-0282)

It was discovered that GnuTLS did not check if all sections of X.509
certificates indicate the same signature algorithm. This flaw, in
combination with a different flaw, could possibly lead to a bypass of the
certificate signature check. (CVE-2015-0294)

The CVE-2014-8155 issue was discovered by Marcel Kolaja of Red Hat.
The CVE-2015-0282 and CVE-2015-0294 issues were discovered by Nikos
Mavrogiannopoulos of the Red Hat Security Technologies Team.

This update also fixes the following bug:

* Previously, under certain circumstances, the certtool utility could
generate X.509 certificates which contained a negative modulus.
Consequently, such certificates could have interoperation problems with the
software using them. The bug has been fixed, and certtool no longer
generates X.509 certificates containing a negative modulus. (BZ#1036385)

Users of gnutls are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1036385 - Certtool generates x509 certificates which contain negative modulus
1194371 - CVE-2015-0282 gnutls: RSA PKCS#1 signature verification forgery
1196323 - CVE-2015-0294 gnutls: certificate algorithm consistency checking issue
1197995 - CVE-2014-8155 gnutls: gnutls does not perform date/time checks on CA certificates

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
gnutls-2.8.5-18.el6.src.rpm

i386:
gnutls-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-utils-2.8.5-18.el6.i686.rpm

x86_64:
gnutls-2.8.5-18.el6.i686.rpm
gnutls-2.8.5-18.el6.x86_64.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-utils-2.8.5-18.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm

x86_64:
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.x86_64.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
gnutls-2.8.5-18.el6.src.rpm

x86_64:
gnutls-2.8.5-18.el6.i686.rpm
gnutls-2.8.5-18.el6.x86_64.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-utils-2.8.5-18.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.x86_64.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
gnutls-2.8.5-18.el6.src.rpm

i386:
gnutls-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-utils-2.8.5-18.el6.i686.rpm

ppc64:
gnutls-2.8.5-18.el6.ppc.rpm
gnutls-2.8.5-18.el6.ppc64.rpm
gnutls-debuginfo-2.8.5-18.el6.ppc.rpm
gnutls-debuginfo-2.8.5-18.el6.ppc64.rpm
gnutls-devel-2.8.5-18.el6.ppc.rpm
gnutls-devel-2.8.5-18.el6.ppc64.rpm
gnutls-utils-2.8.5-18.el6.ppc64.rpm

s390x:
gnutls-2.8.5-18.el6.s390.rpm
gnutls-2.8.5-18.el6.s390x.rpm
gnutls-debuginfo-2.8.5-18.el6.s390.rpm
gnutls-debuginfo-2.8.5-18.el6.s390x.rpm
gnutls-devel-2.8.5-18.el6.s390.rpm
gnutls-devel-2.8.5-18.el6.s390x.rpm
gnutls-utils-2.8.5-18.el6.s390x.rpm

x86_64:
gnutls-2.8.5-18.el6.i686.rpm
gnutls-2.8.5-18.el6.x86_64.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.x86_64.rpm
gnutls-utils-2.8.5-18.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm

ppc64:
gnutls-debuginfo-2.8.5-18.el6.ppc.rpm
gnutls-debuginfo-2.8.5-18.el6.ppc64.rpm
gnutls-guile-2.8.5-18.el6.ppc.rpm
gnutls-guile-2.8.5-18.el6.ppc64.rpm

s390x:
gnutls-debuginfo-2.8.5-18.el6.s390.rpm
gnutls-debuginfo-2.8.5-18.el6.s390x.rpm
gnutls-guile-2.8.5-18.el6.s390.rpm
gnutls-guile-2.8.5-18.el6.s390x.rpm

x86_64:
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
gnutls-2.8.5-18.el6.src.rpm

i386:
gnutls-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-utils-2.8.5-18.el6.i686.rpm

x86_64:
gnutls-2.8.5-18.el6.i686.rpm
gnutls-2.8.5-18.el6.x86_64.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.x86_64.rpm
gnutls-utils-2.8.5-18.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm

x86_64:
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-8155
https://access.redhat.com/security/cve/CVE-2015-0282
https://access.redhat.com/security/cve/CVE-2015-0294
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzeUXlSAg2UNWIIRAvGyAJ4ihCbJNrh2OQApebjpshHi1oJOSgCfZVpE
V1GWk9rJwamgNOvnvQYWIfY=
=ENJ7
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:40:58 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:40:58 +0000
Subject: [RHSA-2015:1458-01] Moderate: libreoffice security, bug fix,
	and enhancement update
Message-ID: <201507220628.t6M6SC8m022253@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: libreoffice security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1458-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1458.html
Issue date:        2015-07-22
Updated on:        2015-02-03
CVE Names:         CVE-2015-1774 
=====================================================================

1. Summary:

Updated libreoffice packages that fix one security issue, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

LibreOffice is an open source, community-developed office productivity
suite. It includes key desktop applications, such as a word processor, a
spreadsheet, a presentation manager, a formula editor, and a drawing
program. LibreOffice replaces OpenOffice and provides a similar but
enhanced and extended office suite.

A flaw was found in the way the LibreOffice HWP (Hangul Word Processor)
file filter processed certain HWP documents. An attacker able to trick a
user into opening a specially crafted HWP document could possibly use this
flaw to execute arbitrary code with the privileges of the user opening that
document. (CVE-2015-1774)

The libreoffice packages have been upgraded to upstream version 4.2.8.2,
which provides a number of bug fixes and enhancements over the previous
version, including:

* OpenXML interoperability has been improved.

* This update adds additional statistics functions to the Calc application,
thus improving interoperability with Microsoft Excel and its "Analysis
ToolPak" add-in.

* Various performance improvements have been implemented in Calc.

* This update adds new import filters for importing files from the Appple
Keynote and Abiword applications.

* The export filter for the MathML markup language has been improved.

* This update adds a new start screen that includes thumbnails of recently
opened documents.

* A visual clue is now displayed in the Slide Sorter window for slides with
transitions or animations.

* This update improves trend lines in charts.

* LibreOffice now supports BCP 47 language tags.

For a complete list of bug fixes and enhancements provided by this rebase,
see the libreoffice change log linked from the References section.
(BZ#1150048)

Users of libreoffice are advised to upgrade to these updated packages,
which correct these issues and add these enhancements.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1015083 - page preview is not regerated for spreadsheet
1150048 - Rebase to latest stable LibreOffice 4.2.8.2 in RHEL-6.7
1209852 - [fix available] Cannot Open/Save on remote share
1216042 - CVE-2015-1774 libreoffice: HWP file filter vulnerability

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
libreoffice-4.2.8.2-11.el6.src.rpm

i386:
libreoffice-base-4.2.8.2-11.el6.i686.rpm
libreoffice-calc-4.2.8.2-11.el6.i686.rpm
libreoffice-core-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-draw-4.2.8.2-11.el6.i686.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.i686.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.i686.rpm
libreoffice-headless-4.2.8.2-11.el6.i686.rpm
libreoffice-impress-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.i686.rpm
libreoffice-math-4.2.8.2-11.el6.i686.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.i686.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.i686.rpm
libreoffice-pyuno-4.2.8.2-11.el6.i686.rpm
libreoffice-ure-4.2.8.2-11.el6.i686.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.i686.rpm
libreoffice-writer-4.2.8.2-11.el6.i686.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.i686.rpm

noarch:
autocorr-af-4.2.8.2-11.el6.noarch.rpm
autocorr-bg-4.2.8.2-11.el6.noarch.rpm
autocorr-ca-4.2.8.2-11.el6.noarch.rpm
autocorr-cs-4.2.8.2-11.el6.noarch.rpm
autocorr-da-4.2.8.2-11.el6.noarch.rpm
autocorr-de-4.2.8.2-11.el6.noarch.rpm
autocorr-en-4.2.8.2-11.el6.noarch.rpm
autocorr-es-4.2.8.2-11.el6.noarch.rpm
autocorr-fa-4.2.8.2-11.el6.noarch.rpm
autocorr-fi-4.2.8.2-11.el6.noarch.rpm
autocorr-fr-4.2.8.2-11.el6.noarch.rpm
autocorr-ga-4.2.8.2-11.el6.noarch.rpm
autocorr-hr-4.2.8.2-11.el6.noarch.rpm
autocorr-hu-4.2.8.2-11.el6.noarch.rpm
autocorr-it-4.2.8.2-11.el6.noarch.rpm
autocorr-ja-4.2.8.2-11.el6.noarch.rpm
autocorr-ko-4.2.8.2-11.el6.noarch.rpm
autocorr-lb-4.2.8.2-11.el6.noarch.rpm
autocorr-lt-4.2.8.2-11.el6.noarch.rpm
autocorr-mn-4.2.8.2-11.el6.noarch.rpm
autocorr-nl-4.2.8.2-11.el6.noarch.rpm
autocorr-pl-4.2.8.2-11.el6.noarch.rpm
autocorr-pt-4.2.8.2-11.el6.noarch.rpm
autocorr-ro-4.2.8.2-11.el6.noarch.rpm
autocorr-ru-4.2.8.2-11.el6.noarch.rpm
autocorr-sk-4.2.8.2-11.el6.noarch.rpm
autocorr-sl-4.2.8.2-11.el6.noarch.rpm
autocorr-sr-4.2.8.2-11.el6.noarch.rpm
autocorr-sv-4.2.8.2-11.el6.noarch.rpm
autocorr-tr-4.2.8.2-11.el6.noarch.rpm
autocorr-vi-4.2.8.2-11.el6.noarch.rpm
autocorr-zh-4.2.8.2-11.el6.noarch.rpm
libreoffice-opensymbol-fonts-4.2.8.2-11.el6.noarch.rpm

x86_64:
libreoffice-base-4.2.8.2-11.el6.x86_64.rpm
libreoffice-calc-4.2.8.2-11.el6.x86_64.rpm
libreoffice-core-4.2.8.2-11.el6.x86_64.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-draw-4.2.8.2-11.el6.x86_64.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.x86_64.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.x86_64.rpm
libreoffice-headless-4.2.8.2-11.el6.x86_64.rpm
libreoffice-impress-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-math-4.2.8.2-11.el6.x86_64.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.x86_64.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.x86_64.rpm
libreoffice-pyuno-4.2.8.2-11.el6.x86_64.rpm
libreoffice-ure-4.2.8.2-11.el6.x86_64.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.x86_64.rpm
libreoffice-writer-4.2.8.2-11.el6.x86_64.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
libreoffice-4.2.8.2-11.el6.i686.rpm
libreoffice-bsh-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-filters-4.2.8.2-11.el6.i686.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.i686.rpm
libreoffice-glade-4.2.8.2-11.el6.i686.rpm
libreoffice-librelogo-4.2.8.2-11.el6.i686.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.i686.rpm
libreoffice-rhino-4.2.8.2-11.el6.i686.rpm
libreoffice-sdk-4.2.8.2-11.el6.i686.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.i686.rpm

noarch:
autocorr-is-4.2.8.2-11.el6.noarch.rpm

x86_64:
libreoffice-4.2.8.2-11.el6.x86_64.rpm
libreoffice-bsh-4.2.8.2-11.el6.x86_64.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-filters-4.2.8.2-11.el6.x86_64.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.i686.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.x86_64.rpm
libreoffice-glade-4.2.8.2-11.el6.x86_64.rpm
libreoffice-librelogo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.x86_64.rpm
libreoffice-rhino-4.2.8.2-11.el6.x86_64.rpm
libreoffice-sdk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
libreoffice-4.2.8.2-11.el6.src.rpm

i386:
libreoffice-4.2.8.2-11.el6.i686.rpm
libreoffice-base-4.2.8.2-11.el6.i686.rpm
libreoffice-bsh-4.2.8.2-11.el6.i686.rpm
libreoffice-calc-4.2.8.2-11.el6.i686.rpm
libreoffice-core-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-draw-4.2.8.2-11.el6.i686.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.i686.rpm
libreoffice-filters-4.2.8.2-11.el6.i686.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.i686.rpm
libreoffice-glade-4.2.8.2-11.el6.i686.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.i686.rpm
libreoffice-headless-4.2.8.2-11.el6.i686.rpm
libreoffice-impress-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.i686.rpm
libreoffice-librelogo-4.2.8.2-11.el6.i686.rpm
libreoffice-math-4.2.8.2-11.el6.i686.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.i686.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.i686.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.i686.rpm
libreoffice-pyuno-4.2.8.2-11.el6.i686.rpm
libreoffice-rhino-4.2.8.2-11.el6.i686.rpm
libreoffice-sdk-4.2.8.2-11.el6.i686.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.i686.rpm
libreoffice-ure-4.2.8.2-11.el6.i686.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.i686.rpm
libreoffice-writer-4.2.8.2-11.el6.i686.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.i686.rpm

noarch:
autocorr-af-4.2.8.2-11.el6.noarch.rpm
autocorr-bg-4.2.8.2-11.el6.noarch.rpm
autocorr-ca-4.2.8.2-11.el6.noarch.rpm
autocorr-cs-4.2.8.2-11.el6.noarch.rpm
autocorr-da-4.2.8.2-11.el6.noarch.rpm
autocorr-de-4.2.8.2-11.el6.noarch.rpm
autocorr-en-4.2.8.2-11.el6.noarch.rpm
autocorr-es-4.2.8.2-11.el6.noarch.rpm
autocorr-fa-4.2.8.2-11.el6.noarch.rpm
autocorr-fi-4.2.8.2-11.el6.noarch.rpm
autocorr-fr-4.2.8.2-11.el6.noarch.rpm
autocorr-ga-4.2.8.2-11.el6.noarch.rpm
autocorr-hr-4.2.8.2-11.el6.noarch.rpm
autocorr-hu-4.2.8.2-11.el6.noarch.rpm
autocorr-is-4.2.8.2-11.el6.noarch.rpm
autocorr-it-4.2.8.2-11.el6.noarch.rpm
autocorr-ja-4.2.8.2-11.el6.noarch.rpm
autocorr-ko-4.2.8.2-11.el6.noarch.rpm
autocorr-lb-4.2.8.2-11.el6.noarch.rpm
autocorr-lt-4.2.8.2-11.el6.noarch.rpm
autocorr-mn-4.2.8.2-11.el6.noarch.rpm
autocorr-nl-4.2.8.2-11.el6.noarch.rpm
autocorr-pl-4.2.8.2-11.el6.noarch.rpm
autocorr-pt-4.2.8.2-11.el6.noarch.rpm
autocorr-ro-4.2.8.2-11.el6.noarch.rpm
autocorr-ru-4.2.8.2-11.el6.noarch.rpm
autocorr-sk-4.2.8.2-11.el6.noarch.rpm
autocorr-sl-4.2.8.2-11.el6.noarch.rpm
autocorr-sr-4.2.8.2-11.el6.noarch.rpm
autocorr-sv-4.2.8.2-11.el6.noarch.rpm
autocorr-tr-4.2.8.2-11.el6.noarch.rpm
autocorr-vi-4.2.8.2-11.el6.noarch.rpm
autocorr-zh-4.2.8.2-11.el6.noarch.rpm
libreoffice-opensymbol-fonts-4.2.8.2-11.el6.noarch.rpm

ppc64:
libreoffice-4.2.8.2-11.el6.ppc64.rpm
libreoffice-base-4.2.8.2-11.el6.ppc64.rpm
libreoffice-bsh-4.2.8.2-11.el6.ppc64.rpm
libreoffice-calc-4.2.8.2-11.el6.ppc64.rpm
libreoffice-core-4.2.8.2-11.el6.ppc64.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.ppc.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.ppc64.rpm
libreoffice-draw-4.2.8.2-11.el6.ppc64.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.ppc64.rpm
libreoffice-filters-4.2.8.2-11.el6.ppc64.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.ppc.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.ppc64.rpm
libreoffice-glade-4.2.8.2-11.el6.ppc64.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.ppc64.rpm
libreoffice-headless-4.2.8.2-11.el6.ppc64.rpm
libreoffice-impress-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.ppc64.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.ppc64.rpm
libreoffice-librelogo-4.2.8.2-11.el6.ppc64.rpm
libreoffice-math-4.2.8.2-11.el6.ppc64.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.ppc64.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.ppc64.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.ppc64.rpm
libreoffice-pyuno-4.2.8.2-11.el6.ppc64.rpm
libreoffice-rhino-4.2.8.2-11.el6.ppc64.rpm
libreoffice-sdk-4.2.8.2-11.el6.ppc64.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.ppc64.rpm
libreoffice-ure-4.2.8.2-11.el6.ppc64.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.ppc64.rpm
libreoffice-writer-4.2.8.2-11.el6.ppc64.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.ppc64.rpm

s390x:
libreoffice-4.2.8.2-11.el6.s390x.rpm
libreoffice-base-4.2.8.2-11.el6.s390x.rpm
libreoffice-bsh-4.2.8.2-11.el6.s390x.rpm
libreoffice-calc-4.2.8.2-11.el6.s390x.rpm
libreoffice-core-4.2.8.2-11.el6.s390x.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.s390.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.s390x.rpm
libreoffice-draw-4.2.8.2-11.el6.s390x.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.s390x.rpm
libreoffice-filters-4.2.8.2-11.el6.s390x.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.s390.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.s390x.rpm
libreoffice-glade-4.2.8.2-11.el6.s390x.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.s390x.rpm
libreoffice-headless-4.2.8.2-11.el6.s390x.rpm
libreoffice-impress-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.s390x.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.s390x.rpm
libreoffice-librelogo-4.2.8.2-11.el6.s390x.rpm
libreoffice-math-4.2.8.2-11.el6.s390x.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.s390x.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.s390x.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.s390x.rpm
libreoffice-pyuno-4.2.8.2-11.el6.s390x.rpm
libreoffice-rhino-4.2.8.2-11.el6.s390x.rpm
libreoffice-sdk-4.2.8.2-11.el6.s390x.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.s390x.rpm
libreoffice-ure-4.2.8.2-11.el6.s390x.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.s390x.rpm
libreoffice-writer-4.2.8.2-11.el6.s390x.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.s390x.rpm

x86_64:
libreoffice-4.2.8.2-11.el6.x86_64.rpm
libreoffice-base-4.2.8.2-11.el6.x86_64.rpm
libreoffice-bsh-4.2.8.2-11.el6.x86_64.rpm
libreoffice-calc-4.2.8.2-11.el6.x86_64.rpm
libreoffice-core-4.2.8.2-11.el6.x86_64.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-draw-4.2.8.2-11.el6.x86_64.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.x86_64.rpm
libreoffice-filters-4.2.8.2-11.el6.x86_64.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.i686.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.x86_64.rpm
libreoffice-glade-4.2.8.2-11.el6.x86_64.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.x86_64.rpm
libreoffice-headless-4.2.8.2-11.el6.x86_64.rpm
libreoffice-impress-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-librelogo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-math-4.2.8.2-11.el6.x86_64.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.x86_64.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.x86_64.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.x86_64.rpm
libreoffice-pyuno-4.2.8.2-11.el6.x86_64.rpm
libreoffice-rhino-4.2.8.2-11.el6.x86_64.rpm
libreoffice-sdk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.x86_64.rpm
libreoffice-ure-4.2.8.2-11.el6.x86_64.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.x86_64.rpm
libreoffice-writer-4.2.8.2-11.el6.x86_64.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
libreoffice-4.2.8.2-11.el6.src.rpm

i386:
libreoffice-base-4.2.8.2-11.el6.i686.rpm
libreoffice-calc-4.2.8.2-11.el6.i686.rpm
libreoffice-core-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-draw-4.2.8.2-11.el6.i686.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.i686.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.i686.rpm
libreoffice-headless-4.2.8.2-11.el6.i686.rpm
libreoffice-impress-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.i686.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.i686.rpm
libreoffice-math-4.2.8.2-11.el6.i686.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.i686.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.i686.rpm
libreoffice-pyuno-4.2.8.2-11.el6.i686.rpm
libreoffice-ure-4.2.8.2-11.el6.i686.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.i686.rpm
libreoffice-writer-4.2.8.2-11.el6.i686.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.i686.rpm

noarch:
autocorr-af-4.2.8.2-11.el6.noarch.rpm
autocorr-bg-4.2.8.2-11.el6.noarch.rpm
autocorr-ca-4.2.8.2-11.el6.noarch.rpm
autocorr-cs-4.2.8.2-11.el6.noarch.rpm
autocorr-da-4.2.8.2-11.el6.noarch.rpm
autocorr-de-4.2.8.2-11.el6.noarch.rpm
autocorr-en-4.2.8.2-11.el6.noarch.rpm
autocorr-es-4.2.8.2-11.el6.noarch.rpm
autocorr-fa-4.2.8.2-11.el6.noarch.rpm
autocorr-fi-4.2.8.2-11.el6.noarch.rpm
autocorr-fr-4.2.8.2-11.el6.noarch.rpm
autocorr-ga-4.2.8.2-11.el6.noarch.rpm
autocorr-hr-4.2.8.2-11.el6.noarch.rpm
autocorr-hu-4.2.8.2-11.el6.noarch.rpm
autocorr-it-4.2.8.2-11.el6.noarch.rpm
autocorr-ja-4.2.8.2-11.el6.noarch.rpm
autocorr-ko-4.2.8.2-11.el6.noarch.rpm
autocorr-lb-4.2.8.2-11.el6.noarch.rpm
autocorr-lt-4.2.8.2-11.el6.noarch.rpm
autocorr-mn-4.2.8.2-11.el6.noarch.rpm
autocorr-nl-4.2.8.2-11.el6.noarch.rpm
autocorr-pl-4.2.8.2-11.el6.noarch.rpm
autocorr-pt-4.2.8.2-11.el6.noarch.rpm
autocorr-ro-4.2.8.2-11.el6.noarch.rpm
autocorr-ru-4.2.8.2-11.el6.noarch.rpm
autocorr-sk-4.2.8.2-11.el6.noarch.rpm
autocorr-sl-4.2.8.2-11.el6.noarch.rpm
autocorr-sr-4.2.8.2-11.el6.noarch.rpm
autocorr-sv-4.2.8.2-11.el6.noarch.rpm
autocorr-tr-4.2.8.2-11.el6.noarch.rpm
autocorr-vi-4.2.8.2-11.el6.noarch.rpm
autocorr-zh-4.2.8.2-11.el6.noarch.rpm
libreoffice-opensymbol-fonts-4.2.8.2-11.el6.noarch.rpm

x86_64:
libreoffice-base-4.2.8.2-11.el6.x86_64.rpm
libreoffice-calc-4.2.8.2-11.el6.x86_64.rpm
libreoffice-core-4.2.8.2-11.el6.x86_64.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-draw-4.2.8.2-11.el6.x86_64.rpm
libreoffice-emailmerge-4.2.8.2-11.el6.x86_64.rpm
libreoffice-graphicfilter-4.2.8.2-11.el6.x86_64.rpm
libreoffice-headless-4.2.8.2-11.el6.x86_64.rpm
libreoffice-impress-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-af-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ar-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-as-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-bg-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-bn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ca-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-cs-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-cy-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-da-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-de-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-dz-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-el-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-en-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-es-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-et-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-eu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-fi-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-fr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ga-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-gl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-gu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-he-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hi-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-hu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-it-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ja-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-kn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ko-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-lt-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-mai-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ml-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-mr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ms-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nb-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-nso-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-or-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pa-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pt-BR-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-pt-PT-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ro-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ru-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sl-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ss-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-st-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-sv-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ta-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-te-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-th-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-tn-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-tr-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ts-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-uk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ur-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-ve-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-xh-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zh-Hans-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zh-Hant-4.2.8.2-11.el6.x86_64.rpm
libreoffice-langpack-zu-4.2.8.2-11.el6.x86_64.rpm
libreoffice-math-4.2.8.2-11.el6.x86_64.rpm
libreoffice-ogltrans-4.2.8.2-11.el6.x86_64.rpm
libreoffice-pdfimport-4.2.8.2-11.el6.x86_64.rpm
libreoffice-pyuno-4.2.8.2-11.el6.x86_64.rpm
libreoffice-ure-4.2.8.2-11.el6.x86_64.rpm
libreoffice-wiki-publisher-4.2.8.2-11.el6.x86_64.rpm
libreoffice-writer-4.2.8.2-11.el6.x86_64.rpm
libreoffice-xsltfilter-4.2.8.2-11.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
libreoffice-4.2.8.2-11.el6.i686.rpm
libreoffice-bsh-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-filters-4.2.8.2-11.el6.i686.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.i686.rpm
libreoffice-glade-4.2.8.2-11.el6.i686.rpm
libreoffice-librelogo-4.2.8.2-11.el6.i686.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.i686.rpm
libreoffice-rhino-4.2.8.2-11.el6.i686.rpm
libreoffice-sdk-4.2.8.2-11.el6.i686.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.i686.rpm

noarch:
autocorr-is-4.2.8.2-11.el6.noarch.rpm

x86_64:
libreoffice-4.2.8.2-11.el6.x86_64.rpm
libreoffice-bsh-4.2.8.2-11.el6.x86_64.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.i686.rpm
libreoffice-debuginfo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-filters-4.2.8.2-11.el6.x86_64.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.i686.rpm
libreoffice-gdb-debug-support-4.2.8.2-11.el6.x86_64.rpm
libreoffice-glade-4.2.8.2-11.el6.x86_64.rpm
libreoffice-librelogo-4.2.8.2-11.el6.x86_64.rpm
libreoffice-nlpsolver-4.2.8.2-11.el6.x86_64.rpm
libreoffice-rhino-4.2.8.2-11.el6.x86_64.rpm
libreoffice-sdk-4.2.8.2-11.el6.x86_64.rpm
libreoffice-sdk-doc-4.2.8.2-11.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1774
https://access.redhat.com/security/updates/classification/#moderate
https://wiki.documentfoundation.org/ReleaseNotes/4.2

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzftXlSAg2UNWIIRAttWAKCef09St9wFZvYntCYNuoMLrLySPQCfZmXM
3G107Y2bLYC67zSYkreVMTY=
=RB9o
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:43:39 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:43:39 +0000
Subject: [RHSA-2015:1459-01] Moderate: ntp security, bug fix,
	and enhancement update
Message-ID: <201507220630.t6M6UqxK003481@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: ntp security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1459-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1459.html
Issue date:        2015-07-22
Updated on:        2015-02-25
CVE Names:         CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 
                   CVE-2015-1799 CVE-2015-3405 
=====================================================================

1. Summary:

Updated ntp packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

The Network Time Protocol (NTP) is used to synchronize a computer's time
with another referenced time source.

It was found that because NTP's access control was based on a source IP
address, an attacker could bypass source IP restrictions and send malicious
control and configuration packets by spoofing ::1 addresses.
(CVE-2014-9298)

A denial of service flaw was found in the way NTP hosts that were peering
with each other authenticated themselves before updating their internal
state variables. An attacker could send packets to one peer host, which
could cascade to other peers, and stop the synchronization process among
the reached peers. (CVE-2015-1799)

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric
keys on big-endian systems. An attacker could possibly use this flaw to
guess generated MD5 keys, which could then be used to spoof an NTP client
or server. (CVE-2015-3405)

A stack-based buffer overflow was found in the way the NTP autokey protocol
was implemented. When an NTP client decrypted a secret received from an NTP
server, it could cause that client to crash. (CVE-2014-9297)

It was found that ntpd did not check whether a Message Authentication Code
(MAC) was present in a received packet when ntpd was configured to use
symmetric cryptographic keys. A man-in-the-middle attacker could use this
flaw to send crafted packets that would be accepted by a client or a peer
without the attacker knowing the symmetric key. (CVE-2015-1798)

The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav
Lichv?r of Red Hat.

Bug fixes:

* The ntpd daemon truncated symmetric keys specified in the key file to 20
bytes. As a consequence, it was impossible to configure NTP authentication
to work with peers that use longer keys. The maximum length of keys has now
been changed to 32 bytes. (BZ#1053551)

* The ntp-keygen utility used the exponent of 3 when generating RSA keys,
and generating RSA keys failed when FIPS mode was enabled. ntp-keygen has
been modified to use the exponent of 65537, and generating keys in FIPS
mode now works as expected. (BZ#1184421)

* The ntpd daemon included a root delay when calculating its root
dispersion. Consequently, the NTP server reported larger root dispersion
than it should have and clients could reject the source when its distance
reached the maximum synchronization distance (1.5 seconds by default).
Calculation of root dispersion has been fixed, the root dispersion is now
reported correctly, and clients no longer reject the server due to a large
synchronization distance. (BZ#1045376)

* The ntpd daemon dropped incoming NTP packets if their source port was
lower than 123 (the NTP port). Clients behind Network Address Translation
(NAT) were unable to synchronize with the server if their source port was
translated to ports below 123. With this update, ntpd no longer checks the
source port number. (BZ#1171630)

Enhancements:

* This update introduces configurable access of memory segments used for
Shared Memory Driver (SHM) reference clocks. Previously, only the first two
memory segments were created with owner-only access, allowing just two SHM
reference clocks to be used securely on a system. Now, the owner-only
access to SHM is configurable with the "mode" option, and it is therefore
possible to use more SHM reference clocks securely. (BZ#1122015)

* Support for nanosecond resolution has been added to the SHM reference
clock. Prior to this update, when a Precision Time Protocol (PTP) hardware
clock was used as a time source to synchronize the system clock (for
example, with the timemaster service from the linuxptp package), the
accuracy of the synchronization was limited due to the microsecond
resolution of the SHM protocol. The nanosecond extension in the SHM
protocol now enables sub-microsecond synchronization of the system clock.
(BZ#1117704)

4. Solution:

All ntp users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. After installing the update, the ntpd daemon will
restart automatically.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

995134 - ntp package doesn't build with net-snmp-devel
1045376 - Fix root distance and root dispersion calculations.
1117704 - SHM refclock doesn't support nanosecond resolution
1122015 - SHM refclock allows only two units with owner-only access
1165141 - ntp: mreadvar command crash in ntpq
1166596 - ntpd should warn when monitoring facility can't be disabled due to restrict configuration
1171630 - NTP drops requests when sourceport is below 123
1184572 - CVE-2014-9298 ntp: drop packets with source address ::1
1184573 - CVE-2014-9297 ntp: vallen in extension fields are not validated
1190619 - ntpd -x steps clock on leap second
1193849 - logconfig documentation needs update
1193850 - ntpd does not update dstadr when the routing table changes
1199430 - CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto
1199435 - CVE-2015-1799 ntp: authentication doesn't protect symmetric associations against DoS attacks
1210324 - CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ntp-4.2.6p5-5.el6.src.rpm

i386:
ntp-4.2.6p5-5.el6.i686.rpm
ntp-debuginfo-4.2.6p5-5.el6.i686.rpm
ntpdate-4.2.6p5-5.el6.i686.rpm

x86_64:
ntp-4.2.6p5-5.el6.x86_64.rpm
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntpdate-4.2.6p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
ntp-debuginfo-4.2.6p5-5.el6.i686.rpm
ntp-perl-4.2.6p5-5.el6.i686.rpm

noarch:
ntp-doc-4.2.6p5-5.el6.noarch.rpm

x86_64:
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntp-perl-4.2.6p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ntp-4.2.6p5-5.el6.src.rpm

x86_64:
ntp-4.2.6p5-5.el6.x86_64.rpm
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntpdate-4.2.6p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
ntp-doc-4.2.6p5-5.el6.noarch.rpm

x86_64:
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntp-perl-4.2.6p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ntp-4.2.6p5-5.el6.src.rpm

i386:
ntp-4.2.6p5-5.el6.i686.rpm
ntp-debuginfo-4.2.6p5-5.el6.i686.rpm
ntpdate-4.2.6p5-5.el6.i686.rpm

ppc64:
ntp-4.2.6p5-5.el6.ppc64.rpm
ntp-debuginfo-4.2.6p5-5.el6.ppc64.rpm
ntpdate-4.2.6p5-5.el6.ppc64.rpm

s390x:
ntp-4.2.6p5-5.el6.s390x.rpm
ntp-debuginfo-4.2.6p5-5.el6.s390x.rpm
ntpdate-4.2.6p5-5.el6.s390x.rpm

x86_64:
ntp-4.2.6p5-5.el6.x86_64.rpm
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntpdate-4.2.6p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
ntp-debuginfo-4.2.6p5-5.el6.i686.rpm
ntp-perl-4.2.6p5-5.el6.i686.rpm

noarch:
ntp-doc-4.2.6p5-5.el6.noarch.rpm

ppc64:
ntp-debuginfo-4.2.6p5-5.el6.ppc64.rpm
ntp-perl-4.2.6p5-5.el6.ppc64.rpm

s390x:
ntp-debuginfo-4.2.6p5-5.el6.s390x.rpm
ntp-perl-4.2.6p5-5.el6.s390x.rpm

x86_64:
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntp-perl-4.2.6p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ntp-4.2.6p5-5.el6.src.rpm

i386:
ntp-4.2.6p5-5.el6.i686.rpm
ntp-debuginfo-4.2.6p5-5.el6.i686.rpm
ntpdate-4.2.6p5-5.el6.i686.rpm

x86_64:
ntp-4.2.6p5-5.el6.x86_64.rpm
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntpdate-4.2.6p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
ntp-debuginfo-4.2.6p5-5.el6.i686.rpm
ntp-perl-4.2.6p5-5.el6.i686.rpm

noarch:
ntp-doc-4.2.6p5-5.el6.noarch.rpm

x86_64:
ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm
ntp-perl-4.2.6p5-5.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-9297
https://access.redhat.com/security/cve/CVE-2014-9298
https://access.redhat.com/security/cve/CVE-2015-1798
https://access.redhat.com/security/cve/CVE-2015-1799
https://access.redhat.com/security/cve/CVE-2015-3405
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzhmXlSAg2UNWIIRAm99AJ48H4E3oVeZOC1QZtZHqK2Kqtyz4QCfQQtv
N7izaJnwt/eplpxx4DE0HoY=
=6lW5
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:44:32 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:44:32 +0000
Subject: [RHSA-2015:1460-01] Moderate: wireshark security, bug fix,
	and enhancement update
Message-ID: <201507220631.t6M6Vjxu025063@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: wireshark security, bug fix, and enhancement update
Advisory ID:       RHSA-2015:1460-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1460.html
Issue date:        2015-07-22
Updated on:        2015-03-02
CVE Names:         CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 
                   CVE-2014-8713 CVE-2014-8714 CVE-2015-0562 
                   CVE-2015-0564 CVE-2015-2189 CVE-2015-2191 
=====================================================================

1. Summary:

Updated wireshark packages that fix multiple security issues, several bugs,
and add various enhancements are now available for Red Hat Enterprise
Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Wireshark, previously known as Ethereal, is a network protocol analyzer,
which is used to capture and browse the traffic running on a computer
network.

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713,
CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189,
CVE-2015-2191)

This update also fixes the following bugs:

* Previously, the Wireshark tool did not support Advanced Encryption
Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a
consequence, AES-GCM was not decrypted. Support for AES-GCM has been added
to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065)

* Previously, when installing the system using the kickstart method, a
dependency on the shadow-utils packages was missing from the wireshark
packages, which could cause the installation to fail with a "bad scriptlet"
error message. With this update, shadow-utils are listed as required in the
wireshark packages spec file, and kickstart installation no longer fails.
(BZ#1121275)

* Prior to this update, the Wireshark tool could not decode types of
elliptic curves in Datagram Transport Layer Security (DTLS) Client Hello.
Consequently, Wireshark incorrectly displayed elliptic curves types as
data. A patch has been applied to address this bug, and Wireshark now
decodes elliptic curves types properly. (BZ#1131203)

* Previously, a dependency on the gtk2 packages was missing from the
wireshark packages. As a consequence, the Wireshark tool failed to start
under certain circumstances due to an unresolved symbol,
"gtk_combo_box_text_new_with_entry", which was added in gtk version 2.24.
With this update, a dependency on gtk2 has been added, and Wireshark now
always starts as expected. (BZ#1160388)

In addition, this update adds the following enhancements:

* With this update, the Wireshark tool supports process substitution, which
feeds the output of a process (or processes) into the standard input of
another process using the "<(command_list)" syntax. When using process
substitution with large files as input, Wireshark failed to decode such
input. (BZ#1104210)

* Wireshark has been enhanced to enable capturing packets with nanosecond
time stamp precision, which allows better analysis of recorded network
traffic. (BZ#1146578)

All wireshark users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. All running instances of Wireshark must be restarted for the
update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1163581 - CVE-2014-8714 wireshark: TN5250 infinite loop (wnpa-sec-2014-23)
1163582 - CVE-2014-8712 CVE-2014-8713 wireshark: NCP dissector crashes (wnpa-sec-2014-22)
1163583 - CVE-2014-8711 wireshark: AMQP dissector crash (wnpa-sec-2014-21)
1163584 - CVE-2014-8710 wireshark: SigComp dissector crash (wnpa-sec-2014-20)
1180182 - CVE-2015-0562 wireshark: DEC DNA Routing Protocol dissector crash (wnpa-sec-2015-03)
1180197 - CVE-2015-0564 wireshark: TLS/SSL decryption crash (wnpa-sec-2015-05)
1199165 - CVE-2015-2189 wireshark: The pcapng file parser could crash (wnpa-sec-2015-08)
1199167 - CVE-2015-2191 wireshark: The TNEF dissector could go into an infinite loop on 32-bit architectures (wnpa-sec-2015-10)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
wireshark-1.8.10-17.el6.src.rpm

i386:
wireshark-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-gnome-1.8.10-17.el6.i686.rpm

x86_64:
wireshark-1.8.10-17.el6.i686.rpm
wireshark-1.8.10-17.el6.x86_64.rpm
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.x86_64.rpm
wireshark-gnome-1.8.10-17.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-devel-1.8.10-17.el6.i686.rpm

x86_64:
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.x86_64.rpm
wireshark-devel-1.8.10-17.el6.i686.rpm
wireshark-devel-1.8.10-17.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
wireshark-1.8.10-17.el6.src.rpm

i386:
wireshark-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-gnome-1.8.10-17.el6.i686.rpm

ppc64:
wireshark-1.8.10-17.el6.ppc.rpm
wireshark-1.8.10-17.el6.ppc64.rpm
wireshark-debuginfo-1.8.10-17.el6.ppc.rpm
wireshark-debuginfo-1.8.10-17.el6.ppc64.rpm
wireshark-gnome-1.8.10-17.el6.ppc64.rpm

s390x:
wireshark-1.8.10-17.el6.s390.rpm
wireshark-1.8.10-17.el6.s390x.rpm
wireshark-debuginfo-1.8.10-17.el6.s390.rpm
wireshark-debuginfo-1.8.10-17.el6.s390x.rpm
wireshark-gnome-1.8.10-17.el6.s390x.rpm

x86_64:
wireshark-1.8.10-17.el6.i686.rpm
wireshark-1.8.10-17.el6.x86_64.rpm
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.x86_64.rpm
wireshark-gnome-1.8.10-17.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-devel-1.8.10-17.el6.i686.rpm

ppc64:
wireshark-debuginfo-1.8.10-17.el6.ppc.rpm
wireshark-debuginfo-1.8.10-17.el6.ppc64.rpm
wireshark-devel-1.8.10-17.el6.ppc.rpm
wireshark-devel-1.8.10-17.el6.ppc64.rpm

s390x:
wireshark-debuginfo-1.8.10-17.el6.s390.rpm
wireshark-debuginfo-1.8.10-17.el6.s390x.rpm
wireshark-devel-1.8.10-17.el6.s390.rpm
wireshark-devel-1.8.10-17.el6.s390x.rpm

x86_64:
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.x86_64.rpm
wireshark-devel-1.8.10-17.el6.i686.rpm
wireshark-devel-1.8.10-17.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
wireshark-1.8.10-17.el6.src.rpm

i386:
wireshark-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-gnome-1.8.10-17.el6.i686.rpm

x86_64:
wireshark-1.8.10-17.el6.i686.rpm
wireshark-1.8.10-17.el6.x86_64.rpm
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.x86_64.rpm
wireshark-gnome-1.8.10-17.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-devel-1.8.10-17.el6.i686.rpm

x86_64:
wireshark-debuginfo-1.8.10-17.el6.i686.rpm
wireshark-debuginfo-1.8.10-17.el6.x86_64.rpm
wireshark-devel-1.8.10-17.el6.i686.rpm
wireshark-devel-1.8.10-17.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-8710
https://access.redhat.com/security/cve/CVE-2014-8711
https://access.redhat.com/security/cve/CVE-2014-8712
https://access.redhat.com/security/cve/CVE-2014-8713
https://access.redhat.com/security/cve/CVE-2014-8714
https://access.redhat.com/security/cve/CVE-2015-0562
https://access.redhat.com/security/cve/CVE-2015-0564
https://access.redhat.com/security/cve/CVE-2015-2189
https://access.redhat.com/security/cve/CVE-2015-2191
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzi6XlSAg2UNWIIRAn42AJ9K6pI6kSHOgqCRAUlSFmhua8l7MgCgsjsr
/gsuQrJ6yU9fT3gKEOKUIFI=
=3ZkX
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 06:44:58 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 06:44:58 +0000
Subject: [RHSA-2015:1462-01] Moderate: ipa security and bug fix update
Message-ID: <201507220632.t6M6WBeR025481@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: ipa security and bug fix update
Advisory ID:       RHSA-2015:1462-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1462.html
Issue date:        2015-07-22
Updated on:        2015-03-04
CVE Names:         CVE-2010-5312 CVE-2012-6662 
=====================================================================

1. Summary:

Updated ipa packages that fix two security issues and several bugs are now
available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Red Hat Identity Management (IdM) is a centralized authentication, identity
management, and authorization solution for both traditional and cloud-based
enterprise environments.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Two cross-site scripting (XSS) flaws were found in jQuery, which impacted
the Identity Management web administrative interface, and could allow an
authenticated user to inject arbitrary HTML or web script into the
interface. (CVE-2010-5312, CVE-2012-6662)

Note: The IdM version provided by this update no longer uses jQuery.

Bug fixes:

* The ipa-server-install, ipa-replica-install, and ipa-client-install
utilities are not supported on machines running in FIPS-140 mode.
Previously, IdM did not warn users about this. Now, IdM does not allow
running the utilities in FIPS-140 mode, and displays an explanatory
message. (BZ#1131571)

* If an Active Directory (AD) server was specified or discovered
automatically when running the ipa-client-install utility, the utility
produced a traceback instead of informing the user that an IdM server is
expected in this situation. Now, ipa-client-install detects the AD server
and fails with an explanatory message. (BZ#1132261)

* When IdM servers were configured to require the TLS protocol version 1.1
(TLSv1.1) or later in the httpd server, the ipa utility failed. With this
update, running ipa works as expected with TLSv1.1 or later. (BZ#1154687)

* In certain high-load environments, the Kerberos authentication step of
the IdM client installer can fail. Previously, the entire client
installation failed in this situation. This update modifies
ipa-client-install to prefer the TCP protocol over the UDP protocol and to
retry the authentication attempt in case of failure. (BZ#1161722)

* If ipa-client-install updated or created the /etc/nsswitch.conf file, the
sudo utility could terminate unexpectedly with a segmentation fault. Now,
ipa-client-install puts a new line character at the end of nsswitch.conf if
it modifies the last line of the file, fixing this bug. (BZ#1185207)

* The ipa-client-automount utility failed with the "UNWILLING_TO_PERFORM"
LDAP error when the nsslapd-minssf Red Hat Directory Server configuration
parameter was set to "1". This update modifies ipa-client-automount to use
encrypted connection for LDAP searches by default, and the utility now
finishes successfully even with nsslapd-minssf specified. (BZ#1191040)

* If installing an IdM server failed after the Certificate Authority (CA)
installation, the "ipa-server-install --uninstall" command did not perform
a proper cleanup. After the user issued "ipa-server-install --uninstall"
and then attempted to install the server again, the installation failed.
Now, "ipa-server-install --uninstall" removes the CA-related files in the
described situation, and ipa-server-install no longer fails with the
mentioned error message. (BZ#1198160)

* Running ipa-client-install added the "sss" entry to the sudoers line in
nsswitch.conf even if "sss" was already configured and the entry was
present in the file. Duplicate "sss" then caused sudo to become
unresponsive. Now, ipa-client-install no longer adds "sss" if it is already
present in nsswitch.conf. (BZ#1198339)

* After running ipa-client-install, it was not possible to log in using SSH
under certain circumstances. Now, ipa-client-install no longer corrupts the
sshd_config file, and the sshd service can start as expected, and logging
in using SSH works in the described situation. (BZ#1201454)

* An incorrect definition of the dc attribute in the
/usr/share/ipa/05rfc2247.ldif file caused bogus error messages to be
returned during migration. The attribute has been fixed, but the bug
persists if the copy-schema-to-ca.py script was run on Red Hat Enterprise
Linux 6.6 prior to running it on Red Hat Enterprise Linux 6.7. To work
around this problem, manually copy /usr/share/ipa/schema/05rfc2247.ldif to
/etc/dirsrv/slapd-PKI-IPA/schema/ and restart IdM. (BZ#1220788)

All ipa users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1132261 - ipa-client-install failing produces a traceback instead of useful error message
1146870 - ipa-client-install fails with "KerbTransport instance has no attribute '__conn'" traceback
1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server
1166041 - CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
1166064 - CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget
1185207 - ipa-client dont end new line character in /etc/nsswitch.conf
1198339 - ipa-client-install adds extra sss to sudoers in nsswitch.conf
1201454 - ipa breaks sshd config
1205660 - ipa-client rpm should require keyutils
1207649 - host certificate not issued to client during ipa-client-install
1220788 - request to backport ticket 3578 to RHEL6. Provoking migration to 7.1 issues.

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ipa-3.0.0-47.el6.src.rpm

i386:
ipa-client-3.0.0-47.el6.i686.rpm
ipa-debuginfo-3.0.0-47.el6.i686.rpm
ipa-python-3.0.0-47.el6.i686.rpm

x86_64:
ipa-client-3.0.0-47.el6.x86_64.rpm
ipa-debuginfo-3.0.0-47.el6.x86_64.rpm
ipa-python-3.0.0-47.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
ipa-admintools-3.0.0-47.el6.i686.rpm
ipa-debuginfo-3.0.0-47.el6.i686.rpm
ipa-server-3.0.0-47.el6.i686.rpm
ipa-server-selinux-3.0.0-47.el6.i686.rpm
ipa-server-trust-ad-3.0.0-47.el6.i686.rpm

x86_64:
ipa-admintools-3.0.0-47.el6.x86_64.rpm
ipa-debuginfo-3.0.0-47.el6.x86_64.rpm
ipa-server-3.0.0-47.el6.x86_64.rpm
ipa-server-selinux-3.0.0-47.el6.x86_64.rpm
ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ipa-3.0.0-47.el6.src.rpm

x86_64:
ipa-client-3.0.0-47.el6.x86_64.rpm
ipa-debuginfo-3.0.0-47.el6.x86_64.rpm
ipa-python-3.0.0-47.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
ipa-admintools-3.0.0-47.el6.x86_64.rpm
ipa-debuginfo-3.0.0-47.el6.x86_64.rpm
ipa-server-3.0.0-47.el6.x86_64.rpm
ipa-server-selinux-3.0.0-47.el6.x86_64.rpm
ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ipa-3.0.0-47.el6.src.rpm

i386:
ipa-admintools-3.0.0-47.el6.i686.rpm
ipa-client-3.0.0-47.el6.i686.rpm
ipa-debuginfo-3.0.0-47.el6.i686.rpm
ipa-python-3.0.0-47.el6.i686.rpm
ipa-server-3.0.0-47.el6.i686.rpm
ipa-server-selinux-3.0.0-47.el6.i686.rpm
ipa-server-trust-ad-3.0.0-47.el6.i686.rpm

ppc64:
ipa-admintools-3.0.0-47.el6.ppc64.rpm
ipa-client-3.0.0-47.el6.ppc64.rpm
ipa-debuginfo-3.0.0-47.el6.ppc64.rpm
ipa-python-3.0.0-47.el6.ppc64.rpm

s390x:
ipa-admintools-3.0.0-47.el6.s390x.rpm
ipa-client-3.0.0-47.el6.s390x.rpm
ipa-debuginfo-3.0.0-47.el6.s390x.rpm
ipa-python-3.0.0-47.el6.s390x.rpm

x86_64:
ipa-admintools-3.0.0-47.el6.x86_64.rpm
ipa-client-3.0.0-47.el6.x86_64.rpm
ipa-debuginfo-3.0.0-47.el6.x86_64.rpm
ipa-python-3.0.0-47.el6.x86_64.rpm
ipa-server-3.0.0-47.el6.x86_64.rpm
ipa-server-selinux-3.0.0-47.el6.x86_64.rpm
ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ipa-3.0.0-47.el6.src.rpm

i386:
ipa-admintools-3.0.0-47.el6.i686.rpm
ipa-client-3.0.0-47.el6.i686.rpm
ipa-debuginfo-3.0.0-47.el6.i686.rpm
ipa-python-3.0.0-47.el6.i686.rpm
ipa-server-3.0.0-47.el6.i686.rpm
ipa-server-selinux-3.0.0-47.el6.i686.rpm
ipa-server-trust-ad-3.0.0-47.el6.i686.rpm

x86_64:
ipa-admintools-3.0.0-47.el6.x86_64.rpm
ipa-client-3.0.0-47.el6.x86_64.rpm
ipa-debuginfo-3.0.0-47.el6.x86_64.rpm
ipa-python-3.0.0-47.el6.x86_64.rpm
ipa-server-3.0.0-47.el6.x86_64.rpm
ipa-server-selinux-3.0.0-47.el6.x86_64.rpm
ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2010-5312
https://access.redhat.com/security/cve/CVE-2012-6662
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVrzjnXlSAg2UNWIIRAtT7AKCup3+WO9Cqa2r4DcQr6y/LJeanuACeNSYJ
6wxvJ5dE/oWXQoP6BG+HiiY=
=Q4Qc
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 13:27:09 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 13:27:09 +0000
Subject: [RHSA-2015:1471-01] Important: bind security update
Message-ID: <201507221327.t6MDR901028368@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: bind security update
Advisory ID:       RHSA-2015:1471-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1471.html
Issue date:        2015-07-22
CVE Names:         CVE-2015-4620 
=====================================================================

1. Summary:

Updated bind packages that fix one security issue are now available for Red
Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND performed DNSSEC validation. An attacker
able to make BIND (functioning as a DNS resolver with DNSSEC validation
enabled) resolve a name in an attacker-controlled domain could cause named
to exit unexpectedly with an assertion failure. (CVE-2015-4620)

Red Hat would like to thank ISC for reporting this issue.

All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1237258 - CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.1.src.rpm

i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.i686.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
bind-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.i686.rpm

x86_64:
bind-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.1.src.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
bind-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.1.src.rpm

i386:
bind-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.i686.rpm

ppc64:
bind-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.ppc.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.ppc.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm

s390x:
bind-9.8.2-0.37.rc1.el6_7.1.s390x.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.s390x.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.s390.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.s390x.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.s390.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.s390x.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.s390x.rpm

x86_64:
bind-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.i686.rpm

ppc64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.ppc.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.ppc.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.ppc64.rpm

s390x:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.s390.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.s390x.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.s390.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.s390x.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.s390x.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.1.src.rpm

i386:
bind-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.i686.rpm

x86_64:
bind-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.i686.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-4620
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVr5ZWXlSAg2UNWIIRAiLTAJ9C03/LIFbtCijX3dzgskb3HynILACcD4vB
GSQ6okskbrJdg9u/Lum2YS8=
=yLWB
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 20:06:48 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 20:06:48 +0000
Subject: [RHSA-2015:1485-01] Critical: java-1.7.1-ibm security update
Message-ID: <201507222006.t6MK6nph006487@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.7.1-ibm security update
Advisory ID:       RHSA-2015:1485-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1485.html
Issue date:        2015-07-22
CVE Names:         CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 
                   CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 
                   CVE-2015-2638 CVE-2015-2664 CVE-2015-4000 
                   CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 
                   CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 
                   CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.7.1-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 6 and 7 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64

3. Description:

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment
and the IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security alerts page, listed
in the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601,
CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632,
CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729,
CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748,
CVE-2015-4749, CVE-2015-4760)

Note: This update forces the TLS/SSL client implementation in IBM JDK to
reject DH key sizes below 768 bits to address the CVE-2015-4000 issue.
Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,
for additional details about this change.

All users of java-1.7.1-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7R1 SR3-FP10 release. All running
instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)
1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)
1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.i686.rpm

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.i686.rpm

ppc64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.ppc64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.ppc64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.ppc64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.ppc64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.ppc64.rpm

s390x:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.s390x.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.s390x.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.s390x.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.s390x.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.s390x.rpm

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.3.el6_7.i686.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.i686.rpm

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.3.el6_7.x86_64.rpm

Red Hat Enterprise Linux Client Supplementary (v. 7):

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 7):

ppc64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.ppc.rpm
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.ppc64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.1.el7_1.ppc64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.ppc.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.ppc64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.1.el7_1.ppc64.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.1.el7_1.ppc.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.1.el7_1.ppc64.rpm

s390x:
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.s390.rpm
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.s390x.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.1.el7_1.s390x.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.s390.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.s390x.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.1.el7_1.s390x.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.1.el7_1.s390x.rpm

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 7):

ppc64le:
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.ael7b_1.ppc64le.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.1.ael7b_1.ppc64le.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.ael7b_1.ppc64le.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.1.ael7b_1.ppc64le.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.1.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 7):

x86_64:
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.i686.rpm
java-1.7.1-ibm-devel-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.3.10-1jpp.1.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1931
https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2613
https://access.redhat.com/security/cve/CVE-2015-2619
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2637
https://access.redhat.com/security/cve/CVE-2015-2638
https://access.redhat.com/security/cve/CVE-2015-2664
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4729
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4736
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#critical
http://www.ibm.com/developerworks/java/jdk/alerts/
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVr/eKXlSAg2UNWIIRAr6SAJ43EiWVdsKQvTubbW5f4Au23Va4rgCgvzrn
DicKzUsMq2SwgjIgR26ZYx4=
=8KhT
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 22 20:07:45 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 Jul 2015 20:07:45 +0000
Subject: [RHSA-2015:1486-01] Critical: java-1.6.0-ibm security update
Message-ID: <201507222007.t6MK7k0O005978@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.6.0-ibm security update
Advisory ID:       RHSA-2015:1486-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1486.html
Issue date:        2015-07-22
CVE Names:         CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 
                   CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 
                   CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 
                   CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 
                   CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 
                   CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security alerts page, listed
in the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601,
CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638,
CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733,
CVE-2015-4748, CVE-2015-4749, CVE-2015-4760)

Note: This update forces the TLS/SSL client implementation in IBM JDK to
reject DH key sizes below 768 bits to address the CVE-2015-4000 issue.
Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,
for additional details about this change.

All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 6 SR16-FP7 release. All running
instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)
1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.i386.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.i386.rpm

ppc:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-accessibility-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.ppc64.rpm

s390x:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-accessibility-1.6.0.16.7-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.s390x.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.i686.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.i686.rpm

ppc64:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.ppc64.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.ppc64.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.ppc64.rpm

s390x:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.s390x.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.s390x.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el6_7.i686.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.i686.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.7-1jpp.1.el6_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1931
https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2637
https://access.redhat.com/security/cve/CVE-2015-2638
https://access.redhat.com/security/cve/CVE-2015-2664
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#critical
https://www.ibm.com/developerworks/java/jdk/alerts/
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVr/f/XlSAg2UNWIIRAt0IAKCRfuf/fcQR0n/dzS0+KYmuz2cZ8wCgmOHi
yBAF+WcIUy0r/kvq1Hs3wkw=
=xSz7
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Jul 23 20:46:36 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 23 Jul 2015 16:46:36 -0400
Subject: [RHSA-2015:1482-01] Important: libuser security update
Message-ID: <201507232046.t6NKkaoK025246@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libuser security update
Advisory ID:       RHSA-2015:1482-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1482.html
Issue date:        2015-07-23
CVE Names:         CVE-2015-3245 CVE-2015-3246 
=====================================================================

1. Summary:

Updated libuser packages that fix two security issues are now available for
Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The libuser library implements a standardized interface for manipulating
and administering user and group accounts. Sample applications that are
modeled after applications from the shadow password suite (shadow-utils)
are included in these packages.

Two flaws were found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which could
result in a denial of service or possibly allow the attacker to escalate
their privileges to root. (CVE-2015-3245, CVE-2015-3246)

Red Hat would like to thank Qualys for reporting these issues.

All libuser users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1233043 - CVE-2015-3245 libuser does not filter newline characters in the GECOS field
1233052 - CVE-2015-3246 libuser: Security flaw in handling /etc/passwd file

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

i386:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-python-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

i386:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-python-0.56.13-8.el6_7.i686.rpm

ppc64:
libuser-0.56.13-8.el6_7.ppc.rpm
libuser-0.56.13-8.el6_7.ppc64.rpm
libuser-debuginfo-0.56.13-8.el6_7.ppc.rpm
libuser-debuginfo-0.56.13-8.el6_7.ppc64.rpm
libuser-python-0.56.13-8.el6_7.ppc64.rpm

s390x:
libuser-0.56.13-8.el6_7.s390.rpm
libuser-0.56.13-8.el6_7.s390x.rpm
libuser-debuginfo-0.56.13-8.el6_7.s390.rpm
libuser-debuginfo-0.56.13-8.el6_7.s390x.rpm
libuser-python-0.56.13-8.el6_7.s390x.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm

ppc64:
libuser-debuginfo-0.56.13-8.el6_7.ppc.rpm
libuser-debuginfo-0.56.13-8.el6_7.ppc64.rpm
libuser-devel-0.56.13-8.el6_7.ppc.rpm
libuser-devel-0.56.13-8.el6_7.ppc64.rpm

s390x:
libuser-debuginfo-0.56.13-8.el6_7.s390.rpm
libuser-debuginfo-0.56.13-8.el6_7.s390x.rpm
libuser-devel-0.56.13-8.el6_7.s390.rpm
libuser-devel-0.56.13-8.el6_7.s390x.rpm

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
libuser-0.56.13-8.el6_7.src.rpm

i386:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-python-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-0.56.13-8.el6_7.i686.rpm
libuser-0.56.13-8.el6_7.x86_64.rpm
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-python-0.56.13-8.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm

x86_64:
libuser-debuginfo-0.56.13-8.el6_7.i686.rpm
libuser-debuginfo-0.56.13-8.el6_7.x86_64.rpm
libuser-devel-0.56.13-8.el6_7.i686.rpm
libuser-devel-0.56.13-8.el6_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3245
https://access.redhat.com/security/cve/CVE-2015-3246
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVsVKrXlSAg2UNWIIRAjpOAJ9DwfF87lCuvgBqDezv+SqnN/WNMgCdHRoE
rXyJf0kCR3YTxcOuV8FFzbE=
=W9F2
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Thu Jul 23 20:46:52 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 23 Jul 2015 16:46:52 -0400
Subject: [RHSA-2015:1483-01] Important: libuser security update
Message-ID: <201507232046.t6NKkqAQ025357@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libuser security update
Advisory ID:       RHSA-2015:1483-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1483.html
Issue date:        2015-07-23
CVE Names:         CVE-2015-3245 CVE-2015-3246 
=====================================================================

1. Summary:

Updated libuser packages that fix two security issues are now available for
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The libuser library implements a standardized interface for manipulating
and administering user and group accounts. Sample applications that are
modeled after applications from the shadow password suite (shadow-utils)
are included in these packages.

Two flaws were found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which could
result in a denial of service or possibly allow the attacker to escalate
their privileges to root. (CVE-2015-3245, CVE-2015-3246)

Red Hat would like to thank Qualys for reporting these issues.

All libuser users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1233043 - CVE-2015-3245 libuser does not filter newline characters in the GECOS field
1233052 - CVE-2015-3246 libuser: Security flaw in handling /etc/passwd file

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

ppc64:
libuser-0.60-7.el7_1.ppc.rpm
libuser-0.60-7.el7_1.ppc64.rpm
libuser-debuginfo-0.60-7.el7_1.ppc.rpm
libuser-debuginfo-0.60-7.el7_1.ppc64.rpm
libuser-python-0.60-7.el7_1.ppc64.rpm

s390x:
libuser-0.60-7.el7_1.s390.rpm
libuser-0.60-7.el7_1.s390x.rpm
libuser-debuginfo-0.60-7.el7_1.s390.rpm
libuser-debuginfo-0.60-7.el7_1.s390x.rpm
libuser-python-0.60-7.el7_1.s390x.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libuser-0.60-7.ael7b_1.src.rpm

ppc64le:
libuser-0.60-7.ael7b_1.ppc64le.rpm
libuser-debuginfo-0.60-7.ael7b_1.ppc64le.rpm
libuser-python-0.60-7.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
libuser-debuginfo-0.60-7.el7_1.ppc.rpm
libuser-debuginfo-0.60-7.el7_1.ppc64.rpm
libuser-devel-0.60-7.el7_1.ppc.rpm
libuser-devel-0.60-7.el7_1.ppc64.rpm

s390x:
libuser-debuginfo-0.60-7.el7_1.s390.rpm
libuser-debuginfo-0.60-7.el7_1.s390x.rpm
libuser-devel-0.60-7.el7_1.s390.rpm
libuser-devel-0.60-7.el7_1.s390x.rpm

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le:
libuser-debuginfo-0.60-7.ael7b_1.ppc64le.rpm
libuser-devel-0.60-7.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libuser-0.60-7.el7_1.src.rpm

x86_64:
libuser-0.60-7.el7_1.i686.rpm
libuser-0.60-7.el7_1.x86_64.rpm
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-python-0.60-7.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libuser-debuginfo-0.60-7.el7_1.i686.rpm
libuser-debuginfo-0.60-7.el7_1.x86_64.rpm
libuser-devel-0.60-7.el7_1.i686.rpm
libuser-devel-0.60-7.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3245
https://access.redhat.com/security/cve/CVE-2015-3246
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVsVK7XlSAg2UNWIIRAkWhAJwK0UBF7Q37z7j2hKsjYxwXvq+TaQCfWVvM
hq94ftcCu6cx0aYH6VYBv1A=
=CXDY
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Thu Jul 23 20:47:07 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 23 Jul 2015 16:47:07 -0400
Subject: [RHSA-2015:1488-01] Critical: java-1.7.0-ibm security update
Message-ID: <201507232047.t6NKl794025461@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.7.0-ibm security update
Advisory ID:       RHSA-2015:1488-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1488.html
Issue date:        2015-07-23
CVE Names:         CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 
                   CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 
                   CVE-2015-2638 CVE-2015-2664 CVE-2015-4000 
                   CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 
                   CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 
                   CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.7.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64

3. Description:

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security alerts page, listed
in the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601,
CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632,
CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729,
CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748,
CVE-2015-4749, CVE-2015-4760)

Note: This update forces the TLS/SSL client implementation in IBM JDK to
reject DH key sizes below 768 bits to address the CVE-2015-4000 issue.
Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,
for additional details about this change.

All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR9-FP10 release. All running
instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)
1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)
1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)
1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm

x86_64:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm

ppc:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.ppc.rpm
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.ppc.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.ppc.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.ppc.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.ppc.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.ppc.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.ppc64.rpm

s390x:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.s390.rpm
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.s390x.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.s390.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.s390x.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.s390.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.s390x.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.s390.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.s390x.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.s390.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.s390x.rpm

x86_64:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1931
https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2613
https://access.redhat.com/security/cve/CVE-2015-2619
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2637
https://access.redhat.com/security/cve/CVE-2015-2638
https://access.redhat.com/security/cve/CVE-2015-2664
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4729
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4736
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#critical
http://www.ibm.com/developerworks/java/jdk/alerts/
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVsVLIXlSAg2UNWIIRAun4AJ41kmCyeTulC++q/BehJgI5rirnogCgw6Gl
UH4PDJEVOePlYDzgQN5Oq9c=
=7lUk
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Mon Jul 27 09:25:31 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 27 Jul 2015 09:25:31 +0000
Subject: [RHSA-2015:1499-01] Important: chromium-browser security update
Message-ID: <201507270912.t6R9Cd48010453@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2015:1499-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1499.html
Issue date:        2015-07-27
CVE Names:         CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 
                   CVE-2015-1273 CVE-2015-1274 CVE-2015-1276 
                   CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 
                   CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 
                   CVE-2015-1284 CVE-2015-1285 CVE-2015-1286 
                   CVE-2015-1287 CVE-2015-1288 CVE-2015-1289 
                   CVE-2015-5605 
=====================================================================

1. Summary:

Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272, CVE-2015-1273,
CVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279,
CVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285,
CVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)

All Chromium users should upgrade to these updated packages, which contain
Chromium version 44.0.2403.89, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take 
effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1245436 - CVE-2015-1271 chromium-browser: Heap-buffer-overflow in pdfium
1245574 - CVE-2015-1270 chromium-browser: Uninitialized memory read in ICU.
1245575 - CVE-2015-1272 chromium-browser: Use-after-free related to unexpected GPU process termination in unspecified
1245576 - CVE-2015-1273 chromium-browser: Heap-buffer-overflow in pdfium.
1245577 - CVE-2015-1274 chromium-browser: Settings allowed executable files to run immediately after download in unsepcified
1245580 - CVE-2015-1276 chromium-browser: Use-after-free in IndexedDB.
1245581 - CVE-2015-1277 chromium-browser: Use-after-free in accessibility.
1245582 - CVE-2015-1278 chromium-browser: URL spoofing using pdf files in unspecified
1245583 - CVE-2015-1279 chromium-browser: Heap-buffer-overflow in pdfium.
1245585 - CVE-2015-1281 chromium-browser: CSP bypass in unspecified component
1245586 - CVE-2015-1282 chromium-browser: Use-after-free in pdfium.
1245587 - CVE-2015-1283 chromium-browser: Heap-buffer-overflow in expat.
1245588 - CVE-2015-1284 chromium-browser: Use-after-free in blink.
1245589 - CVE-2015-1285 chromium-browser: Information leak in XSS auditor.
1245590 - CVE-2015-1286 chromium-browser: UXSS in blink.
1245591 - CVE-2015-1287 chromium-browser: SOP bypass with CSS in unspecified
1245592 - CVE-2015-1288 chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified
1245593 - CVE-2015-1289 chromium-browser: Various fixes from internal audits, fuzzing and other initiatives
1245955 - CVE-2015-5605 chromium-browser: v8 denial of service

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-44.0.2403.89-1.el6.i686.rpm
chromium-browser-debuginfo-44.0.2403.89-1.el6.i686.rpm

x86_64:
chromium-browser-44.0.2403.89-1.el6.x86_64.rpm
chromium-browser-debuginfo-44.0.2403.89-1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-44.0.2403.89-1.el6.i686.rpm
chromium-browser-debuginfo-44.0.2403.89-1.el6.i686.rpm

x86_64:
chromium-browser-44.0.2403.89-1.el6.x86_64.rpm
chromium-browser-debuginfo-44.0.2403.89-1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-44.0.2403.89-1.el6.i686.rpm
chromium-browser-debuginfo-44.0.2403.89-1.el6.i686.rpm

x86_64:
chromium-browser-44.0.2403.89-1.el6.x86_64.rpm
chromium-browser-debuginfo-44.0.2403.89-1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1270
https://access.redhat.com/security/cve/CVE-2015-1271
https://access.redhat.com/security/cve/CVE-2015-1272
https://access.redhat.com/security/cve/CVE-2015-1273
https://access.redhat.com/security/cve/CVE-2015-1274
https://access.redhat.com/security/cve/CVE-2015-1276
https://access.redhat.com/security/cve/CVE-2015-1277
https://access.redhat.com/security/cve/CVE-2015-1278
https://access.redhat.com/security/cve/CVE-2015-1279
https://access.redhat.com/security/cve/CVE-2015-1281
https://access.redhat.com/security/cve/CVE-2015-1282
https://access.redhat.com/security/cve/CVE-2015-1283
https://access.redhat.com/security/cve/CVE-2015-1284
https://access.redhat.com/security/cve/CVE-2015-1285
https://access.redhat.com/security/cve/CVE-2015-1286
https://access.redhat.com/security/cve/CVE-2015-1287
https://access.redhat.com/security/cve/CVE-2015-1288
https://access.redhat.com/security/cve/CVE-2015-1289
https://access.redhat.com/security/cve/CVE-2015-5605
https://access.redhat.com/security/updates/classification/#important
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVtfXzXlSAg2UNWIIRAtOEAKC7HpApUl1pX6gHGSSoj1C3yFjj5ACffY1q
VsCFJcevK7XruYsLrLXuSMk=
=xiJ+
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Jul 27 13:37:48 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 27 Jul 2015 13:37:48 +0000
Subject: [RHSA-2015:1507-01] Important: qemu-kvm security and bug fix update
Message-ID: <201507271337.t6RDbnR7014009@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security and bug fix update
Advisory ID:       RHSA-2015:1507-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1507.html
Issue date:        2015-07-27
CVE Names:         CVE-2015-3214 CVE-2015-5154 
=====================================================================

1. Summary:

Updated qemu-kvm packages that fix two security issues and one bug are now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.

A heap buffer overflow flaw was found in the way QEMU's IDE subsystem
handled I/O buffer access while processing certain ATAPI commands.
A privileged guest user in a guest with the CDROM drive enabled could
potentially use this flaw to execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest.
(CVE-2015-5154)

An out-of-bounds memory access flaw, leading to memory corruption or
possibly an information leak, was found in QEMU's pit_ioport_read()
function. A privileged guest user in a QEMU guest, which had QEMU PIT
emulation enabled, could potentially, in rare cases, use this flaw to
execute arbitrary code on the host with the privileges of the hosting QEMU
process. (CVE-2015-3214)

Red Hat would like to thank Matt Tait of Google's Project Zero security
team for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was
discovered by Kevin Wolf of Red Hat.

This update also fixes the following bug:

* Due to an incorrect implementation of portable memory barriers, the QEMU
emulator in some cases terminated unexpectedly when a virtual disk was
under heavy I/O load. This update fixes the implementation in order to
achieve correct synchronization between QEMU's threads. As a result, the
described crash no longer occurs. (BZ#1233643)

All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1229640 - CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function
1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm

x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm

x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm

ppc64:
qemu-img-1.5.3-86.el7_1.5.ppc64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm

x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
libcacard-1.5.3-86.el7_1.5.ppc.rpm
libcacard-1.5.3-86.el7_1.5.ppc64.rpm
libcacard-devel-1.5.3-86.el7_1.5.ppc.rpm
libcacard-devel-1.5.3-86.el7_1.5.ppc64.rpm
libcacard-tools-1.5.3-86.el7_1.5.ppc64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm

x86_64:
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm

x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3214
https://access.redhat.com/security/cve/CVE-2015-5154
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVtjQAXlSAg2UNWIIRAubOAJ9jPmZf7ZF+FHd+a7JxYxxRPAGx0wCgv5dX
hlTFJ96W8Yn4W+ZR2yhsbBU=
=i68a
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Jul 27 23:15:30 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 27 Jul 2015 23:15:30 +0000
Subject: [RHSA-2015:1510-01] Moderate: clutter security update
Message-ID: <201507272315.t6RNFVmc011018@int-mx14.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: clutter security update
Advisory ID:       RHSA-2015:1510-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1510.html
Issue date:        2015-07-27
CVE Names:         CVE-2015-3213 
=====================================================================

1. Summary:

Updated clutter packages that fix one security issue are now available for
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Clutter is a library for creating fast, visually rich, graphical user
interfaces. Clutter is used for rendering the GNOME desktop environment.

A flaw was found in the way clutter processed certain mouse and touch
gestures. An attacker could use this flaw to bypass the screen lock.
(CVE-2015-3213)

All clutter users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, all applications using clutter must be restarted for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1227098 - CVE-2015-3213 Gnome clutter: screenlock bypass by performing certain mouse gestures

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
clutter-1.14.4-12.el7_1.1.src.rpm

x86_64:
clutter-1.14.4-12.el7_1.1.i686.rpm
clutter-1.14.4-12.el7_1.1.x86_64.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.i686.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
clutter-debuginfo-1.14.4-12.el7_1.1.i686.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.x86_64.rpm
clutter-devel-1.14.4-12.el7_1.1.i686.rpm
clutter-devel-1.14.4-12.el7_1.1.x86_64.rpm
clutter-doc-1.14.4-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
clutter-1.14.4-12.el7_1.1.src.rpm

x86_64:
clutter-1.14.4-12.el7_1.1.i686.rpm
clutter-1.14.4-12.el7_1.1.x86_64.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.i686.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.x86_64.rpm
clutter-devel-1.14.4-12.el7_1.1.i686.rpm
clutter-devel-1.14.4-12.el7_1.1.x86_64.rpm
clutter-doc-1.14.4-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
clutter-1.14.4-12.el7_1.1.src.rpm

ppc64:
clutter-1.14.4-12.el7_1.1.ppc.rpm
clutter-1.14.4-12.el7_1.1.ppc64.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.ppc.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.ppc64.rpm

s390x:
clutter-1.14.4-12.el7_1.1.s390.rpm
clutter-1.14.4-12.el7_1.1.s390x.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.s390.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.s390x.rpm

x86_64:
clutter-1.14.4-12.el7_1.1.i686.rpm
clutter-1.14.4-12.el7_1.1.x86_64.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.i686.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
clutter-1.14.4-12.ael7b_1.1.src.rpm

ppc64le:
clutter-1.14.4-12.ael7b_1.1.ppc64le.rpm
clutter-debuginfo-1.14.4-12.ael7b_1.1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
clutter-debuginfo-1.14.4-12.el7_1.1.ppc.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.ppc64.rpm
clutter-devel-1.14.4-12.el7_1.1.ppc.rpm
clutter-devel-1.14.4-12.el7_1.1.ppc64.rpm
clutter-doc-1.14.4-12.el7_1.1.ppc64.rpm

s390x:
clutter-debuginfo-1.14.4-12.el7_1.1.s390.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.s390x.rpm
clutter-devel-1.14.4-12.el7_1.1.s390.rpm
clutter-devel-1.14.4-12.el7_1.1.s390x.rpm
clutter-doc-1.14.4-12.el7_1.1.s390x.rpm

x86_64:
clutter-debuginfo-1.14.4-12.el7_1.1.i686.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.x86_64.rpm
clutter-devel-1.14.4-12.el7_1.1.i686.rpm
clutter-devel-1.14.4-12.el7_1.1.x86_64.rpm
clutter-doc-1.14.4-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le:
clutter-debuginfo-1.14.4-12.ael7b_1.1.ppc64le.rpm
clutter-devel-1.14.4-12.ael7b_1.1.ppc64le.rpm
clutter-doc-1.14.4-12.ael7b_1.1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
clutter-1.14.4-12.el7_1.1.src.rpm

x86_64:
clutter-1.14.4-12.el7_1.1.i686.rpm
clutter-1.14.4-12.el7_1.1.x86_64.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.i686.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
clutter-debuginfo-1.14.4-12.el7_1.1.i686.rpm
clutter-debuginfo-1.14.4-12.el7_1.1.x86_64.rpm
clutter-devel-1.14.4-12.el7_1.1.i686.rpm
clutter-devel-1.14.4-12.el7_1.1.x86_64.rpm
clutter-doc-1.14.4-12.el7_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3213
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVtruCXlSAg2UNWIIRAiHMAKCZuchVM3u5IGrohEOdNd+Kn+if4QCfdNNs
nxrRxesii2NHWPJB9YBcaOs=
=mjkj
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Jul 28 22:37:58 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 28 Jul 2015 22:37:58 +0000
Subject: [RHSA-2015:1512-01] Important: qemu-kvm-rhev security update
Message-ID: <201507282238.t6SMbx0D005722@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2015:1512-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1512.html
Issue date:        2015-07-28
CVE Names:         CVE-2015-3214 CVE-2015-5154 
=====================================================================

1. Summary:

Updated qemu-kvm-rhev packages that fix two security issues are now
available for Red Hat Enterprise Linux OpenStack Platform 6 and Red Hat
Enterprise Linux OpenStack Platform 5 for RHEL 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64
Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM.

A heap buffer overflow flaw was found in the way QEMU's IDE subsystem
handled I/O buffer access while processing certain ATAPI commands.
A privileged guest user in a guest with the CDROM drive enabled could
potentially use this flaw to execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest.
(CVE-2015-5154)

An out-of-bounds memory access flaw, leading to memory corruption or
possibly an information leak, was found in QEMU's pit_ioport_read()
function. A privileged guest user in a QEMU guest, which had QEMU PIT
emulation enabled, could potentially, in rare cases, use this flaw to
execute arbitrary code on the host with the privileges of the hosting QEMU
process. (CVE-2015-3214)

Red Hat would like to thank Matt Tait of Google's Project Zero security
team for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was
discovered by Kevin Wolf of Red Hat.

All qemu-kvm-rhev users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, shut down all running virtual machines. Once all virtual
machines have shut down, start them again for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1229640 - CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function
1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7:

Source:
qemu-kvm-rhev-2.1.2-23.el7_1.6.src.rpm

x86_64:
libcacard-devel-rhev-2.1.2-23.el7_1.6.x86_64.rpm
libcacard-rhev-2.1.2-23.el7_1.6.x86_64.rpm
libcacard-tools-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-img-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-common-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-tools-rhev-2.1.2-23.el7_1.6.x86_64.rpm

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7:

Source:
qemu-kvm-rhev-2.1.2-23.el7_1.6.src.rpm

x86_64:
libcacard-devel-rhev-2.1.2-23.el7_1.6.x86_64.rpm
libcacard-rhev-2.1.2-23.el7_1.6.x86_64.rpm
libcacard-tools-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-img-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-common-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-rhev-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.1.2-23.el7_1.6.x86_64.rpm
qemu-kvm-tools-rhev-2.1.2-23.el7_1.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3214
https://access.redhat.com/security/cve/CVE-2015-5154
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVuAQvXlSAg2UNWIIRArQJAKCX1rrgRF6AOn3mL6KAEF7xtLzLaACfRyLG
2yWYvp09hvF+ZdkR50ZTAyw=
=5Iwh
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 29 00:37:48 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 29 Jul 2015 00:37:48 +0000
Subject: [RHSA-2015:1513-01] Important: bind security update
Message-ID: <201507290037.t6T0bm7B030318@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: bind security update
Advisory ID:       RHSA-2015:1513-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1513.html
Issue date:        2015-07-28
CVE Names:         CVE-2015-5477 
=====================================================================

1. Summary:

Updated bind packages that fix one security issue are now available for Red
Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled requests for TKEY DNS resource
records. A remote attacker could use this flaw to make named (functioning
as an authoritative DNS server or a DNS resolver) exit unexpectedly with an
assertion failure via a specially crafted DNS request packet.
(CVE-2015-5477)

Red Hat would like to thank ISC for reporting this issue. Upstream
acknowledges Jonathan Foote as the original reporter.

All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm

i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.i686.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
bind-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.i686.rpm

x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm

i386:
bind-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.i686.rpm

ppc64:
bind-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm

s390x:
bind-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.s390x.rpm

x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.i686.rpm

ppc64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm

s390x:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.s390x.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm

i386:
bind-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.i686.rpm

x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.i686.rpm

x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
bind-9.9.4-18.el7_1.3.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm

x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
bind-9.9.4-18.el7_1.3.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm

x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
bind-9.9.4-18.el7_1.3.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm

ppc64:
bind-9.9.4-18.el7_1.3.ppc64.rpm
bind-chroot-9.9.4-18.el7_1.3.ppc64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.3.ppc64.rpm
bind-libs-9.9.4-18.el7_1.3.ppc.rpm
bind-libs-9.9.4-18.el7_1.3.ppc64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.ppc.rpm
bind-libs-lite-9.9.4-18.el7_1.3.ppc64.rpm
bind-utils-9.9.4-18.el7_1.3.ppc64.rpm

s390x:
bind-9.9.4-18.el7_1.3.s390x.rpm
bind-chroot-9.9.4-18.el7_1.3.s390x.rpm
bind-debuginfo-9.9.4-18.el7_1.3.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.3.s390x.rpm
bind-libs-9.9.4-18.el7_1.3.s390.rpm
bind-libs-9.9.4-18.el7_1.3.s390x.rpm
bind-libs-lite-9.9.4-18.el7_1.3.s390.rpm
bind-libs-lite-9.9.4-18.el7_1.3.s390x.rpm
bind-utils-9.9.4-18.el7_1.3.s390x.rpm

x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
bind-9.9.4-18.ael7b_1.3.src.rpm

noarch:
bind-license-9.9.4-18.ael7b_1.3.noarch.rpm

ppc64le:
bind-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-chroot-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-debuginfo-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-libs-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-libs-lite-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-utils-9.9.4-18.ael7b_1.3.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bind-debuginfo-9.9.4-18.el7_1.3.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.3.ppc64.rpm
bind-devel-9.9.4-18.el7_1.3.ppc.rpm
bind-devel-9.9.4-18.el7_1.3.ppc64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.ppc.rpm
bind-lite-devel-9.9.4-18.el7_1.3.ppc64.rpm
bind-sdb-9.9.4-18.el7_1.3.ppc64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.ppc64.rpm

s390x:
bind-debuginfo-9.9.4-18.el7_1.3.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.3.s390x.rpm
bind-devel-9.9.4-18.el7_1.3.s390.rpm
bind-devel-9.9.4-18.el7_1.3.s390x.rpm
bind-lite-devel-9.9.4-18.el7_1.3.s390.rpm
bind-lite-devel-9.9.4-18.el7_1.3.s390x.rpm
bind-sdb-9.9.4-18.el7_1.3.s390x.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.s390x.rpm

x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le:
bind-debuginfo-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-devel-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-lite-devel-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-sdb-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-sdb-chroot-9.9.4-18.ael7b_1.3.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
bind-9.9.4-18.el7_1.3.src.rpm

noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm

x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-5477
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVuCBAXlSAg2UNWIIRApEkAJ9P0OHgik/kkBRgXJ4YnHQ+twrw1wCgpWRM
77IQ31eFv/9qlY2vcXleBMA=
=Jhz9
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 29 00:38:48 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 29 Jul 2015 00:38:48 +0000
Subject: [RHSA-2015:1514-01] Important: bind security update
Message-ID: <201507290038.t6T0cmnN023322@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: bind security update
Advisory ID:       RHSA-2015:1514-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1514.html
Issue date:        2015-07-28
CVE Names:         CVE-2015-5477 
=====================================================================

1. Summary:

Updated bind packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled requests for TKEY DNS resource
records. A remote attacker could use this flaw to make named (functioning
as an authoritative DNS server or a DNS resolver) exit unexpectedly with an
assertion failure via a specially crafted DNS request packet.
(CVE-2015-5477)

Red Hat would like to thank ISC for reporting this issue. Upstream
acknowledges Jonathan Foote as the original reporter.

All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
bind-9.3.6-25.P1.el5_11.3.src.rpm

i386:
bind-9.3.6-25.P1.el5_11.3.i386.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm
bind-sdb-9.3.6-25.P1.el5_11.3.i386.rpm
bind-utils-9.3.6-25.P1.el5_11.3.i386.rpm

x86_64:
bind-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libs-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-sdb-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-utils-9.3.6-25.P1.el5_11.3.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
bind-9.3.6-25.P1.el5_11.3.src.rpm

i386:
bind-chroot-9.3.6-25.P1.el5_11.3.i386.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm
bind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
caching-nameserver-9.3.6-25.P1.el5_11.3.i386.rpm

x86_64:
bind-chroot-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
bind-devel-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.x86_64.rpm
caching-nameserver-9.3.6-25.P1.el5_11.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
bind-9.3.6-25.P1.el5_11.3.src.rpm

i386:
bind-9.3.6-25.P1.el5_11.3.i386.rpm
bind-chroot-9.3.6-25.P1.el5_11.3.i386.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm
bind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm
bind-sdb-9.3.6-25.P1.el5_11.3.i386.rpm
bind-utils-9.3.6-25.P1.el5_11.3.i386.rpm
caching-nameserver-9.3.6-25.P1.el5_11.3.i386.rpm

ia64:
bind-9.3.6-25.P1.el5_11.3.ia64.rpm
bind-chroot-9.3.6-25.P1.el5_11.3.ia64.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.ia64.rpm
bind-devel-9.3.6-25.P1.el5_11.3.ia64.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.ia64.rpm
bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libs-9.3.6-25.P1.el5_11.3.ia64.rpm
bind-sdb-9.3.6-25.P1.el5_11.3.ia64.rpm
bind-utils-9.3.6-25.P1.el5_11.3.ia64.rpm
caching-nameserver-9.3.6-25.P1.el5_11.3.ia64.rpm

ppc:
bind-9.3.6-25.P1.el5_11.3.ppc.rpm
bind-chroot-9.3.6-25.P1.el5_11.3.ppc.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.ppc.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.ppc64.rpm
bind-devel-9.3.6-25.P1.el5_11.3.ppc.rpm
bind-devel-9.3.6-25.P1.el5_11.3.ppc64.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.ppc.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.ppc64.rpm
bind-libs-9.3.6-25.P1.el5_11.3.ppc.rpm
bind-libs-9.3.6-25.P1.el5_11.3.ppc64.rpm
bind-sdb-9.3.6-25.P1.el5_11.3.ppc.rpm
bind-utils-9.3.6-25.P1.el5_11.3.ppc.rpm
caching-nameserver-9.3.6-25.P1.el5_11.3.ppc.rpm

s390x:
bind-9.3.6-25.P1.el5_11.3.s390x.rpm
bind-chroot-9.3.6-25.P1.el5_11.3.s390x.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.s390.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.s390x.rpm
bind-devel-9.3.6-25.P1.el5_11.3.s390.rpm
bind-devel-9.3.6-25.P1.el5_11.3.s390x.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.s390.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.s390x.rpm
bind-libs-9.3.6-25.P1.el5_11.3.s390.rpm
bind-libs-9.3.6-25.P1.el5_11.3.s390x.rpm
bind-sdb-9.3.6-25.P1.el5_11.3.s390x.rpm
bind-utils-9.3.6-25.P1.el5_11.3.s390x.rpm
caching-nameserver-9.3.6-25.P1.el5_11.3.s390x.rpm

x86_64:
bind-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-chroot-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm
bind-debuginfo-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
bind-devel-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libbind-devel-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm
bind-libs-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-sdb-9.3.6-25.P1.el5_11.3.x86_64.rpm
bind-utils-9.3.6-25.P1.el5_11.3.x86_64.rpm
caching-nameserver-9.3.6-25.P1.el5_11.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-5477
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVuCB/XlSAg2UNWIIRApXIAJ4vKox7AlU62GvpNz2WJFi5OsbFfACgoCHv
b/nt9u2wK2dXoRdZAP0+HvY=
=EUsD
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Jul 29 00:39:19 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 29 Jul 2015 00:39:19 +0000
Subject: [RHSA-2015:1515-01] Important: bind97 security update
Message-ID: <201507290039.t6T0dKEZ023451@int-mx13.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: bind97 security update
Advisory ID:       RHSA-2015:1515-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1515.html
Issue date:        2015-07-28
CVE Names:         CVE-2015-5477 
=====================================================================

1. Summary:

Updated bind97 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled requests for TKEY DNS resource
records. A remote attacker could use this flaw to make named (functioning
as an authoritative DNS server or a DNS resolver) exit unexpectedly with an
assertion failure via a specially crafted DNS request packet.
(CVE-2015-5477)

Red Hat would like to thank ISC for reporting this issue. Upstream
acknowledges Jonathan Foote as the original reporter.

All bind97 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service

6. Package List:

RHEL Desktop Workstation (v. 5 client):

Source:
bind97-9.7.0-21.P2.el5_11.2.src.rpm

i386:
bind97-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-chroot-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-utils-9.7.0-21.P2.el5_11.2.i386.rpm

x86_64:
bind97-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-chroot-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-utils-9.7.0-21.P2.el5_11.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
bind97-9.7.0-21.P2.el5_11.2.src.rpm

i386:
bind97-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-chroot-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-utils-9.7.0-21.P2.el5_11.2.i386.rpm

ia64:
bind97-9.7.0-21.P2.el5_11.2.ia64.rpm
bind97-chroot-9.7.0-21.P2.el5_11.2.ia64.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.ia64.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.ia64.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.ia64.rpm
bind97-utils-9.7.0-21.P2.el5_11.2.ia64.rpm

ppc:
bind97-9.7.0-21.P2.el5_11.2.ppc.rpm
bind97-chroot-9.7.0-21.P2.el5_11.2.ppc.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.ppc.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.ppc64.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.ppc.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.ppc64.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.ppc.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.ppc64.rpm
bind97-utils-9.7.0-21.P2.el5_11.2.ppc.rpm

s390x:
bind97-9.7.0-21.P2.el5_11.2.s390x.rpm
bind97-chroot-9.7.0-21.P2.el5_11.2.s390x.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.s390.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.s390x.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.s390.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.s390x.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.s390.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.s390x.rpm
bind97-utils-9.7.0-21.P2.el5_11.2.s390x.rpm

x86_64:
bind97-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-chroot-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-debuginfo-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-devel-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm
bind97-libs-9.7.0-21.P2.el5_11.2.x86_64.rpm
bind97-utils-9.7.0-21.P2.el5_11.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-5477
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVuCCnXlSAg2UNWIIRAkb9AJoDSbMcKVRC6NBpAfchh1+5M3guPgCfa1rL
8ZRs1ZLbwTDO4WKUJSBoiiY=
=4+XE
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Jul 30 17:16:37 2015
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 30 Jul 2015 13:16:37 -0400
Subject: [RHSA-2015:1526-01] Important: java-1.6.0-openjdk security update
Message-ID: <201507301716.t6UHGbgP021686@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.6.0-openjdk security update
Advisory ID:       RHSA-2015:1526-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1526.html
Issue date:        2015-07-30
CVE Names:         CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 
                   CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 
                   CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 
                   CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 
                   CVE-2015-4749 CVE-2015-4760 
=====================================================================

1. Summary:

Updated java-1.6.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI
components in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2015-4760,
CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK verified
Online Certificate Status Protocol (OCSP) responses. An OCSP response with
no nextUpdate date specified was incorrectly handled as having unlimited
validity, possibly causing a revoked X.509 certificate to be interpreted as
valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use constant
time comparisons in multiple cases. An attacker could possibly use these
flaws to disclose sensitive information by measuring the time used to
perform operations using these non-constant time comparisons.
(CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain keys
for RC4 encryption, an attacker could obtain portions of the plain text
from the cipher text without the knowledge of the encryption key.
(CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by
default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug
1207101, linked to in the References section, for additional details about
this change.

A flaw was found in the way the TLS protocol composed the Diffie-Hellman
(DH) key exchange. A man-in-the-middle attacker could use this flaw to
force the use of weak 512 bit export-grade keys during the key exchange,
allowing them to decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK to
reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211,
linked to in the References section, for additional details about this
change.

It was discovered that the JNDI component in OpenJDK did not handle DNS
resolutions correctly. An attacker able to trigger such DNS errors could
cause a Java application using JNDI to consume memory and CPU time, and
possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D components in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed X.509
certificate identity verification when establishing a TLS/SSL connection to
a host identified by an IP address. In certain cases, the certificate was
accepted as valid if it was issued for a host name to which the IP address
resolves rather than for the IP address. (CVE-2015-2625)

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.i386.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm

ppc64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm

s390x:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.s390x.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.s390x.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm

s390x:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.s390x.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.s390x.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-2590
https://access.redhat.com/security/cve/CVE-2015-2601
https://access.redhat.com/security/cve/CVE-2015-2621
https://access.redhat.com/security/cve/CVE-2015-2625
https://access.redhat.com/security/cve/CVE-2015-2628
https://access.redhat.com/security/cve/CVE-2015-2632
https://access.redhat.com/security/cve/CVE-2015-2808
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2015-4731
https://access.redhat.com/security/cve/CVE-2015-4732
https://access.redhat.com/security/cve/CVE-2015-4733
https://access.redhat.com/security/cve/CVE-2015-4748
https://access.redhat.com/security/cve/CVE-2015-4749
https://access.redhat.com/security/cve/CVE-2015-4760
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVulvzXlSAg2UNWIIRAmaeAJoCxD34LErxdkOHHsYpS21hu8NJ7ACgnbxy
AM58F212G/DZWyApoAfiS38=
=UmAX
-----END PGP SIGNATURE-----