From bugzilla at redhat.com Wed May 6 00:02:14 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 May 2015 00:02:14 +0000 Subject: [RHSA-2015:0938-01] Moderate: openstack-glance security and bug fix update Message-ID: <201505060002.t4602GkN006758@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-glance security and bug fix update Advisory ID: RHSA-2015:0938-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0938.html Issue date: 2015-05-05 CVE Names: CVE-2014-9684 CVE-2015-1881 ===================================================================== 1. Summary: Updated openstack-glance packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion. (CVE-2014-9684, CVE-2015-1881) The openstack-glance packages have been upgraded to upstream version 2014.2.3, which provides a number of bug fixes over the previous version. (BZ#1210457) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise Linux 7.1. The Red Hat Enterprise Linux OpenStack Platform 6 Release Notes (see References section) contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 6, including which channels need to be enabled and disabled. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1194697 - CVE-2014-9684 CVE-2015-1881 openstack-glance: potential resource exhaustion and denial of service using images manipulation API 1210457 - Rebase openstack-glance to 2014.2.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-glance-2014.2.3-1.el7ost.src.rpm python-glance-store-0.1.10-3.el7ost.src.rpm noarch: openstack-glance-2014.2.3-1.el7ost.noarch.rpm openstack-glance-doc-2014.2.3-1.el7ost.noarch.rpm python-glance-2014.2.3-1.el7ost.noarch.rpm python-glance-store-0.1.10-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9684 https://access.redhat.com/security/cve/CVE-2015-1881 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVSVoAXlSAg2UNWIIRAkmlAJ4iB1TI0T9e6o0LUJONPOZjtgquoQCgwrdV R1jFxq/NfoN/3Tnb/SiSI94= =jBUc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 19:26:11 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 19:26:11 +0000 Subject: [RHSA-2015:0988-01] Critical: firefox security update Message-ID: <201505121926.t4CJQBxZ002444@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2015:0988-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0988.html Issue date: 2015-05-12 CVE Names: CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2716) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Aki Helin, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1220597 - CVE-2015-2708 Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46) 1220600 - CVE-2015-0797 Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47) 1220601 - CVE-2015-2710 Mozilla: Buffer overflow with SVG content and CSS (MFSA 2015-48) 1220605 - CVE-2015-2713 Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51) 1220607 - CVE-2015-2716 Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-38.0-4.el5_11.src.rpm i386: firefox-38.0-4.el5_11.i386.rpm firefox-debuginfo-38.0-4.el5_11.i386.rpm x86_64: firefox-38.0-4.el5_11.i386.rpm firefox-38.0-4.el5_11.x86_64.rpm firefox-debuginfo-38.0-4.el5_11.i386.rpm firefox-debuginfo-38.0-4.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-38.0-4.el5_11.src.rpm i386: firefox-38.0-4.el5_11.i386.rpm firefox-debuginfo-38.0-4.el5_11.i386.rpm ppc: firefox-38.0-4.el5_11.ppc64.rpm firefox-debuginfo-38.0-4.el5_11.ppc64.rpm s390x: firefox-38.0-4.el5_11.s390.rpm firefox-38.0-4.el5_11.s390x.rpm firefox-debuginfo-38.0-4.el5_11.s390.rpm firefox-debuginfo-38.0-4.el5_11.s390x.rpm x86_64: firefox-38.0-4.el5_11.i386.rpm firefox-38.0-4.el5_11.x86_64.rpm firefox-debuginfo-38.0-4.el5_11.i386.rpm firefox-debuginfo-38.0-4.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-38.0-4.el6_6.src.rpm i386: firefox-38.0-4.el6_6.i686.rpm firefox-debuginfo-38.0-4.el6_6.i686.rpm x86_64: firefox-38.0-4.el6_6.x86_64.rpm firefox-debuginfo-38.0-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-38.0-4.el6_6.i686.rpm firefox-debuginfo-38.0-4.el6_6.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-38.0-4.el6_6.src.rpm x86_64: firefox-38.0-4.el6_6.i686.rpm firefox-38.0-4.el6_6.x86_64.rpm firefox-debuginfo-38.0-4.el6_6.i686.rpm firefox-debuginfo-38.0-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-38.0-4.el6_6.src.rpm i386: firefox-38.0-4.el6_6.i686.rpm firefox-debuginfo-38.0-4.el6_6.i686.rpm ppc64: firefox-38.0-4.el6_6.ppc64.rpm firefox-debuginfo-38.0-4.el6_6.ppc64.rpm s390x: firefox-38.0-4.el6_6.s390x.rpm firefox-debuginfo-38.0-4.el6_6.s390x.rpm x86_64: firefox-38.0-4.el6_6.x86_64.rpm firefox-debuginfo-38.0-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-38.0-4.el6_6.ppc.rpm firefox-debuginfo-38.0-4.el6_6.ppc.rpm s390x: firefox-38.0-4.el6_6.s390.rpm firefox-debuginfo-38.0-4.el6_6.s390.rpm x86_64: firefox-38.0-4.el6_6.i686.rpm firefox-debuginfo-38.0-4.el6_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-38.0-4.el6_6.src.rpm i386: firefox-38.0-4.el6_6.i686.rpm firefox-debuginfo-38.0-4.el6_6.i686.rpm x86_64: firefox-38.0-4.el6_6.x86_64.rpm firefox-debuginfo-38.0-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-38.0-4.el6_6.i686.rpm firefox-debuginfo-38.0-4.el6_6.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-38.0-3.el7_1.src.rpm x86_64: firefox-38.0-3.el7_1.x86_64.rpm firefox-debuginfo-38.0-3.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-38.0-3.el7_1.i686.rpm firefox-debuginfo-38.0-3.el7_1.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.0-3.el7_1.src.rpm ppc64: firefox-38.0-3.el7_1.ppc64.rpm firefox-debuginfo-38.0-3.el7_1.ppc64.rpm s390x: firefox-38.0-3.el7_1.s390x.rpm firefox-debuginfo-38.0-3.el7_1.s390x.rpm x86_64: firefox-38.0-3.el7_1.x86_64.rpm firefox-debuginfo-38.0-3.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.0-3.ael7b_1.src.rpm ppc64le: firefox-38.0-3.ael7b_1.ppc64le.rpm firefox-debuginfo-38.0-3.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-38.0-3.el7_1.ppc.rpm firefox-debuginfo-38.0-3.el7_1.ppc.rpm s390x: firefox-38.0-3.el7_1.s390.rpm firefox-debuginfo-38.0-3.el7_1.s390.rpm x86_64: firefox-38.0-3.el7_1.i686.rpm firefox-debuginfo-38.0-3.el7_1.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-38.0-3.el7_1.src.rpm x86_64: firefox-38.0-3.el7_1.x86_64.rpm firefox-debuginfo-38.0-3.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-38.0-3.el7_1.i686.rpm firefox-debuginfo-38.0-3.el7_1.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0797 https://access.redhat.com/security/cve/CVE-2015-2708 https://access.redhat.com/security/cve/CVE-2015-2710 https://access.redhat.com/security/cve/CVE-2015-2713 https://access.redhat.com/security/cve/CVE-2015-2716 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.7 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUlPDXlSAg2UNWIIRAjNgAKCSiHfY1QpAMjak/eGsslAad7vLAgCfT2Nz PtELpNrbGu5Kew0IqJ79nO8= =4qNj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 20:16:58 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 20:16:58 +0000 Subject: [RHSA-2015:0980-01] Important: pcs security and bug fix update Message-ID: <201505122017.t4CKGxUu020343@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: pcs security and bug fix update Advisory ID: RHSA-2015:0980-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0980.html Issue date: 2015-05-12 CVE Names: CVE-2015-1848 ===================================================================== 1. Summary: Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server High Availability (v. 7) - x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64 3. Description: The pcs packages provide a command-line tool and a web UI to configure and manage the Pacemaker and Corosync tools. It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. (CVE-2015-1848) This issue was discovered by Tomas Jelinek of Red Hat. This update also fixes the following bug: * Previously, the Corosync tool allowed the two_node option and the auto_tie_breaker option to exist in the corosync.conf file at the same time. As a consequence, if both options were included, auto_tie_breaker was silently ignored and the two_node fence race decided which node would survive in the event of a communication break. With this update, the pcs daemon has been fixed so that it does not produce corosync.conf files with both two_node and auto_tie_breaker included. In addition, if both two_node and auto_tie_breaker are detected in corosync.conf, Corosync issues a message at start-up and disables two_node mode. As a result, auto_tie_breaker effectively overrides two_node mode if both options are specified. (BZ#1205848) All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the pcsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1208294 - CVE-2015-1848 pcs: improper web session variable signing 6. Package List: Red Hat Enterprise Linux Server High Availability (v. 7): Source: pcs-0.9.137-13.el7_1.2.src.rpm x86_64: pcs-0.9.137-13.el7_1.2.x86_64.rpm pcs-debuginfo-0.9.137-13.el7_1.2.x86_64.rpm python-clufter-0.9.137-13.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): Source: pcs-0.9.137-13.el7_1.2.src.rpm x86_64: pcs-0.9.137-13.el7_1.2.x86_64.rpm pcs-debuginfo-0.9.137-13.el7_1.2.x86_64.rpm python-clufter-0.9.137-13.el7_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1848 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUl+SXlSAg2UNWIIRAtfFAJ9EkSX9n1k4YqHPkSl1Ygu9PSHCeQCgjpta d4+bPXZP9qoXQwKgIM3UPu4= =/iGE -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 20:26:10 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 20:26:10 +0000 Subject: [RHSA-2015:0987-01] Important: kernel security and bug fix update Message-ID: <201505122026.t4CKQAlA025679@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0987-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0987.html Issue date: 2015-05-12 CVE Names: CVE-2015-3331 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. (CVE-2015-3331, Important) This update also fixes the following bugs: * Previously, the kernel audit subsystem did not correctly track file path names which could lead to empty, or "(null)" path names in the PATH audit records. This update fixes the bug by correctly tracking file path names and displaying the names in the audit PATH records. (BZ#1197746) * Due to a change in the internal representation of field types, AUDIT_LOGINUID set to -1 (4294967295) by the audit API was asymmetrically converted to an AUDIT_LOGINUID_SET field with a value of 0, unrecognized by an older audit API. To fix this bug, the kernel takes note about the way the rule has been formulated and reports the rule in the originally given form. As a result, older versions of audit provide a report as expected, in the AUDIT_LOGINUID field type form, whereas the newer versions can migrate to the new AUDIT_LOGINUID_SET filed type. (BZ#1197748) * The GFS2 file system "Splice Read" operation, which is used for the sendfile() function, was not properly allocating a required multi-block reservation structure in memory. Consequently, when the GFS2 block allocator was called to assign blocks of data, it attempted to dereference the structure, which resulted in a kernel panic. With this update, "Splice read" operation properly allocates the necessary reservation structure in memory prior to calling the block allocator, and sendfile() thus works properly for GFS2. (BZ#1201256) * Moving an Open vSwitch (OVS) internal vport to a different net name space and subsequently deleting that name space led to a kernel panic. This bug has been fixed by removing the OVS internal vport at net name space deletion. (BZ#1202357) * Previously, the kernel audit subsystem was not correctly handling file and directory moves, leading to audit records that did not match the audit file watches. This fix correctly handles moves such that the audit file watches work correctly. (BZ#1202358) * Due to a regression, the crypto adapter could not be set online. A patch has been provided that fixes the device registration process so that the device can be used also before the registration process is completed, thus fixing this bug. (BZ#1205300) * Due to incorrect calculation for entropy during the entropy addition, the amount of entropy in the /dev/random file could be overestimated. The formula for the entropy addition has been changed, thus fixing this bug. (BZ#1211288) * Previously, the ansi_cprng and drbg utilities did not obey the call convention and returned the positive value on success instead of the correct value of zero. Consequently, Internet Protocol Security (IPsec) terminated unexpectedly when ansi_cprng or drbg were used. With this update, ansi_cprng and drbg have been changed to return zero on success, and IPsec now functions correctly. (BZ#1211487) * Due to a failure to clear the timestamp flag when reusing a tx descriptor in the mlx4_en driver, programs that did not request a hardware timestamp packet on their sent data received it anyway, resulting in unexpected behavior in certain applications. With this update, when reusing the tx descriptor in the mlx4_en driver in the aforementioned situation, the hardware timestamp flag is cleared, and applications now behave as expected. (BZ#1209240) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1213322 - CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm ppc64: kernel-3.10.0-229.4.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.4.2.el7.ppc64.rpm kernel-debug-3.10.0-229.4.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.4.2.el7.ppc64.rpm kernel-devel-3.10.0-229.4.2.el7.ppc64.rpm kernel-headers-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.ppc64.rpm perf-3.10.0-229.4.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm s390x: kernel-3.10.0-229.4.2.el7.s390x.rpm kernel-debug-3.10.0-229.4.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debug-devel-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.4.2.el7.s390x.rpm kernel-devel-3.10.0-229.4.2.el7.s390x.rpm kernel-headers-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.4.2.el7.s390x.rpm perf-3.10.0-229.4.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-229.4.2.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.ael7b.noarch.rpm kernel-doc-3.10.0-229.4.2.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.4.2.ael7b.ppc64le.rpm perf-3.10.0-229.4.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm python-perf-3.10.0-229.4.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.4.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm python-perf-3.10.0-229.4.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: kernel-debug-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.4.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm python-perf-3.10.0-229.4.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3331 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUmGcXlSAg2UNWIIRAsfpAJ9YmfNyYt4EoC9mhXaS/Zwg2wgETwCfWOBl v7qGWhuTekqGe9HXDJv953M= =oNpZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 20:27:46 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 20:27:46 +0000 Subject: [RHSA-2015:0989-01] Important: kernel-rt security, bug fix, and enhancement update Message-ID: <201505122027.t4CKRlrg004616@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2015:0989-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0989.html Issue date: 2015-05-12 CVE Names: CVE-2015-3331 ===================================================================== 1. Summary: Updated kernel-rt packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. (CVE-2015-3331, Important) This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5, which is layered on Red Hat Enterprise Linux 6. The kernel-rt sources have been updated to include fixes for the following issues: * Audit subsystem not resolving path name on directory watches * audit watches do not track correctly after a rename * auditctl output is changed in RHEL 7 * megaraid_sas: non-booting system with intel_iommu=on kernel parameter * GFS2: kernel NULL pointer dereference in gfs2_inplace_reserve * Crypto adapter cannot be brought online - affect all HW * crypto/seqiv.c: wrong check of return code from crypto_rng_get_bytes * Backport crypto: sha256_ssse3 - also test for BMI2 * Null pointer at team_handle_frame+0x62/0x100 [team] * AES CTR x86_64 "by8" AVX optimization * Intel RDSEED - Fix for entropy counting * Intel SHA1 multi-buffer crypto implementation * Intel SHA1 AVX2 optimization support * mlx4_en: HW timestamp ends up in error queue of socket which does not have SO_TIMESTAMPING enabled (BZ#1213945) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1213322 - CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI 1213945 - RFE: rebase the 3.10 kernel-rt 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-229.rt56.151.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-229.rt56.151.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-229.rt56.151.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-229.rt56.151.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-229.rt56.151.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3331 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUmHwXlSAg2UNWIIRAkUDAJ980m45wasXDnOkBtIcm33xdlLF6wCghIhB WRnk1ucCmi0hk1j2/vmqf4s= =HlzT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 20:29:13 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 20:29:13 +0000 Subject: [RHSA-2015:0990-01] Important: pcs security and bug fix update Message-ID: <201505122029.t4CKTDdL001207@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: pcs security and bug fix update Advisory ID: RHSA-2015:0990-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0990.html Issue date: 2015-05-12 CVE Names: CVE-2015-1848 ===================================================================== 1. Summary: Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64 3. Description: The pcs packages provide a command-line tool and a web UI to configure and manage the Pacemaker and Corosync tools. It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. Note: the pcsd web UI is not enabled by default. (CVE-2015-1848) This issue was discovered by Tomas Jelinek of Red Hat. This update also fixes the following bug: * When the IPv6 protocol was disabled on a system, starting the pcsd daemon on this system previously failed. This update adds the ability for pcsd to fall back to IPv4 when IPv6 is not available. As a result, pcsd starts properly and uses IPv4 if IPv6 is disabled. (BZ#1212115) All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the pcsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1208294 - CVE-2015-1848 pcs: improper web session variable signing 6. Package List: Red Hat Enterprise Linux High Availability (v. 6): Source: pcs-0.9.123-9.el6_6.2.src.rpm i386: pcs-0.9.123-9.el6_6.2.i686.rpm pcs-debuginfo-0.9.123-9.el6_6.2.i686.rpm x86_64: pcs-0.9.123-9.el6_6.2.x86_64.rpm pcs-debuginfo-0.9.123-9.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 6): Source: pcs-0.9.123-9.el6_6.2.src.rpm i386: pcs-0.9.123-9.el6_6.2.i686.rpm pcs-debuginfo-0.9.123-9.el6_6.2.i686.rpm x86_64: pcs-0.9.123-9.el6_6.2.x86_64.rpm pcs-debuginfo-0.9.123-9.el6_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1848 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUmJXXlSAg2UNWIIRAow7AJsEDxqzAzPFjmjSoQiPV/fxjHq4AQCfbK8h 5r468jrlJR1bZOknaf0cRRQ= =13ZZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 20:35:48 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 20:35:48 +0000 Subject: [RHSA-2015:0991-01] Moderate: tomcat6 security and bug fix update Message-ID: <201505122035.t4CKZnx3008780@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2015:0991-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0991.html Issue date: 2015-05-12 CVE Names: CVE-2014-0227 ===================================================================== 1. Summary: Updated tomcat6 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) This update also fixes the following bug: * Before this update, the tomcat6 init script did not try to kill the tomcat process if an attempt to stop it was unsuccessful, which would prevent tomcat from restarting properly. The init script was modified to correct this issue. (BZ#1207048) All Tomcat 6 users are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1109196 - CVE-2014-0227 Tomcat/JBossWeb: request smuggling andl imited DoS in ChunkedInputFilter 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: tomcat6-6.0.24-83.el6_6.src.rpm i386: tomcat6-6.0.24-83.el6_6.i686.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-lib-6.0.24-83.el6_6.i686.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.i686.rpm tomcat6-webapps-6.0.24-83.el6_6.i686.rpm x86_64: tomcat6-6.0.24-83.el6_6.x86_64.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-83.el6_6.src.rpm i386: tomcat6-6.0.24-83.el6_6.i686.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-lib-6.0.24-83.el6_6.i686.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.i686.rpm tomcat6-webapps-6.0.24-83.el6_6.i686.rpm x86_64: tomcat6-6.0.24-83.el6_6.x86_64.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: tomcat6-6.0.24-83.el6_6.src.rpm x86_64: tomcat6-6.0.24-83.el6_6.x86_64.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-83.el6_6.src.rpm x86_64: tomcat6-6.0.24-83.el6_6.x86_64.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-83.el6_6.src.rpm i386: tomcat6-6.0.24-83.el6_6.i686.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-lib-6.0.24-83.el6_6.i686.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.i686.rpm tomcat6-webapps-6.0.24-83.el6_6.i686.rpm ppc64: tomcat6-6.0.24-83.el6_6.ppc64.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.ppc64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.ppc64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.ppc64.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.ppc64.rpm tomcat6-javadoc-6.0.24-83.el6_6.ppc64.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.ppc64.rpm tomcat6-lib-6.0.24-83.el6_6.ppc64.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.ppc64.rpm tomcat6-webapps-6.0.24-83.el6_6.ppc64.rpm s390x: tomcat6-6.0.24-83.el6_6.s390x.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.s390x.rpm tomcat6-debuginfo-6.0.24-83.el6_6.s390x.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.s390x.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.s390x.rpm tomcat6-javadoc-6.0.24-83.el6_6.s390x.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.s390x.rpm tomcat6-lib-6.0.24-83.el6_6.s390x.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.s390x.rpm tomcat6-webapps-6.0.24-83.el6_6.s390x.rpm x86_64: tomcat6-6.0.24-83.el6_6.x86_64.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm tomcat6-webapps-6.0.24-83.el6_6.i686.rpm ppc64: tomcat6-admin-webapps-6.0.24-83.el6_6.ppc64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.ppc64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.ppc64.rpm tomcat6-javadoc-6.0.24-83.el6_6.ppc64.rpm tomcat6-webapps-6.0.24-83.el6_6.ppc64.rpm s390x: tomcat6-admin-webapps-6.0.24-83.el6_6.s390x.rpm tomcat6-debuginfo-6.0.24-83.el6_6.s390x.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.s390x.rpm tomcat6-javadoc-6.0.24-83.el6_6.s390x.rpm tomcat6-webapps-6.0.24-83.el6_6.s390x.rpm x86_64: tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-83.el6_6.src.rpm i386: tomcat6-6.0.24-83.el6_6.i686.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.i686.rpm tomcat6-lib-6.0.24-83.el6_6.i686.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.i686.rpm tomcat6-webapps-6.0.24-83.el6_6.i686.rpm x86_64: tomcat6-6.0.24-83.el6_6.x86_64.rpm tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm tomcat6-webapps-6.0.24-83.el6_6.i686.rpm x86_64: tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0227 https://access.redhat.com/security/updates/classification/#moderate https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUmLIXlSAg2UNWIIRAt88AJwJq6Ag5AspNli+CUC0yZwWGPbvdACeMsrA C4/RY1qgnY7waDuBnQ2BEuM= =/G33 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 20:53:08 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 20:53:08 +0000 Subject: [RHSA-2015:0981-01] Important: kernel-rt security, bug fix, and enhancement update Message-ID: <201505122053.t4CKr9uZ014464@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2015:0981-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0981.html Issue date: 2015-05-12 CVE Names: CVE-2015-3331 ===================================================================== 1. Summary: Updated kernel-rt packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. (CVE-2015-3331, Important) The kernel-rt packages have been upgraded to version 3.10.0-229.4.1, which provides a number of bug fixes and enhancements over the previous version, including: * Audit subsystem not resolving path name on directory watches * audit watches do not track correctly after a rename * auditctl output is changed in RHEL 7 * megaraid_sas: non-booting system with intel_iommu=on kernel parameter * GFS2: kernel NULL pointer dereference in gfs2_inplace_reserve * Crypto adapter cannot be brought online - affect all HW * crypto/seqiv.c: wrong check of return code from crypto_rng_get_bytes * Backport crypto: sha256_ssse3 - also test for BMI2 * Null pointer at team_handle_frame+0x62/0x100 [team] * AES CTR x86_64 "by8" AVX optimization * Intel RDSEED - Fix for entropy counting * Intel SHA1 multi-buffer crypto implementation * Intel SHA1 AVX2 optimization support * mlx4_en: HW timestamp ends up in error queue of socket which does not have SO_TIMESTAMPING enabled (BZ#1209963) This update also fixes the following bugs: * Prior to this update, heavy lock contention occurred on systems with greater than 32 cores when large numbers of tasks went idle simultaneously. Consequently, all the idle CPUs attempted to acquire the run-queue (rq) lock of a CPU with extra tasks in order to pull those run-able tasks. This increased scheduler latency due to the lock contention. Instead of each idle CPU attempting to acquire the run-queue lock, now each idle CPU will send an IPI to let the overloaded CPU select one core to pull tasks from it. The result is less spin-lock contention on the rq lock and produces improved scheduler response time. (BZ#1210924) * The CONFIG_NO_HZ logic enabled/disabled the timer tick every time a CPU went into an idle state. This timer tick manipulation caused the system performance (throughput) to suffer. The CONFIG_NO_HZ configuration setting is now turned off by default, which increases the throughput due to the lower idle overhead while allowing system administrators to enable it selectively in their environment. (BZ#1210597) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1209963 - kernel-rt: rebase tree to match RHEL7.1.z source tree 1213322 - CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI 6. Package List: Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-229.4.2.rt56.141.6.el7_1.src.rpm noarch: kernel-rt-doc-3.10.0-229.4.2.rt56.141.6.el7_1.noarch.rpm x86_64: kernel-rt-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-debug-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-debug-devel-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-debuginfo-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-devel-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-trace-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm kernel-rt-trace-devel-3.10.0-229.4.2.rt56.141.6.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3331 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUmfyXlSAg2UNWIIRAs8AAKCJ8KEowk5nwRonwGvEgOgjZXKgEACgvOHo 6UW1vdg5XM/o7OCxkfY7gLo= =uvqw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 21:01:03 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 21:01:03 +0000 Subject: [RHSA-2015:0983-01] Moderate: tomcat security update Message-ID: <201505122101.t4CL137R024129@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat security update Advisory ID: RHSA-2015:0983-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0983.html Issue date: 2015-05-12 CVE Names: CVE-2014-0227 ===================================================================== 1. Summary: Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1109196 - CVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.54-2.el7_1.src.rpm noarch: tomcat-servlet-3.0-api-7.0.54-2.el7_1.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.54-2.el7_1.noarch.rpm tomcat-admin-webapps-7.0.54-2.el7_1.noarch.rpm tomcat-docs-webapp-7.0.54-2.el7_1.noarch.rpm tomcat-el-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-javadoc-7.0.54-2.el7_1.noarch.rpm tomcat-jsp-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-jsvc-7.0.54-2.el7_1.noarch.rpm tomcat-lib-7.0.54-2.el7_1.noarch.rpm tomcat-webapps-7.0.54-2.el7_1.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.54-2.el7_1.src.rpm noarch: tomcat-servlet-3.0-api-7.0.54-2.el7_1.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.54-2.el7_1.noarch.rpm tomcat-admin-webapps-7.0.54-2.el7_1.noarch.rpm tomcat-docs-webapp-7.0.54-2.el7_1.noarch.rpm tomcat-el-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-javadoc-7.0.54-2.el7_1.noarch.rpm tomcat-jsp-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-jsvc-7.0.54-2.el7_1.noarch.rpm tomcat-lib-7.0.54-2.el7_1.noarch.rpm tomcat-webapps-7.0.54-2.el7_1.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.54-2.el7_1.src.rpm noarch: tomcat-7.0.54-2.el7_1.noarch.rpm tomcat-admin-webapps-7.0.54-2.el7_1.noarch.rpm tomcat-el-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-jsp-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-lib-7.0.54-2.el7_1.noarch.rpm tomcat-servlet-3.0-api-7.0.54-2.el7_1.noarch.rpm tomcat-webapps-7.0.54-2.el7_1.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.54-2.ael7b_1.src.rpm noarch: tomcat-7.0.54-2.ael7b_1.noarch.rpm tomcat-admin-webapps-7.0.54-2.ael7b_1.noarch.rpm tomcat-el-2.2-api-7.0.54-2.ael7b_1.noarch.rpm tomcat-jsp-2.2-api-7.0.54-2.ael7b_1.noarch.rpm tomcat-lib-7.0.54-2.ael7b_1.noarch.rpm tomcat-servlet-3.0-api-7.0.54-2.ael7b_1.noarch.rpm tomcat-webapps-7.0.54-2.ael7b_1.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-7.0.54-2.el7_1.noarch.rpm tomcat-admin-webapps-7.0.54-2.el7_1.noarch.rpm tomcat-docs-webapp-7.0.54-2.el7_1.noarch.rpm tomcat-el-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-javadoc-7.0.54-2.el7_1.noarch.rpm tomcat-jsp-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-jsvc-7.0.54-2.el7_1.noarch.rpm tomcat-lib-7.0.54-2.el7_1.noarch.rpm tomcat-webapps-7.0.54-2.el7_1.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-docs-webapp-7.0.54-2.ael7b_1.noarch.rpm tomcat-javadoc-7.0.54-2.ael7b_1.noarch.rpm tomcat-jsvc-7.0.54-2.ael7b_1.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.54-2.el7_1.src.rpm noarch: tomcat-7.0.54-2.el7_1.noarch.rpm tomcat-admin-webapps-7.0.54-2.el7_1.noarch.rpm tomcat-el-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-jsp-2.2-api-7.0.54-2.el7_1.noarch.rpm tomcat-lib-7.0.54-2.el7_1.noarch.rpm tomcat-servlet-3.0-api-7.0.54-2.el7_1.noarch.rpm tomcat-webapps-7.0.54-2.el7_1.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.54-2.el7_1.noarch.rpm tomcat-javadoc-7.0.54-2.el7_1.noarch.rpm tomcat-jsvc-7.0.54-2.el7_1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0227 https://access.redhat.com/security/updates/classification/#moderate https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUmoBXlSAg2UNWIIRAnNWAJ0UMhWJfg3HyBo7f0PMlD2cAXiAiQCeMvYb dvmn/pow4QXOB57tzm4dnbg= =YS40 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 12 21:02:08 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 May 2015 21:02:08 +0000 Subject: [RHSA-2015:0986-01] Moderate: kexec-tools security, bug fix, and enhancement update Message-ID: <201505122102.t4CL29VN011454@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kexec-tools security, bug fix, and enhancement update Advisory ID: RHSA-2015:0986-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0986.html Issue date: 2015-05-12 CVE Names: CVE-2015-0267 ===================================================================== 1. Summary: Updated kexec-tools packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2015-0267) This issue was discovered by Harald Hoyer of Red Hat. This update also fixes the following bug: * On Red Hat Enterprise Linux Atomic Host systems, the kdump tool previously saved kernel crash dumps in the /sysroot/crash file instead of the /var/crash file. The parsing error that caused this problem has been fixed, and the kernel crash dumps are now correctly saved in /var/crash. (BZ#1206464) In addition, this update adds the following enhancement: * The makedumpfile command now supports the new sadump format that can represent more than 16 TB of physical memory space. This allows users of makedumpfile to read dump files over 16 TB, generated by sadump on certain upcoming server models. (BZ#1208753) All kexec-tools users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191575 - CVE-2015-0267 kexec-tools: insecure use of /tmp/*$$* filenames 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kexec-tools-2.0.7-19.el7_1.2.src.rpm x86_64: kexec-tools-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kexec-tools-anaconda-addon-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-eppic-2.0.7-19.el7_1.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kexec-tools-2.0.7-19.el7_1.2.src.rpm x86_64: kexec-tools-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kexec-tools-anaconda-addon-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-eppic-2.0.7-19.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kexec-tools-2.0.7-19.el7_1.2.src.rpm ppc64: kexec-tools-2.0.7-19.el7_1.2.ppc64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.ppc64.rpm s390x: kexec-tools-2.0.7-19.el7_1.2.s390x.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.s390x.rpm x86_64: kexec-tools-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kexec-tools-2.0.7-19.ael7b_1.2.src.rpm ppc64le: kexec-tools-2.0.7-19.ael7b_1.2.ppc64le.rpm kexec-tools-debuginfo-2.0.7-19.ael7b_1.2.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kexec-tools-anaconda-addon-2.0.7-19.el7_1.2.ppc64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.ppc64.rpm kexec-tools-eppic-2.0.7-19.el7_1.2.ppc64.rpm s390x: kexec-tools-anaconda-addon-2.0.7-19.el7_1.2.s390x.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.s390x.rpm kexec-tools-eppic-2.0.7-19.el7_1.2.s390x.rpm x86_64: kexec-tools-anaconda-addon-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-eppic-2.0.7-19.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: kexec-tools-anaconda-addon-2.0.7-19.ael7b_1.2.ppc64le.rpm kexec-tools-debuginfo-2.0.7-19.ael7b_1.2.ppc64le.rpm kexec-tools-eppic-2.0.7-19.ael7b_1.2.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kexec-tools-2.0.7-19.el7_1.2.src.rpm x86_64: kexec-tools-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kexec-tools-anaconda-addon-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm kexec-tools-eppic-2.0.7-19.el7_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0267 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVUmo5XlSAg2UNWIIRAtOpAJ9+F2apFeql3XonJOByyYvGUTby4wCaApKH lV/tuvpS2USiYqoLVHozykU= =462W -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 13:59:23 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 13:59:23 +0000 Subject: [RHSA-2015:0998-01] Important: qemu-kvm security update Message-ID: <201505131359.t4DDxNo0004041@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2015:0998-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0998.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU1WmXlSAg2UNWIIRAtR4AJ0Yq5JfiOetVc0b83kPjp8ne2b/CACfYSYm pxeaEWQ2jmTgAETsTFYU3DQ= =ymVO -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 14:03:56 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 14:03:56 +0000 Subject: [RHSA-2015:1002-01] Important: xen security update Message-ID: <201505131403.t4DE3usF008004@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2015:1002-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1002.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.i386.rpm x86_64: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-libs-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.i386.rpm x86_64: xen-3.0.3-146.el5_11.x86_64.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-devel-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.i386.rpm ia64: xen-debuginfo-3.0.3-146.el5_11.ia64.rpm xen-libs-3.0.3-146.el5_11.ia64.rpm x86_64: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-libs-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.x86_64.rpm RHEL Virtualization (v. 5 server): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.i386.rpm ia64: xen-3.0.3-146.el5_11.ia64.rpm xen-debuginfo-3.0.3-146.el5_11.ia64.rpm xen-devel-3.0.3-146.el5_11.ia64.rpm x86_64: xen-3.0.3-146.el5_11.x86_64.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-devel-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU1nEXlSAg2UNWIIRAqUxAJ4/PAGie2atGBxiE9sxg6XvYfOdnwCghYMV N+LpzXLkVxe9V4a19FaVRjk= =UhFF -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 14:04:30 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 14:04:30 +0000 Subject: [RHSA-2015:1003-01] Important: kvm security update Message-ID: <201505131404.t4DE4VND000843@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2015:1003-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1003.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: kvm-83-272.el5_11.src.rpm x86_64: kmod-kvm-83-272.el5_11.x86_64.rpm kmod-kvm-debug-83-272.el5_11.x86_64.rpm kvm-83-272.el5_11.x86_64.rpm kvm-debuginfo-83-272.el5_11.x86_64.rpm kvm-qemu-img-83-272.el5_11.x86_64.rpm kvm-tools-83-272.el5_11.x86_64.rpm RHEL Virtualization (v. 5 server): Source: kvm-83-272.el5_11.src.rpm x86_64: kmod-kvm-83-272.el5_11.x86_64.rpm kmod-kvm-debug-83-272.el5_11.x86_64.rpm kvm-83-272.el5_11.x86_64.rpm kvm-debuginfo-83-272.el5_11.x86_64.rpm kvm-qemu-img-83-272.el5_11.x86_64.rpm kvm-tools-83-272.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU1nfXlSAg2UNWIIRAtvxAKCVxqsaYdrCQN16dcpCIKajKnUzHgCfVy1r 6y8+9uFGI3F4Epc74lb8mrg= =sjA3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 14:09:06 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 14:09:06 +0000 Subject: [RHSA-2015:1004-01] Important: qemu-kvm-rhev security update Message-ID: <201505131409.t4DE96c1004492@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2015:1004-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1004.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0, Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6 and 7, and Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - x86_64 Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64 Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.448.el6_6.3.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm Red Hat Enterprise Linux OpenStack Platform 4.0: Source: qemu-kvm-rhev-0.12.1.2-2.448.el6_6.3.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: qemu-kvm-rhev-2.1.2-23.el7_1.3.src.rpm x86_64: libcacard-devel-rhev-2.1.2-23.el7_1.3.x86_64.rpm libcacard-rhev-2.1.2-23.el7_1.3.x86_64.rpm libcacard-tools-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-img-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-common-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-rhev-debuginfo-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-tools-rhev-2.1.2-23.el7_1.3.x86_64.rpm Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: qemu-kvm-rhev-2.1.2-23.el7_1.3.src.rpm x86_64: libcacard-devel-rhev-2.1.2-23.el7_1.3.x86_64.rpm libcacard-rhev-2.1.2-23.el7_1.3.x86_64.rpm libcacard-tools-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-img-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-common-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-rhev-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-rhev-debuginfo-2.1.2-23.el7_1.3.x86_64.rpm qemu-kvm-tools-rhev-2.1.2-23.el7_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU1r3XlSAg2UNWIIRApKIAKCh3wJQQr1QDANWAJkSRw5lzwtC/ACcDQ1s hEgBftSOosIvntCB3EVAAI4= =inh2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 14:10:01 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 14:10:01 +0000 Subject: [RHSA-2015:0999-01] Important: qemu-kvm security update Message-ID: <201505131410.t4DEA1aW005142@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2015:0999-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0999.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm ppc64: qemu-img-1.5.3-86.el7_1.2.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.ppc64.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcacard-1.5.3-86.el7_1.2.ppc.rpm libcacard-1.5.3-86.el7_1.2.ppc64.rpm libcacard-devel-1.5.3-86.el7_1.2.ppc.rpm libcacard-devel-1.5.3-86.el7_1.2.ppc64.rpm libcacard-tools-1.5.3-86.el7_1.2.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.ppc.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.ppc64.rpm x86_64: libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU1swXlSAg2UNWIIRAshIAKCZWkFNWcyvUBOx0PV9ta8YOtLgbgCdFbuw V78Qd9SnhHVz0MTvjdFcFu0= =+Vrr -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 14:23:26 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 14:23:26 +0000 Subject: [RHSA-2015:1005-01] Critical: flash-plugin security update Message-ID: <201505131423.t4DENQMf021808@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1005-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1005.html Issue date: 2015-05-13 CVE Names: CVE-2015-3077 CVE-2015-3078 CVE-2015-3079 CVE-2015-3080 CVE-2015-3082 CVE-2015-3083 CVE-2015-3084 CVE-2015-3085 CVE-2015-3086 CVE-2015-3087 CVE-2015-3088 CVE-2015-3089 CVE-2015-3090 CVE-2015-3091 CVE-2015-3092 CVE-2015-3093 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3077, CVE-2015-3078, CVE-2015-3080, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093) A security bypass flaw was found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2015-3079) Two memory information leak flaws were found in flash-plugin that could allow an attacker to potentially bypass ASLR (Address Space Layout Randomization) protection, and make it easier to exploit other flaws. (CVE-2015-3091, CVE-2015-3092) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.460. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1221037 - flash-plugin: multiple code execution issues fixed in APSB15-09 1221054 - CVE-2015-3091 CVE-2015-3092 flash-plugin: information leaks leading to ASLR bypass (APSB15-09) 1221067 - CVE-2015-3079 flash-plugin: security bypass leading to information disclosure (APSB15-09) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.460-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.460-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.460-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.460-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.460-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.460-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.460-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.460-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.460-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.460-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3077 https://access.redhat.com/security/cve/CVE-2015-3078 https://access.redhat.com/security/cve/CVE-2015-3079 https://access.redhat.com/security/cve/CVE-2015-3080 https://access.redhat.com/security/cve/CVE-2015-3082 https://access.redhat.com/security/cve/CVE-2015-3083 https://access.redhat.com/security/cve/CVE-2015-3084 https://access.redhat.com/security/cve/CVE-2015-3085 https://access.redhat.com/security/cve/CVE-2015-3086 https://access.redhat.com/security/cve/CVE-2015-3087 https://access.redhat.com/security/cve/CVE-2015-3088 https://access.redhat.com/security/cve/CVE-2015-3089 https://access.redhat.com/security/cve/CVE-2015-3090 https://access.redhat.com/security/cve/CVE-2015-3091 https://access.redhat.com/security/cve/CVE-2015-3092 https://access.redhat.com/security/cve/CVE-2015-3093 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-09.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU14cXlSAg2UNWIIRAnohAJ9iXHkluxZAUqdBK4kBWtsWKVtoWwCcDcyk hCnlu6h8oa0dBCAE87w7uSg= =Ph69 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 14:25:01 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 14:25:01 +0000 Subject: [RHSA-2015:1006-01] Critical: java-1.6.0-ibm security update Message-ID: <201505131425.t4DEP2Bh028438@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2015:1006-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1006.html Issue date: 2015-05-13 CVE Names: CVE-2005-1080 CVE-2015-0138 CVE-2015-0192 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-2808 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP4 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass 1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass 1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0138 https://access.redhat.com/security/cve/CVE-2015-0192 https://access.redhat.com/security/cve/CVE-2015-0458 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-1914 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU16HXlSAg2UNWIIRAv4ZAKCZFz3t93vvFLN3TKeIIkrCLCfJVgCgkgwf 4gqMoizth0uxHxklRYtWjSo= =gCmI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 13 14:27:16 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 May 2015 14:27:16 +0000 Subject: [RHSA-2015:1007-01] Critical: java-1.7.0-ibm security update Message-ID: <201505131427.t4DERH3W031305@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2015:1007-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1007.html Issue date: 2015-05-13 CVE Names: CVE-2005-1080 CVE-2015-0138 CVE-2015-0192 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-2808 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass 1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass 1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.i386.rpm ppc: java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.0-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0138 https://access.redhat.com/security/cve/CVE-2015-0192 https://access.redhat.com/security/cve/CVE-2015-0458 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-1914 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU17bXlSAg2UNWIIRAposAKCl1KKypq8jh2fZMiMQSgQebqOoUACgv6ub 8xby/2Wo5myeInqZfXjH5zs= =ltGy -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 18 09:19:38 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 May 2015 09:19:38 +0000 Subject: [RHSA-2015:1012-01] Important: thunderbird security update Message-ID: <201505180907.t4I97h1o003421@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2015:1012-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1012.html Issue date: 2015-05-18 CVE Names: CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2716) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.7, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1220597 - CVE-2015-2708 Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46) 1220601 - CVE-2015-2710 Mozilla: Buffer overflow with SVG content and CSS (MFSA 2015-48) 1220605 - CVE-2015-2713 Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51) 1220607 - CVE-2015-2716 Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-31.7.0-1.el5_11.src.rpm i386: thunderbird-31.7.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.7.0-1.el5_11.i386.rpm x86_64: thunderbird-31.7.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el5_11.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: thunderbird-31.7.0-1.el5_11.src.rpm i386: thunderbird-31.7.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.7.0-1.el5_11.i386.rpm x86_64: thunderbird-31.7.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-31.7.0-1.el6_6.src.rpm i386: thunderbird-31.7.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.7.0-1.el6_6.i686.rpm x86_64: thunderbird-31.7.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-31.7.0-1.el6_6.src.rpm i386: thunderbird-31.7.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.7.0-1.el6_6.i686.rpm ppc64: thunderbird-31.7.0-1.el6_6.ppc64.rpm thunderbird-debuginfo-31.7.0-1.el6_6.ppc64.rpm s390x: thunderbird-31.7.0-1.el6_6.s390x.rpm thunderbird-debuginfo-31.7.0-1.el6_6.s390x.rpm x86_64: thunderbird-31.7.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-31.7.0-1.el6_6.src.rpm i386: thunderbird-31.7.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.7.0-1.el6_6.i686.rpm x86_64: thunderbird-31.7.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-31.7.0-1.el7_1.src.rpm x86_64: thunderbird-31.7.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-31.7.0-1.el7_1.src.rpm x86_64: thunderbird-31.7.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-31.7.0-1.ael7b_1.src.rpm ppc64le: thunderbird-31.7.0-1.ael7b_1.ppc64le.rpm thunderbird-debuginfo-31.7.0-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-31.7.0-1.el7_1.src.rpm x86_64: thunderbird-31.7.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-31.7.0-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-2708 https://access.redhat.com/security/cve/CVE-2015-2710 https://access.redhat.com/security/cve/CVE-2015-2713 https://access.redhat.com/security/cve/CVE-2015-2716 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVWavPXlSAg2UNWIIRAppBAKCgQS+pawRYI0wRJig/zueSJxN9YgCgv8k/ KFMzIUXgvId2tLZDiyVRqSY= =WWMG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 20 19:50:47 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 May 2015 19:50:47 +0000 Subject: [RHSA-2015:1020-01] Critical: java-1.7.1-ibm security update Message-ID: <201505201950.t4KJolng024423@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2015:1020-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1020.html Issue date: 2015-05-20 CVE Names: CVE-2005-1080 CVE-2015-0138 CVE-2015-0192 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-2808 ===================================================================== 1. Summary: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass 1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass 1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.ppc.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.s390.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.ppc.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el7_1.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.s390.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64le: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.ael7b_1.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.ael7b_1.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.ael7b_1.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.ael7b_1.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.0-1jpp.2.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0138 https://access.redhat.com/security/cve/CVE-2015-0192 https://access.redhat.com/security/cve/CVE-2015-0458 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-1914 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVXOTGXlSAg2UNWIIRAvfJAJ9DovG7A8ayKhzQHDvfw5uZBYQYugCeKjis QkKpSNCwvzHfJyVERdTh+TM= =or85 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 20 19:53:06 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 May 2015 19:53:06 +0000 Subject: [RHSA-2015:1021-01] Important: java-1.5.0-ibm security update Message-ID: <201505201953.t4KJr7b4007728@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2015:1021-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1021.html Issue date: 2015-05-20 CVE Names: CVE-2005-1080 CVE-2015-0138 CVE-2015-0192 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-2808 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section. Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP10 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass 1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass 1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0138 https://access.redhat.com/security/cve/CVE-2015-0192 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-1914 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4 https://www.ibm.com/developerworks/java/jdk/lifecycle/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVXOXmXlSAg2UNWIIRAv6RAJ0Wli4mxD2sHeRcN+jUh3Sd0yaBQgCdEdn+ v8Nap371hJaGfnf1nw5/Yz8= =rSqP -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 25 04:50:15 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 May 2015 04:50:15 +0000 Subject: [RHSA-2015:1023-01] Important: chromium-browser security update Message-ID: <201505250438.t4P4cFJN011562@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2015:1023-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1023.html Issue date: 2015-05-25 CVE Names: CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265) All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1223258 - CVE-2015-1251 chromium-browser: Use-after-free in Speech. 1223259 - CVE-2015-1252 chromium-browser: Sandbox escape in Chrome. 1223260 - CVE-2015-1253 chromium-browser: Cross-origin bypass in DOM. 1223261 - CVE-2015-1254 chromium-browser: Cross-origin bypass in Editing. 1223262 - CVE-2015-1255 chromium-browser: Use-after-free in WebAudio. 1223263 - CVE-2015-1256 chromium-browser: Use-after-free in SVG. 1223264 - CVE-2015-1257 chromium-browser: Container-overflow in SVG. 1223266 - CVE-2015-1258 chromium-browser: Negative-size parameter in Libvpx. 1223267 - CVE-2015-1259 chromium-browser: Uninitialized value in PDFium. 1223268 - CVE-2015-1260 chromium-browser: Use-after-free in WebRTC. 1223269 - CVE-2015-1261 chromium-browser: URL bar spoofing in unspecified component 1223270 - CVE-2015-1262 chromium-browser: Uninitialized value in Blink. 1223271 - CVE-2015-1263 chromium-browser: insecure download of spellcheck dictionary in unspecified component 1223272 - CVE-2015-1264 chromium-browser: Cross-site scripting in bookmarks. 1223273 - CVE-2015-1265 chromium-browser: Various fixes from internal audits, fuzzing and other initiatives. 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-43.0.2357.65-1.el6_6.i686.rpm chromium-browser-debuginfo-43.0.2357.65-1.el6_6.i686.rpm x86_64: chromium-browser-43.0.2357.65-1.el6_6.x86_64.rpm chromium-browser-debuginfo-43.0.2357.65-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-43.0.2357.65-1.el6_6.i686.rpm chromium-browser-debuginfo-43.0.2357.65-1.el6_6.i686.rpm x86_64: chromium-browser-43.0.2357.65-1.el6_6.x86_64.rpm chromium-browser-debuginfo-43.0.2357.65-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-43.0.2357.65-1.el6_6.i686.rpm chromium-browser-debuginfo-43.0.2357.65-1.el6_6.i686.rpm x86_64: chromium-browser-43.0.2357.65-1.el6_6.x86_64.rpm chromium-browser-debuginfo-43.0.2357.65-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1251 https://access.redhat.com/security/cve/CVE-2015-1252 https://access.redhat.com/security/cve/CVE-2015-1253 https://access.redhat.com/security/cve/CVE-2015-1254 https://access.redhat.com/security/cve/CVE-2015-1255 https://access.redhat.com/security/cve/CVE-2015-1256 https://access.redhat.com/security/cve/CVE-2015-1257 https://access.redhat.com/security/cve/CVE-2015-1258 https://access.redhat.com/security/cve/CVE-2015-1259 https://access.redhat.com/security/cve/CVE-2015-1260 https://access.redhat.com/security/cve/CVE-2015-1261 https://access.redhat.com/security/cve/CVE-2015-1262 https://access.redhat.com/security/cve/CVE-2015-1263 https://access.redhat.com/security/cve/CVE-2015-1264 https://access.redhat.com/security/cve/CVE-2015-1265 https://access.redhat.com/security/updates/classification/#important https://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVYqb1XlSAg2UNWIIRAvcFAJ44mRGgEbZnE0rOK58VHWFVymdbCACfbwUM pDfvHmlSb5LnH4GRzlMxBW4= =ikCN -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 27 12:56:39 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 May 2015 12:56:39 +0000 Subject: [RHSA-2015:1030-01] Important: kernel security and bug fix update Message-ID: <201505271256.t4RCudMg014924@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:1030-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1030.html Issue date: 2015-05-27 CVE Names: CVE-2015-1421 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) This issue was discovered by Sun Baoliang of Red Hat. This update also fixes the following bugs: * When ARP is disabled on an interface with an ARP entry for a neighbor host present in the ARP cache, letting the cached entry expire and attempting to communicate with that neighbor host could cause the host MAC address to not be resolved correctly after ARP is enabled again on the interface. With the following workaround, the entry is not expired and the described scenario works correctly: 1) Add the maximum number of ARP entries you expect for your configuration to the proc/sys/net/ipv4/neigh/default/gc_thresh file. 2) Ensure that relevant IP addresses are put in the ARP cache when the system boots, for example by executing the following two commands: ping [IP address] -c 1 ifconfig ethX -arp (BZ#1207350) * Previously, the open() system call in some cases failed with an EBUSY error if the opened file was also being renamed at the same time. With this update, the kernel automatically retries open() when this failure occurs, and if the retry is not successful either, open() now fails with an ESTALE error. (BZ#1207813) * Previously, a race condition occurred in the build_id_cache__add_s() function, which could truncate system files. A patch has been provided to fix this bug, and system files are no longer truncated in the aforementioned scenario. (BZ#1210591) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1196581 - CVE-2015-1421 kernel: net: slab corruption from use after free on INIT collisions 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.61.1.el6.src.rpm i386: kernel-2.6.32-358.61.1.el6.i686.rpm kernel-debug-2.6.32-358.61.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.61.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.61.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.61.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.61.1.el6.i686.rpm kernel-devel-2.6.32-358.61.1.el6.i686.rpm kernel-headers-2.6.32-358.61.1.el6.i686.rpm perf-2.6.32-358.61.1.el6.i686.rpm perf-debuginfo-2.6.32-358.61.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.61.1.el6.noarch.rpm kernel-firmware-2.6.32-358.61.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.61.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.61.1.el6.ppc64.rpm kernel-debug-2.6.32-358.61.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.61.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.61.1.el6.ppc64.rpm kernel-devel-2.6.32-358.61.1.el6.ppc64.rpm kernel-headers-2.6.32-358.61.1.el6.ppc64.rpm perf-2.6.32-358.61.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.61.1.el6.s390x.rpm kernel-debug-2.6.32-358.61.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.61.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.61.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.61.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.61.1.el6.s390x.rpm kernel-devel-2.6.32-358.61.1.el6.s390x.rpm kernel-headers-2.6.32-358.61.1.el6.s390x.rpm kernel-kdump-2.6.32-358.61.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.61.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.61.1.el6.s390x.rpm perf-2.6.32-358.61.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.61.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.61.1.el6.x86_64.rpm kernel-debug-2.6.32-358.61.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.61.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.61.1.el6.x86_64.rpm kernel-devel-2.6.32-358.61.1.el6.x86_64.rpm kernel-headers-2.6.32-358.61.1.el6.x86_64.rpm perf-2.6.32-358.61.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.61.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.61.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.61.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.61.1.el6.i686.rpm perf-debuginfo-2.6.32-358.61.1.el6.i686.rpm python-perf-2.6.32-358.61.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.61.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm python-perf-2.6.32-358.61.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.61.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.61.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.61.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.61.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.61.1.el6.s390x.rpm python-perf-2.6.32-358.61.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.61.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm python-perf-2.6.32-358.61.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.61.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1421 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVZb7xXlSAg2UNWIIRAmpYAJ9RAaEblVDjnR5QCc4qH6NIi1qD1ACgqBUo 9Mwc39bZRBuTBT0QkzRY64M= =wPcF -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 27 12:55:49 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 May 2015 12:55:49 +0000 Subject: [RHSA-2015:1031-01] Important: qemu-kvm security update Message-ID: <201505271255.t4RCtoMC014680@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2015:1031-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1031.html Issue date: 2015-05-27 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: qemu-kvm-0.12.1.2-2.415.el6_5.15.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: qemu-kvm-0.12.1.2-2.415.el6_5.15.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6_5.15.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVZb7HXlSAg2UNWIIRAse7AJ9ddnWco1rUrMYVwUex3DGOBMuK5gCdES2Z NtLD3OLQ5kietKEpqy5SUHM= =Uufz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 28 11:47:57 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 May 2015 11:47:57 +0000 Subject: [RHSA-2015:1035-01] Low: Red Hat Enterprise Linux 6.5 Extended Update Support 6-Month Notice Message-ID: <201505281147.t4SBlwMq016029@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.5 Extended Update Support 6-Month Notice Advisory ID: RHSA-2015:1035-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1035.html Issue date: 2015-05-28 ===================================================================== 1. Summary: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 6.5 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.5. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.5 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: redhat-release-computenode-6ComputeNode-6.5.0.3.el6_5.src.rpm x86_64: redhat-release-computenode-6ComputeNode-6.5.0.3.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: redhat-release-server-6Server-6.5.0.3.el6_5.src.rpm i386: redhat-release-server-6Server-6.5.0.3.el6_5.i686.rpm ppc64: redhat-release-server-6Server-6.5.0.3.el6_5.ppc64.rpm s390x: redhat-release-server-6Server-6.5.0.3.el6_5.s390x.rpm x86_64: redhat-release-server-6Server-6.5.0.3.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/articles/64664 https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVZwBCXlSAg2UNWIIRAmOTAJoCqkocrbkAE8EyAkpUeQuy3RnvUgCfcvg8 /7rpBnRMSBzQPs3hcIpTndU= =iFqM -----END PGP SIGNATURE-----