From bugzilla at redhat.com Thu Oct 1 13:30:25 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Oct 2015 13:30:25 +0000 Subject: [RHSA-2015:1853-01] Low: Red Hat Enterprise Developer Toolset Version 2 Retirement Notice Message-ID: <201510011330.t91DUPsW010556@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Developer Toolset Version 2 Retirement Notice Advisory ID: RHSA-2015:1853-01 Product: Red Hat Developer Toolset Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1853.html Issue date: 2015-10-01 ===================================================================== 1. Summary: This is the final notification for the retirement of Red Hat Developer Toolset Version 2. This notification applies only to those customers subscribed to the channel for Red Hat Developer Toolset Version 2. 2. Description: In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering was retired on September 30, 2015, and support is no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 2 after September 30, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 2 after this date. We encourage customers using Red Hat Enterprise Linux 6 to plan their migration from Red Hat Enterprise Developer Toolset Version 2 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product. Details of the Red Hat Enterprise Developer Toolset life cycle can be found here: https://access.redhat.com/support/policy/updates/dts/ 3. Solution: Red Hat Enterprise Developer Toolset Version 2 was retired on September 30, 2015. Customers using Red Hat Enterprise 6 are encouraged to migrate to a newer release of Red Hat Enterprise Developer Toolset, and can find additional details on the Red Hat Enterprise Developer Toolset life cycle page at https://access.redhat.com/support/policy/updates/dts/ Customers using Red Hat Enterprise Developer Toolset Version 2 with Red Hat Enterprise Linux 5 are encouraged to move to Red Hat Enterprise Linux 7 for all new development in order to take advantage of newer versions of the Red Hat Enterprise Developer Toolset. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/dts/ 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFWDTVQXlSAg2UNWIIRAhk7AJjIJUfnew2uX2MA9EQKsn09+EBLAJ0Tr8sg ZsJXllYsvfaB46qIhXb5qQ== =WTyi -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 1 14:13:22 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Oct 2015 14:13:22 +0000 Subject: [RHSA-2015:1852-01] Important: thunderbird security update Message-ID: <201510011359.t91DxWum018152@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2015:1852-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1852.html Issue date: 2015-10-01 CVE Names: CVE-2015-4500 CVE-2015-4509 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4500, CVE-2015-4509, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.3.0 You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.3.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1265186 - CVE-2015-4500 Mozilla: Miscellaneous memory safety hazards (MFSA 2015-96) 1265192 - CVE-2015-4509 Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106) 1265778 - CVE-2015-4519 Mozilla: Dragging and dropping images exposes final URL after redirects (MFSA 2015-110) 1265781 - CVE-2015-4520 Mozilla: Errors in the handling of CORS preflight request headers (MFSA 2015-111) 1265784 - CVE-2015-4517 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-38.3.0-1.el5_11.src.rpm i386: thunderbird-38.3.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.3.0-1.el5_11.i386.rpm x86_64: thunderbird-38.3.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el5_11.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: thunderbird-38.3.0-1.el5_11.src.rpm i386: thunderbird-38.3.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.3.0-1.el5_11.i386.rpm x86_64: thunderbird-38.3.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-38.3.0-1.el6_7.src.rpm i386: thunderbird-38.3.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.3.0-1.el6_7.i686.rpm x86_64: thunderbird-38.3.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-38.3.0-1.el6_7.src.rpm i386: thunderbird-38.3.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.3.0-1.el6_7.i686.rpm ppc64: thunderbird-38.3.0-1.el6_7.ppc64.rpm thunderbird-debuginfo-38.3.0-1.el6_7.ppc64.rpm s390x: thunderbird-38.3.0-1.el6_7.s390x.rpm thunderbird-debuginfo-38.3.0-1.el6_7.s390x.rpm x86_64: thunderbird-38.3.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-38.3.0-1.el6_7.src.rpm i386: thunderbird-38.3.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.3.0-1.el6_7.i686.rpm x86_64: thunderbird-38.3.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-38.3.0-1.el7_1.src.rpm x86_64: thunderbird-38.3.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-38.3.0-1.el7_1.src.rpm x86_64: thunderbird-38.3.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-38.3.0-1.ael7b_1.src.rpm ppc64le: thunderbird-38.3.0-1.ael7b_1.ppc64le.rpm thunderbird-debuginfo-38.3.0-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-38.3.0-1.el7_1.src.rpm x86_64: thunderbird-38.3.0-1.el7_1.x86_64.rpm thunderbird-debuginfo-38.3.0-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4500 https://access.redhat.com/security/cve/CVE-2015-4509 https://access.redhat.com/security/cve/CVE-2015-4517 https://access.redhat.com/security/cve/CVE-2015-4519 https://access.redhat.com/security/cve/CVE-2015-4520 https://access.redhat.com/security/cve/CVE-2015-4521 https://access.redhat.com/security/cve/CVE-2015-4522 https://access.redhat.com/security/cve/CVE-2015-7174 https://access.redhat.com/security/cve/CVE-2015-7175 https://access.redhat.com/security/cve/CVE-2015-7176 https://access.redhat.com/security/cve/CVE-2015-7177 https://access.redhat.com/security/cve/CVE-2015-7180 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWDTw/XlSAg2UNWIIRAj4zAJ9Ylb4Cg+IdYHqYz2nMh5HptLuGWACeLb0P T4IwWElpn8ZI5Yo7fakAdQI= =4Nh8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 2 04:36:01 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Oct 2015 04:36:01 +0000 Subject: [RHSA-2015:1855-01] Low: mod_proxy_fcgi security update Message-ID: <201510020436.t924a2od029525@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: mod_proxy_fcgi security update Advisory ID: RHSA-2015:1855-01 Product: Red Hat Common Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1855.html Issue date: 2015-10-01 CVE Names: CVE-2014-3583 ===================================================================== 1. Summary: An updated mod_proxy_fcgi package that fixes one security issue is now available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Common for RHEL Server (v. 6) - x86_64 3. Description: Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash. (CVE-2014-3583) All mod_proxy_fcgi users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1163555 - CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read 6. Package List: Red Hat Common for RHEL Server (v. 6): Source: mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.src.rpm x86_64: mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm mod_proxy_fcgi-debuginfo-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3583 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWDgmPXlSAg2UNWIIRAo15AJ9i2i3cFyf59EtZIJhVJ+vk0aDm5wCfYTw0 WBT4KUFIDobjhXHZOE96+zE= =JjAk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 8 19:58:51 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Oct 2015 19:58:51 +0000 Subject: [RHSA-2015:1862-01] Moderate: Red Hat Enterprise Linux OpenStack Platform 7 director update Message-ID: <201510081958.t98Jwque013997@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise Linux OpenStack Platform 7 director update Advisory ID: RHSA-2015:1862-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1862 Issue date: 2015-10-08 CVE Names: CVE-2015-5271 ===================================================================== 1. Summary: Updated packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Openstack 7.0 director for RHEL 7 - noarch 3. Description: Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat Enterprise Linux OpenStack Platform. A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package (OpenStack director). The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data. (CVE-2015-5271) This issue was discovered by Christian Schwede and Emilien Macchi of Red Hat. This update also fixes numerous bugs and adds various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux OpenStack Platform 7 Release Notes, linked to in the References section, for information on the most significant of these changes. All Red Hat Enterprise Linux OpenStack Platform 7.0 director users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1223022 - Ceilometer API port not allowed in firewall rules on undercloud 1226376 - Neutron API port not allowed in firewall rules on undercloud 1228862 - Can `openstack undercloud install` have a --force-clean option so an error doesn't require restarting? 1231777 - Its possible to scale up beyond the number of free nodes 1233949 - overcloud horizon apache config doesn't appear to use a network vip 1235320 - Unhelpful failure when incorrect parameters are given 1235325 - "openstack baremetal configure boot" should skip nodes that have maintenance=true 1236136 - All overcloud keystone endpoints get configured with the public IP when using network isolation 1236663 - No output for upload images command 1236707 - undercloud.conf.sample incorrectly states that heat db encryption key can be 8,16, or 32 chars 1237020 - undercloud GUI- Image field is mandatory when setting VM for deploy overcloud 1240260 - introspection timed out for 2 VM nodes 1241199 - openstack baremetal configure boot is not safe to run a second time 1241668 - 'openstack help overcloud deploy' : doesn't cover comments/explanation for all deployment --arguments 1243015 - Overcloud stack name hard-coded 1243032 - Hard-coded reference to instackenv.json 1243062 - On deployment failure, no reason is returned 1243121 - Neutron port quota fails larger overcloud deployments 1243472 - don't save UpdateIdentifier in tuskar when running package update 1243601 - Overcloud deploys default to qemu instead of kvm 1243829 - overcloud image upload creates duplicate images 1244001 - bulk introspection with active nodes fails 1244026 - [RFE] Overcloud nodes deployed by OSP-Director are using DHCP; can they be statically assigned instead? 1244032 - [RFE] Can OSP-Director deploy an HA overcloud which uses a hardware load balancer? 1244856 - openstack overcloud update stack overcloud requires an undocumented argument 1244864 - VXLAN should be default neutron network type 1245212 - rhel-osp-director: Running "ahc-match" on a setup with enabled SSL yields error: ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://[IP]:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL 1245714 - set mem overcommit to 1:1 1246596 - Add support for network validation tests 1247015 - openstack undercloud install doesn't create rabbit user if you set custom passwords in undercloud.conf 1247722 - messages report Introspection for one of the nodes 'has timed out' while the command returns ' Discovery completed.' 1248172 - inspection: clean failed with pxe_ilo 1249640 - Installers need to configure tempest with deployment-specific values and export a partial tempest.conf 1250249 - After deploying, system load charts shown on the overview page are incorrect 1250250 - When deploying from UI we miss to add params based on scale logic 1251566 - Undercloud mariadb max_connection default is too low 1252054 - Default deployment through GUI doesn't create cinder v2 service and endpoint 1252219 - ovs bond on controller is not seeing dhcp packet 1252437 - [Discovery] Gathers wrong information about disks available 1252509 - rhel-osp-director: Fail to "openstack overcloud update stack": "ERROR: openstack unexpected end of regular expression" 1252553 - rhel-osp-director: UI: Limited selection for public interface under service configuration. 1253465 - [RFE] Allow for customization of the Ceph pools name and client username 1253628 - external ceph patches break tuskar based deploys 1253777 - HA overcloud deployment argument for NTP server should not be optional 1254897 - Not configuring neutron mechanism drivers in any puppet based deploys 1255910 - overcloud node delete of one compute node removed all of them 1255931 - rhel-osp-director: rhel-osp-director: unable to delete a heat stack deployed with "--rhel-reg --reg-method portal --reg-org --reg-activation-key ''", following a failed attempt to update it with "openstack overcloud update stack --templates 1256477 - ironic ipmitool intermittently timing out causing API requests to process slowly 1257414 - [HA] critical resource constraints missing from pacemaker config make things go kaboom 1257642 - yum hanged infinitely on nova-compute cleanup when do an update 1259393 - [RFE] Add support to register and deploy nodes with fake_pxe 1259905 - Integrate yum updates of overcloud with Puppet 1260736 - missing module python-ironic-inspector-client 1260991 - Running the same deploy command twice results with :"Deployment failed: Not enough nodes - available: 2, requested: 5" 1261045 - Big Switch ML2 networking plugin configuration 1261048 - controllerExtraConfig support 1261067 - Keystone notifications support 1261697 - CVE-2015-5271 openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware 1261921 - updating overcloud stack packages doesn't stop cluster and will cause it to be down 1262059 - Include the bigswitch networking packages in the image by default 1262454 - os-cloud-config: with fake_pxe pm_type in instackenv.json and thus no pm_addr entry, "openstack baremetal import --json instackenv.json" exits with: ERROR: openstack 'pm_addr' 1262995 - osp-d deployment fails on network validation scripts when network-isolation is not enabled. 1265010 - Heat environment is overwritten on overcloud updates 1265777 - No DNS servers set on the overcloud nodes 1266082 - RHEL unregistration doesn't work when scaling down 1266253 - [Director] increase mariadb max_connection default value 1266327 - yum_update.sh fails due to incomplete --excludes list 1266911 - CLI should not force --neutron-tunnel-types if --neutron-disable-tunneling is specified 1267883 - Unable to control the file_descriptors limit for rabbitmq-server via the director. 6. Package List: Openstack 7.0 director for RHEL 7: Source: ahc-tools-0.1.1-6.el7ost.src.rpm instack-undercloud-2.1.2-29.el7ost.src.rpm openstack-ironic-discoverd-1.1.0-6.el7ost.src.rpm openstack-tripleo-common-0.0.1.dev6-3.git49b57eb.el7ost.src.rpm openstack-tripleo-heat-templates-0.8.6-71.el7ost.src.rpm openstack-tripleo-image-elements-0.9.6-10.el7ost.src.rpm openstack-tripleo-puppet-elements-0.0.1-5.el7ost.src.rpm openstack-tuskar-0.4.18-4.el7ost.src.rpm openstack-tuskar-ui-0.4.0-3.el7ost.src.rpm os-cloud-config-0.2.8-7.el7ost.src.rpm os-net-config-0.1.4-4.el7ost.src.rpm python-hardware-0.14-7.el7ost.src.rpm python-proliantutils-2.1.0-4.el7ost.src.rpm python-rdomanager-oscplugin-0.0.10-8.el7ost.src.rpm noarch: ahc-tools-0.1.1-6.el7ost.noarch.rpm instack-undercloud-2.1.2-29.el7ost.noarch.rpm openstack-ironic-discoverd-1.1.0-6.el7ost.noarch.rpm openstack-ironic-discoverd-ramdisk-1.1.0-6.el7ost.noarch.rpm openstack-tripleo-common-0.0.1.dev6-3.git49b57eb.el7ost.noarch.rpm openstack-tripleo-heat-templates-0.8.6-71.el7ost.noarch.rpm openstack-tripleo-image-elements-0.9.6-10.el7ost.noarch.rpm openstack-tripleo-puppet-elements-0.0.1-5.el7ost.noarch.rpm openstack-tuskar-0.4.18-4.el7ost.noarch.rpm openstack-tuskar-ui-0.4.0-3.el7ost.noarch.rpm os-cloud-config-0.2.8-7.el7ost.noarch.rpm os-net-config-0.1.4-4.el7ost.noarch.rpm python-hardware-0.14-7.el7ost.noarch.rpm python-hardware-doc-0.14-7.el7ost.noarch.rpm python-ironic-discoverd-1.1.0-6.el7ost.noarch.rpm python-proliantutils-2.1.0-4.el7ost.noarch.rpm python-rdomanager-oscplugin-0.0.10-8.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5271 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/release-notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWFsrHXlSAg2UNWIIRAtL2AKCk53FbRIBVvzO+Et6D8mDqXBAt0gCeOa8f VQYax8tsROCKDKloTgxlz2k= =otBI -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 8 19:59:46 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Oct 2015 19:59:46 +0000 Subject: [RHSA-2015:1876-01] Moderate: python-django security update Message-ID: <201510081959.t98JxlUg014308@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2015:1876-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1876 Issue date: 2015-10-08 CVE Names: CVE-2015-5963 ===================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions. (CVE-2015-5963) Red Hat would like to thank the upstream Django project for reporting this issue. All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1252890 - CVE-2015-5963 python-django: Denial-of-service possibility in logout() view by filling session store 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: python-django-1.8.4-1.el7.src.rpm noarch: python-django-1.8.4-1.el7.noarch.rpm python-django-bash-completion-1.8.4-1.el7.noarch.rpm python-django-doc-1.8.4-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5963 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWFssTXlSAg2UNWIIRArctAKC7a6TagsWCR8AWD8ofEZV0Kl1vZACfTnv5 H6hlAtF2KinCZfsPFn5IMU4= =n38G -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 12 20:22:41 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 12 Oct 2015 16:22:41 -0400 Subject: [RHSA-2015:1889-01] Important: spice-server security update Message-ID: <201510122022.t9CKMfgx016646@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: spice-server security update Advisory ID: RHSA-2015:1889-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1889.html Issue date: 2015-10-12 CVE Names: CVE-2015-5260 CVE-2015-5261 ===================================================================== 1. Summary: An updated spice-server package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. (CVE-2015-5261) A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-5260) These issues were discovered by Frediano Ziglio of Red Hat. All spice-server users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1260822 - CVE-2015-5260 spice: insufficient validation of surface_id parameter can cause crash 1261889 - CVE-2015-5261 spice: host memory access from guest using crafted images 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: spice-server-0.12.4-12.el6_7.3.src.rpm x86_64: spice-server-0.12.4-12.el6_7.3.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: spice-server-0.12.4-12.el6_7.3.src.rpm x86_64: spice-server-0.12.4-12.el6_7.3.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: spice-server-0.12.4-12.el6_7.3.src.rpm x86_64: spice-server-0.12.4-12.el6_7.3.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: spice-server-0.12.4-12.el6_7.3.src.rpm x86_64: spice-server-0.12.4-12.el6_7.3.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.3.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5260 https://access.redhat.com/security/cve/CVE-2015-5261 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWHBaPXlSAg2UNWIIRAj+AAKChZ7ghVhc7LwMvjvIT+NZnGIUeqwCfTvU1 623jp24xSEcB6dE4P2J2Dlo= =IWel -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 12 20:22:57 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 12 Oct 2015 16:22:57 -0400 Subject: [RHSA-2015:1890-01] Important: spice security update Message-ID: <201510122022.t9CKMvdN015627@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: spice security update Advisory ID: RHSA-2015:1890-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1890.html Issue date: 2015-10-12 CVE Names: CVE-2015-5260 CVE-2015-5261 ===================================================================== 1. Summary: Updated spice packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. (CVE-2015-5261) A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-5260) These issues were discovered by Frediano Ziglio of Red Hat. All spice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1260822 - CVE-2015-5260 spice: insufficient validation of surface_id parameter can cause crash 1261889 - CVE-2015-5261 spice: host memory access from guest using crafted images 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: spice-0.12.4-9.el7_1.3.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.3.x86_64.rpm spice-server-0.12.4-9.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: spice-debuginfo-0.12.4-9.el7_1.3.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: spice-0.12.4-9.el7_1.3.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.3.x86_64.rpm spice-server-0.12.4-9.el7_1.3.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: spice-0.12.4-9.el7_1.3.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.3.x86_64.rpm spice-server-0.12.4-9.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: spice-debuginfo-0.12.4-9.el7_1.3.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: spice-0.12.4-9.el7_1.3.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.3.x86_64.rpm spice-server-0.12.4-9.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: spice-debuginfo-0.12.4-9.el7_1.3.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5260 https://access.redhat.com/security/cve/CVE-2015-5261 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWHBafXlSAg2UNWIIRAvW0AKC5M0rqrvt5VQGsCYoyA1ZdrVPY3gCeKtgp gYjyAA6UmIXuOuWjDwaMlto= =vcFA -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 11:55:57 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 11:55:57 +0000 Subject: [RHSA-2015:1893-01] Critical: flash-plugin security update Message-ID: <201510151155.t9FBtveg008641@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1893-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1893.html Issue date: 2015-10-15 CVE Names: CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-25 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.535. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271383 - flash-plugin: multiple code execution issues fixed in APSB15-25 1271388 - flash-plugin: information leak and hardening fixes in APSB15-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.535-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.535-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.535-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.535-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.535-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.535-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5569 https://access.redhat.com/security/cve/CVE-2015-7625 https://access.redhat.com/security/cve/CVE-2015-7626 https://access.redhat.com/security/cve/CVE-2015-7627 https://access.redhat.com/security/cve/CVE-2015-7628 https://access.redhat.com/security/cve/CVE-2015-7629 https://access.redhat.com/security/cve/CVE-2015-7630 https://access.redhat.com/security/cve/CVE-2015-7631 https://access.redhat.com/security/cve/CVE-2015-7632 https://access.redhat.com/security/cve/CVE-2015-7633 https://access.redhat.com/security/cve/CVE-2015-7634 https://access.redhat.com/security/cve/CVE-2015-7643 https://access.redhat.com/security/cve/CVE-2015-7644 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-25.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWH5NuXlSAg2UNWIIRAvqkAJ9lON9Rky8IogN+LkeEn3KgxxlWIACfeHmR muWHgTd958nNy5EHHzsSy4I= =T7iE -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 20:44:53 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 20:44:53 +0000 Subject: [RHSA-2015:1898-01] Moderate: openstack-nova security update Message-ID: <201510152044.t9FKirLH028545@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-nova security update Advisory ID: RHSA-2015:1898-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1898.html Issue date: 2015-10-15 CVE Names: CVE-2015-3241 CVE-2015-3280 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue and several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A denial of service flaw was found in the OpenStack Compute instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance. (CVE-2015-3241) A flaw was found in the way OpenStack Compute handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service. (CVE-2015-3280) Note: CVE-2015-3241 was already addressed in Red Hat Enterprise Linux OpenStack Platform 7.0 in a previous release. Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges George Shuklin of Webzilla LTD as the original reporter of CVE-2015-3241, and George Shuklin from Webzilla LTD and Tushar Patil from NTT DATA, Inc. as the original reporters of CVE-2015-3280. All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232782 - CVE-2015-3241 openstack-nova: Nova instance migration process does not stop when instance is deleted 1257942 - CVE-2015-3280 openstack-nova: Deleting instances in resize state fails 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-nova-2014.1.5-3.el6ost.src.rpm noarch: openstack-nova-2014.1.5-3.el6ost.noarch.rpm openstack-nova-api-2014.1.5-3.el6ost.noarch.rpm openstack-nova-cells-2014.1.5-3.el6ost.noarch.rpm openstack-nova-cert-2014.1.5-3.el6ost.noarch.rpm openstack-nova-common-2014.1.5-3.el6ost.noarch.rpm openstack-nova-compute-2014.1.5-3.el6ost.noarch.rpm openstack-nova-conductor-2014.1.5-3.el6ost.noarch.rpm openstack-nova-console-2014.1.5-3.el6ost.noarch.rpm openstack-nova-doc-2014.1.5-3.el6ost.noarch.rpm openstack-nova-network-2014.1.5-3.el6ost.noarch.rpm openstack-nova-novncproxy-2014.1.5-3.el6ost.noarch.rpm openstack-nova-objectstore-2014.1.5-3.el6ost.noarch.rpm openstack-nova-scheduler-2014.1.5-3.el6ost.noarch.rpm openstack-nova-serialproxy-2014.1.5-3.el6ost.noarch.rpm python-nova-2014.1.5-3.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-nova-2014.1.5-5.el7ost.src.rpm noarch: openstack-nova-2014.1.5-5.el7ost.noarch.rpm openstack-nova-api-2014.1.5-5.el7ost.noarch.rpm openstack-nova-cells-2014.1.5-5.el7ost.noarch.rpm openstack-nova-cert-2014.1.5-5.el7ost.noarch.rpm openstack-nova-common-2014.1.5-5.el7ost.noarch.rpm openstack-nova-compute-2014.1.5-5.el7ost.noarch.rpm openstack-nova-conductor-2014.1.5-5.el7ost.noarch.rpm openstack-nova-console-2014.1.5-5.el7ost.noarch.rpm openstack-nova-doc-2014.1.5-5.el7ost.noarch.rpm openstack-nova-network-2014.1.5-5.el7ost.noarch.rpm openstack-nova-novncproxy-2014.1.5-5.el7ost.noarch.rpm openstack-nova-objectstore-2014.1.5-5.el7ost.noarch.rpm openstack-nova-scheduler-2014.1.5-5.el7ost.noarch.rpm openstack-nova-serialproxy-2014.1.5-5.el7ost.noarch.rpm python-nova-2014.1.5-5.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-nova-2014.2.3-31.el7ost.src.rpm noarch: openstack-nova-2014.2.3-31.el7ost.noarch.rpm openstack-nova-api-2014.2.3-31.el7ost.noarch.rpm openstack-nova-cells-2014.2.3-31.el7ost.noarch.rpm openstack-nova-cert-2014.2.3-31.el7ost.noarch.rpm openstack-nova-common-2014.2.3-31.el7ost.noarch.rpm openstack-nova-compute-2014.2.3-31.el7ost.noarch.rpm openstack-nova-conductor-2014.2.3-31.el7ost.noarch.rpm openstack-nova-console-2014.2.3-31.el7ost.noarch.rpm openstack-nova-doc-2014.2.3-31.el7ost.noarch.rpm openstack-nova-network-2014.2.3-31.el7ost.noarch.rpm openstack-nova-novncproxy-2014.2.3-31.el7ost.noarch.rpm openstack-nova-objectstore-2014.2.3-31.el7ost.noarch.rpm openstack-nova-scheduler-2014.2.3-31.el7ost.noarch.rpm openstack-nova-serialproxy-2014.2.3-31.el7ost.noarch.rpm python-nova-2014.2.3-31.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-nova-2015.1.1-3.el7ost.src.rpm noarch: openstack-nova-2015.1.1-3.el7ost.noarch.rpm openstack-nova-api-2015.1.1-3.el7ost.noarch.rpm openstack-nova-cells-2015.1.1-3.el7ost.noarch.rpm openstack-nova-cert-2015.1.1-3.el7ost.noarch.rpm openstack-nova-common-2015.1.1-3.el7ost.noarch.rpm openstack-nova-compute-2015.1.1-3.el7ost.noarch.rpm openstack-nova-conductor-2015.1.1-3.el7ost.noarch.rpm openstack-nova-console-2015.1.1-3.el7ost.noarch.rpm openstack-nova-doc-2015.1.1-3.el7ost.noarch.rpm openstack-nova-network-2015.1.1-3.el7ost.noarch.rpm openstack-nova-novncproxy-2015.1.1-3.el7ost.noarch.rpm openstack-nova-objectstore-2015.1.1-3.el7ost.noarch.rpm openstack-nova-scheduler-2015.1.1-3.el7ost.noarch.rpm openstack-nova-serialproxy-2015.1.1-3.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-2015.1.1-3.el7ost.noarch.rpm python-nova-2015.1.1-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3241 https://access.redhat.com/security/cve/CVE-2015-3280 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBAbXlSAg2UNWIIRArnTAKC8+D1hpk9euQin4QTSq8kGhJk+uQCfdHp5 t4KTqagZwKCBjivlRQgyZmI= =GvHu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 20:45:59 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 20:45:59 +0000 Subject: [RHSA-2015:1897-01] Moderate: openstack-glance security update Message-ID: <201510152046.t9FKjxYD013062@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-glance security update Advisory ID: RHSA-2015:1897-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1897.html Issue date: 2015-10-15 CVE Names: CVE-2015-5251 CVE-2015-5286 ===================================================================== 1. Summary: Updated openstack-glance packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents. (CVE-2015-5251) A race-condition flaw was discovered in the OpenStack Image service. When images in the upload state were deleted using a token close to expiration, untracked image data could accumulate in the back end. Because untracked data does not count towards the storage quota, an attacker could use this flaw to cause a denial of service through resource exhaustion. (CVE-2015-5286) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Hemanth Makkapati of Rackspace as the original reporter of CVE-2015-5251, and Mike Fedosin and Alexei Galkin of Mirantis as the original reporters of CVE-2015-5286. All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, running Image service services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1263511 - CVE-2015-5251 openstack-glance allows illegal modification of image status 1267516 - CVE-2015-5286 openstack-glance: Storage overrun by deleting images 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-glance-2014.1.5-3.el6ost.src.rpm noarch: openstack-glance-2014.1.5-3.el6ost.noarch.rpm openstack-glance-doc-2014.1.5-3.el6ost.noarch.rpm python-glance-2014.1.5-3.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-glance-2014.1.5-3.el7ost.src.rpm noarch: openstack-glance-2014.1.5-3.el7ost.noarch.rpm openstack-glance-doc-2014.1.5-3.el7ost.noarch.rpm python-glance-2014.1.5-3.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-glance-2014.2.3-3.el7ost.src.rpm noarch: openstack-glance-2014.2.3-3.el7ost.noarch.rpm openstack-glance-doc-2014.2.3-3.el7ost.noarch.rpm python-glance-2014.2.3-3.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-glance-2015.1.1-3.el7ost.src.rpm noarch: openstack-glance-2015.1.1-3.el7ost.noarch.rpm openstack-glance-doc-2015.1.1-3.el7ost.noarch.rpm python-glance-2015.1.1-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5251 https://access.redhat.com/security/cve/CVE-2015-5286 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBBwXlSAg2UNWIIRAq9IAJ4qQhPpihluro4bBRVrm0uAGRZWNACgwyXB zLtlHqKmvfkA7W9D0S07n74= =qTyR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 20:47:45 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 20:47:45 +0000 Subject: [RHSA-2015:1896-01] Important: qemu-kvm-rhev security update Message-ID: <201510152047.t9FKlj71030531@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2015:1896-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1896.html Issue date: 2015-10-15 CVE Names: CVE-2015-5279 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down and restart all running virtual machines for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5279 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBCsXlSAg2UNWIIRAl22AJ9+ozlfz6Pb2SQ8X86j1vEPUe9IrACgrxG5 9c9hC6dYLJNxTLpJjATcXuc= =9/9V -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 20:48:32 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 20:48:32 +0000 Subject: [RHSA-2015:1895-01] Moderate: openstack-swift security update Message-ID: <201510152048.t9FKmW7X014352@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2015:1895-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1895.html Issue date: 2015-10-15 CVE Names: CVE-2015-5223 ===================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to deployment in multiple data centers. A flaw was found in the OpenStack Object storage service (swift) tempurls. An attacker in possession of a tempurl key with PUT permissions may be able to gain read access to other objects in the same project. (CVE-2015-5223) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Richard Hawkins of Rackspace, and the OpenStack Swift core reviewers as the original reporters. All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1255622 - CVE-2015-5223 openstack-swift: Information leak via Swift tempurls 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-swift-1.13.1-7.el6ost.src.rpm noarch: openstack-swift-1.13.1-7.el6ost.noarch.rpm openstack-swift-account-1.13.1-7.el6ost.noarch.rpm openstack-swift-container-1.13.1-7.el6ost.noarch.rpm openstack-swift-doc-1.13.1-7.el6ost.noarch.rpm openstack-swift-object-1.13.1-7.el6ost.noarch.rpm openstack-swift-proxy-1.13.1-7.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-swift-1.13.1-7.el7ost.src.rpm noarch: openstack-swift-1.13.1-7.el7ost.noarch.rpm openstack-swift-account-1.13.1-7.el7ost.noarch.rpm openstack-swift-container-1.13.1-7.el7ost.noarch.rpm openstack-swift-doc-1.13.1-7.el7ost.noarch.rpm openstack-swift-object-1.13.1-7.el7ost.noarch.rpm openstack-swift-proxy-1.13.1-7.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-swift-2.2.0-5.el7ost.src.rpm noarch: openstack-swift-2.2.0-5.el7ost.noarch.rpm openstack-swift-account-2.2.0-5.el7ost.noarch.rpm openstack-swift-container-2.2.0-5.el7ost.noarch.rpm openstack-swift-doc-2.2.0-5.el7ost.noarch.rpm openstack-swift-object-2.2.0-5.el7ost.noarch.rpm openstack-swift-proxy-2.2.0-5.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-swift-2.3.0-2.el7ost.src.rpm noarch: openstack-swift-2.3.0-2.el7ost.noarch.rpm openstack-swift-account-2.3.0-2.el7ost.noarch.rpm openstack-swift-container-2.3.0-2.el7ost.noarch.rpm openstack-swift-doc-2.3.0-2.el7ost.noarch.rpm openstack-swift-object-2.3.0-2.el7ost.noarch.rpm openstack-swift-proxy-2.3.0-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5223 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBEYXlSAg2UNWIIRAt4TAKCu+wyoa7hH69PYJ3t7pvoTjH32WgCeOgXq duNcJH7cjNqdCsipqt897SQ= =qfKo -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 20:49:36 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 20:49:36 +0000 Subject: [RHSA-2015:1894-01] Moderate: python-django security update Message-ID: <201510152049.t9FKnbvK005475@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2015:1894-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1894.html Issue date: 2015-10-15 CVE Names: CVE-2015-5963 CVE-2015-5964 ===================================================================== 1. Summary: Updated python-django packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions. (CVE-2015-5963) It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions. (CVE-2015-5964) Red Hat would like to thank the upstream Django project for reporting these issues. Upstream acknowledges Lin Hua Cheng as the original reporter of CVE-2015-5964. All python-django users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1252890 - CVE-2015-5963 python-django: Denial-of-service possibility in logout() view by filling session store 1252891 - CVE-2015-5964 python-django: Denial-of-service possibility in logout() view by filling session store 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: python-django-1.6.11-3.el7ost.src.rpm noarch: python-django-1.6.11-3.el7ost.noarch.rpm python-django-bash-completion-1.6.11-3.el7ost.noarch.rpm python-django-doc-1.6.11-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5963 https://access.redhat.com/security/cve/CVE-2015-5964 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBFLXlSAg2UNWIIRAuxbAJ9bndm9i2cnaQ7RIZi8bMiXFqUVSACfddFT 52E7+GfVjfyB56D4HyvOnNc= =+U2k -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 20:51:50 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 20:51:50 +0000 Subject: [RHSA-2015:1909-01] Moderate: openstack-neutron security and bug fix update Message-ID: <201510152051.t9FKpouH016249@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security and bug fix update Advisory ID: RHSA-2015:1909-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1909.html Issue date: 2015-10-15 CVE Names: CVE-2015-5240 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking. An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected. (CVE-2015-5240) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Kevin Benton from Mirantis as the original reporter. All openstack-neutron users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. This update is available through the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1258458 - CVE-2015-5240 openstack-neutron: Firewall rules bypass through port update 1266977 - ipset - Hash is full, cannot add more elements 1269201 - Backport request: Improve DVR scale performance 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-neutron-2014.1.5-4.el6ost.src.rpm noarch: openstack-neutron-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-bigswitch-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-brocade-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-cisco-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-embrane-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-hyperv-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-ibm-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-linuxbridge-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-mellanox-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-metaplugin-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-metering-agent-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-midonet-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-ml2-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-nec-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-nuage-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-ofagent-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-openvswitch-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-plumgrid-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-ryu-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-vmware-2014.1.5-4.el6ost.noarch.rpm openstack-neutron-vpn-agent-2014.1.5-4.el6ost.noarch.rpm python-neutron-2014.1.5-4.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-neutron-2014.1.5-4.el7ost.src.rpm noarch: openstack-neutron-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-bigswitch-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-brocade-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-cisco-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-embrane-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-hyperv-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-ibm-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-linuxbridge-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-mellanox-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-metaplugin-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-metering-agent-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-midonet-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-ml2-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-nec-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-nuage-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-ofagent-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-openvswitch-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-plumgrid-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-ryu-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-vmware-2014.1.5-4.el7ost.noarch.rpm openstack-neutron-vpn-agent-2014.1.5-4.el7ost.noarch.rpm python-neutron-2014.1.5-4.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-neutron-2014.2.3-19.el7ost.src.rpm noarch: openstack-neutron-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-bigswitch-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-brocade-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-cisco-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-common-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-embrane-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-hyperv-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-ibm-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-linuxbridge-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-mellanox-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-metaplugin-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-metering-agent-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-midonet-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-ml2-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-nec-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-nuage-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-ofagent-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-opencontrail-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-openvswitch-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-plumgrid-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-ryu-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-vmware-2014.2.3-19.el7ost.noarch.rpm openstack-neutron-vpn-agent-2014.2.3-19.el7ost.noarch.rpm python-neutron-2014.2.3-19.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-neutron-2015.1.1-7.el7ost.src.rpm noarch: openstack-neutron-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-bigswitch-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-brocade-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-cisco-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-common-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-embrane-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-ibm-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-linuxbridge-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-mellanox-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-metaplugin-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-metering-agent-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-midonet-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-ml2-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-nec-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-nuage-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-ofagent-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-opencontrail-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-openvswitch-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-ovsvapp-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-plumgrid-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-2015.1.1-7.el7ost.noarch.rpm openstack-neutron-vmware-2015.1.1-7.el7ost.noarch.rpm python-neutron-2015.1.1-7.el7ost.noarch.rpm python-neutron-tests-2015.1.1-7.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5240 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBHOXlSAg2UNWIIRAgSoAJ9PQaGRRhm2NsRut+abLzeYqMHB6wCggeWZ YW+OFoKCn08taeLkwCHllWU= =vRjW -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 21:23:22 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2015 21:23:22 +0000 Subject: [RHSA-2015:1912-01] Important: chromium-browser security update Message-ID: <201510152123.t9FLNNPu017387@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2015:1912-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1912.html Issue date: 2015-10-15 CVE Names: CVE-2015-6755 CVE-2015-6756 CVE-2015-6757 CVE-2015-6758 CVE-2015-6759 CVE-2015-6760 CVE-2015-6761 CVE-2015-6762 CVE-2015-6763 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2015-6755, CVE-2015-6756, CVE-2015-6757, CVE-2015-6758, CVE-2015-6759, CVE-2015-6760, CVE-2015-6761, CVE-2015-6762, CVE-2015-6763) All Chromium users should upgrade to these updated packages, which contain Chromium version 46.0.2490.71, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271480 - CVE-2015-6755 chromium-browser: cross-origin bypass in Blink 1271483 - CVE-2015-6756 chromium-browser: use-after-free in PDFium 1271553 - CVE-2015-6757 chromium-browser: Use-after-free in ServiceWorker 1271554 - CVE-2015-6758 chromium-browser: Bad-cast in PDFium 1271555 - CVE-2015-6759 chromium-browser: Information leakage in LocalStorage 1271556 - CVE-2015-6760 chromium-browser: Improper error handling in libANGLE 1271557 - CVE-2015-6761 chromium-browser: Memory corruption in FFMpeg 1271558 - CVE-2015-6762 chromium-browser: CORS bypass in CSS fonts 1271559 - CVE-2015-6763 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-46.0.2490.71-1.el6.i686.rpm chromium-browser-debuginfo-46.0.2490.71-1.el6.i686.rpm x86_64: chromium-browser-46.0.2490.71-1.el6.x86_64.rpm chromium-browser-debuginfo-46.0.2490.71-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-46.0.2490.71-1.el6.i686.rpm chromium-browser-debuginfo-46.0.2490.71-1.el6.i686.rpm x86_64: chromium-browser-46.0.2490.71-1.el6.x86_64.rpm chromium-browser-debuginfo-46.0.2490.71-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-46.0.2490.71-1.el6.i686.rpm chromium-browser-debuginfo-46.0.2490.71-1.el6.i686.rpm x86_64: chromium-browser-46.0.2490.71-1.el6.x86_64.rpm chromium-browser-debuginfo-46.0.2490.71-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-6755 https://access.redhat.com/security/cve/CVE-2015-6756 https://access.redhat.com/security/cve/CVE-2015-6757 https://access.redhat.com/security/cve/CVE-2015-6758 https://access.redhat.com/security/cve/CVE-2015-6759 https://access.redhat.com/security/cve/CVE-2015-6760 https://access.redhat.com/security/cve/CVE-2015-6761 https://access.redhat.com/security/cve/CVE-2015-6762 https://access.redhat.com/security/cve/CVE-2015-6763 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBixXlSAg2UNWIIRAr78AJ4pDV80/VqlrgvTJBIrgjmkJt4hOgCfanbx MsjOWdtpld+JUYgYl9HoJG8= =AopC -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 16 21:44:47 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 16 Oct 2015 17:44:47 -0400 Subject: [RHSA-2015:1913-01] Critical: flash-plugin security update Message-ID: <201510162144.t9GLilMI013092@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1913-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1913.html Issue date: 2015-10-16 CVE Names: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.540. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271966 - CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 flash-plugin: multiple code execution issue fixed in APSB15-27 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7645 https://access.redhat.com/security/cve/CVE-2015-7647 https://access.redhat.com/security/cve/CVE-2015-7648 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-27.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIW/NXlSAg2UNWIIRApqoAJoDDP+CRbgmKdj4oKw5jnkbbFEuiQCfQZ34 X58Rs0/PxDIcNbEglTImjS8= =0kyk -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 20 16:18:23 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Oct 2015 12:18:23 -0400 Subject: [RHSA-2015:1917-01] Important: libwmf security update Message-ID: <201510201618.t9KGINIE021833@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libwmf security update Advisory ID: RHSA-2015:1917-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1917.html Issue date: 2015-10-20 CVE Names: CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 ===================================================================== 1. Summary: Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) All users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1227243 - CVE-2015-0848 libwmf: heap overflow when decoding BMP images 1235665 - CVE-2015-4695 libwmf: heap buffer overread in meta.h 1235669 - CVE-2015-4696 libwmf: use-after-free flaw in meta.h 1272993 - CVE-2015-4588 libwmf: heap overflow within the RLE decoding of embedded BMP images 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libwmf-0.2.8.4-25.el6_7.src.rpm i386: libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm x86_64: libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-0.2.8.4-25.el6_7.x86_64.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm x86_64: libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: libwmf-0.2.8.4-25.el6_7.src.rpm x86_64: libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-0.2.8.4-25.el6_7.x86_64.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libwmf-0.2.8.4-25.el6_7.src.rpm i386: libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm ppc64: libwmf-0.2.8.4-25.el6_7.ppc.rpm libwmf-0.2.8.4-25.el6_7.ppc64.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.ppc.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.ppc64.rpm libwmf-lite-0.2.8.4-25.el6_7.ppc.rpm libwmf-lite-0.2.8.4-25.el6_7.ppc64.rpm s390x: libwmf-0.2.8.4-25.el6_7.s390.rpm libwmf-0.2.8.4-25.el6_7.s390x.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.s390.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.s390x.rpm libwmf-lite-0.2.8.4-25.el6_7.s390.rpm libwmf-lite-0.2.8.4-25.el6_7.s390x.rpm x86_64: libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-0.2.8.4-25.el6_7.x86_64.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm ppc64: libwmf-debuginfo-0.2.8.4-25.el6_7.ppc.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.ppc64.rpm libwmf-devel-0.2.8.4-25.el6_7.ppc.rpm libwmf-devel-0.2.8.4-25.el6_7.ppc64.rpm s390x: libwmf-debuginfo-0.2.8.4-25.el6_7.s390.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.s390x.rpm libwmf-devel-0.2.8.4-25.el6_7.s390.rpm libwmf-devel-0.2.8.4-25.el6_7.s390x.rpm x86_64: libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libwmf-0.2.8.4-25.el6_7.src.rpm i386: libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm x86_64: libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-0.2.8.4-25.el6_7.x86_64.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm x86_64: libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libwmf-0.2.8.4-41.el7_1.src.rpm x86_64: libwmf-0.2.8.4-41.el7_1.i686.rpm libwmf-0.2.8.4-41.el7_1.x86_64.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-lite-0.2.8.4-41.el7_1.i686.rpm libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-devel-0.2.8.4-41.el7_1.i686.rpm libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: libwmf-0.2.8.4-41.el7_1.src.rpm x86_64: libwmf-0.2.8.4-41.el7_1.i686.rpm libwmf-0.2.8.4-41.el7_1.x86_64.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-devel-0.2.8.4-41.el7_1.i686.rpm libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm libwmf-lite-0.2.8.4-41.el7_1.i686.rpm libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libwmf-0.2.8.4-41.el7_1.src.rpm ppc64: libwmf-debuginfo-0.2.8.4-41.el7_1.ppc.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.ppc64.rpm libwmf-lite-0.2.8.4-41.el7_1.ppc.rpm libwmf-lite-0.2.8.4-41.el7_1.ppc64.rpm s390x: libwmf-debuginfo-0.2.8.4-41.el7_1.s390.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.s390x.rpm libwmf-lite-0.2.8.4-41.el7_1.s390.rpm libwmf-lite-0.2.8.4-41.el7_1.s390x.rpm x86_64: libwmf-0.2.8.4-41.el7_1.i686.rpm libwmf-0.2.8.4-41.el7_1.x86_64.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-lite-0.2.8.4-41.el7_1.i686.rpm libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libwmf-0.2.8.4-41.ael7b_1.src.rpm ppc64le: libwmf-0.2.8.4-41.ael7b_1.ppc64le.rpm libwmf-debuginfo-0.2.8.4-41.ael7b_1.ppc64le.rpm libwmf-lite-0.2.8.4-41.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libwmf-0.2.8.4-41.el7_1.ppc.rpm libwmf-0.2.8.4-41.el7_1.ppc64.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.ppc.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.ppc64.rpm libwmf-devel-0.2.8.4-41.el7_1.ppc.rpm libwmf-devel-0.2.8.4-41.el7_1.ppc64.rpm s390x: libwmf-0.2.8.4-41.el7_1.s390.rpm libwmf-0.2.8.4-41.el7_1.s390x.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.s390.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.s390x.rpm libwmf-devel-0.2.8.4-41.el7_1.s390.rpm libwmf-devel-0.2.8.4-41.el7_1.s390x.rpm x86_64: libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-devel-0.2.8.4-41.el7_1.i686.rpm libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: libwmf-debuginfo-0.2.8.4-41.ael7b_1.ppc64le.rpm libwmf-devel-0.2.8.4-41.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libwmf-0.2.8.4-41.el7_1.src.rpm x86_64: libwmf-0.2.8.4-41.el7_1.i686.rpm libwmf-0.2.8.4-41.el7_1.x86_64.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-lite-0.2.8.4-41.el7_1.i686.rpm libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-devel-0.2.8.4-41.el7_1.i686.rpm libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0848 https://access.redhat.com/security/cve/CVE-2015-4588 https://access.redhat.com/security/cve/CVE-2015-4695 https://access.redhat.com/security/cve/CVE-2015-4696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWJmlNXlSAg2UNWIIRAsvCAJ9oQQeO45HLBw9wG51m5b4Mi3RfqQCgiYEI +RuROUA/+VTMUPi+7Dud6e4= =Em/t -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 21 21:15:21 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Oct 2015 21:15:21 +0000 Subject: [RHSA-2015:1919-01] Important: java-1.8.0-openjdk security update Message-ID: <201510212115.t9LLFMkc010761@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2015:1919-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1919.html Issue date: 2015-10-21 CVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 ===================================================================== 1. Summary: Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911) A flaw was found in the way the Libraries component in OpenJDK handled certificate revocation lists (CRL). In certain cases, CRL checking code could fail to report a revoked certificate, causing the application to accept it as trusted. (CVE-2015-4868) It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872) Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193) 1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383) 1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392) 1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891) 1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413) 1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688) 1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671) 1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) 1273328 - CVE-2015-4868 OpenJDK: CRL checking flaw (Libraries, 8081744) 1273338 - CVE-2015-4840 OpenJDK: OOB access in CMS code (2D, 8086092) 1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387) 1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427) 1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030) 1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339) 1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) 1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733) 1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078) 1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-0.b17.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.65-0.b17.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-0.b17.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.65-0.b17.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-0.b17.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.65-0.b17.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-0.b17.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.65-0.b17.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-2.b17.el7_1.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-2.b17.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-2.b17.el7_1.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-2.b17.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.65-2.b17.el7_1.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.ppc64.rpm s390x: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.65-2.b17.el7_1.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.65-2.b17.ael7b_1.src.rpm ppc64le: java-1.8.0-openjdk-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-2.b17.el7_1.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.el7_1.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.65-2.b17.el7_1.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.65-2.b17.el7_1.ppc64.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.el7_1.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.65-2.b17.el7_1.s390x.rpm java-1.8.0-openjdk-src-1.8.0.65-2.b17.el7_1.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-2.b17.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-2.b17.ael7b_1.noarch.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.65-2.b17.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.65-2.b17.el7_1.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.65-2.b17.el7_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.65-2.b17.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4734 https://access.redhat.com/security/cve/CVE-2015-4803 https://access.redhat.com/security/cve/CVE-2015-4805 https://access.redhat.com/security/cve/CVE-2015-4806 https://access.redhat.com/security/cve/CVE-2015-4835 https://access.redhat.com/security/cve/CVE-2015-4840 https://access.redhat.com/security/cve/CVE-2015-4842 https://access.redhat.com/security/cve/CVE-2015-4843 https://access.redhat.com/security/cve/CVE-2015-4844 https://access.redhat.com/security/cve/CVE-2015-4860 https://access.redhat.com/security/cve/CVE-2015-4868 https://access.redhat.com/security/cve/CVE-2015-4872 https://access.redhat.com/security/cve/CVE-2015-4881 https://access.redhat.com/security/cve/CVE-2015-4882 https://access.redhat.com/security/cve/CVE-2015-4883 https://access.redhat.com/security/cve/CVE-2015-4893 https://access.redhat.com/security/cve/CVE-2015-4903 https://access.redhat.com/security/cve/CVE-2015-4911 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKAApXlSAg2UNWIIRAkz4AJ92isYF9l8ayhU56hyYufdD7GZM+wCglZAy SWUL62Z8RJypxYU/WJ5PT88= =JuYC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 21 21:18:04 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Oct 2015 21:18:04 +0000 Subject: [RHSA-2015:1920-01] Critical: java-1.7.0-openjdk security update Message-ID: <201510212118.t9LLI5KY026842@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:1920-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1920.html Issue date: 2015-10-21 CVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911) It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872) Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193) 1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383) 1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392) 1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891) 1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413) 1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688) 1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671) 1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) 1273338 - CVE-2015-4840 OpenJDK: OOB access in CMS code (2D, 8086092) 1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387) 1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427) 1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030) 1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339) 1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) 1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733) 1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078) 1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.2.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.2.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.2.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.2.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.2.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.2.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.2.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.2.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.2.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.2.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.2.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el7_1.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el7_1.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm s390x: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el7_1.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.91-2.6.2.1.el7_1.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.ael7b_1.src.rpm ppc64le: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el7_1.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el7_1.ppc64.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.91-2.6.2.1.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el7_1.s390x.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el7_1.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.ael7b_1.noarch.rpm ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el7_1.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4734 https://access.redhat.com/security/cve/CVE-2015-4803 https://access.redhat.com/security/cve/CVE-2015-4805 https://access.redhat.com/security/cve/CVE-2015-4806 https://access.redhat.com/security/cve/CVE-2015-4835 https://access.redhat.com/security/cve/CVE-2015-4840 https://access.redhat.com/security/cve/CVE-2015-4842 https://access.redhat.com/security/cve/CVE-2015-4843 https://access.redhat.com/security/cve/CVE-2015-4844 https://access.redhat.com/security/cve/CVE-2015-4860 https://access.redhat.com/security/cve/CVE-2015-4872 https://access.redhat.com/security/cve/CVE-2015-4881 https://access.redhat.com/security/cve/CVE-2015-4882 https://access.redhat.com/security/cve/CVE-2015-4883 https://access.redhat.com/security/cve/CVE-2015-4893 https://access.redhat.com/security/cve/CVE-2015-4903 https://access.redhat.com/security/cve/CVE-2015-4911 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKADGXlSAg2UNWIIRAni8AKCC1S4qEpl5NFNaD8077Hhf+SzeugCeNOzv NPTGKpYM0zyZLcX2oai9C28= =ndQr -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 21 21:19:26 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Oct 2015 21:19:26 +0000 Subject: [RHSA-2015:1921-01] Important: java-1.7.0-openjdk security update Message-ID: <201510212119.t9LLJRBu024344@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:1921-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1921.html Issue date: 2015-10-21 CVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911) It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872) Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193) 1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383) 1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392) 1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891) 1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413) 1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688) 1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671) 1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) 1273338 - CVE-2015-4840 OpenJDK: OOB access in CMS code (2D, 8086092) 1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387) 1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427) 1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030) 1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339) 1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) 1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733) 1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078) 1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4734 https://access.redhat.com/security/cve/CVE-2015-4803 https://access.redhat.com/security/cve/CVE-2015-4805 https://access.redhat.com/security/cve/CVE-2015-4806 https://access.redhat.com/security/cve/CVE-2015-4835 https://access.redhat.com/security/cve/CVE-2015-4840 https://access.redhat.com/security/cve/CVE-2015-4842 https://access.redhat.com/security/cve/CVE-2015-4843 https://access.redhat.com/security/cve/CVE-2015-4844 https://access.redhat.com/security/cve/CVE-2015-4860 https://access.redhat.com/security/cve/CVE-2015-4872 https://access.redhat.com/security/cve/CVE-2015-4881 https://access.redhat.com/security/cve/CVE-2015-4882 https://access.redhat.com/security/cve/CVE-2015-4883 https://access.redhat.com/security/cve/CVE-2015-4893 https://access.redhat.com/security/cve/CVE-2015-4903 https://access.redhat.com/security/cve/CVE-2015-4911 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKAEuXlSAg2UNWIIRAui5AJ4wnpqt+K3GHWdgPRz+aAsSmh0SlQCgwutq 8f9aQb4ruyRaVECJhVKog1k= =lNVC -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 22 16:50:40 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Oct 2015 12:50:40 -0400 Subject: [RHSA-2015:1924-01] Important: qemu-kvm security update Message-ID: <201510221650.t9MGoeKx002220@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2015:1924-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1924.html Issue date: 2015-10-22 CVE Names: CVE-2015-5279 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: qemu-kvm-0.12.1.2-2.479.el6_7.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: qemu-kvm-0.12.1.2-2.479.el6_7.2.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: qemu-kvm-0.12.1.2-2.479.el6_7.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.i686.rpm ppc64: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.ppc64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.ppc64.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: qemu-kvm-0.12.1.2-2.479.el6_7.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5279 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKRPeXlSAg2UNWIIRAvYxAKCHQD6yhKljk8bnWCie88MgExYBnQCgiCEK 23wgcfGCzJu/0fF99zIN/As= =rqkH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 22 16:50:50 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Oct 2015 12:50:50 -0400 Subject: [RHSA-2015:1925-01] Important: kvm security update Message-ID: <201510221650.t9MGooC0002616@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2015:1925-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1925.html Issue date: 2015-10-22 CVE Names: CVE-2015-5279 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (https://bugzilla.redhat.com/): 1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: kvm-83-274.el5_11.src.rpm x86_64: kmod-kvm-83-274.el5_11.x86_64.rpm kmod-kvm-debug-83-274.el5_11.x86_64.rpm kvm-83-274.el5_11.x86_64.rpm kvm-debuginfo-83-274.el5_11.x86_64.rpm kvm-qemu-img-83-274.el5_11.x86_64.rpm kvm-tools-83-274.el5_11.x86_64.rpm RHEL Virtualization (v. 5 server): Source: kvm-83-274.el5_11.src.rpm x86_64: kmod-kvm-83-274.el5_11.x86_64.rpm kmod-kvm-debug-83-274.el5_11.x86_64.rpm kvm-83-274.el5_11.x86_64.rpm kvm-debuginfo-83-274.el5_11.x86_64.rpm kvm-qemu-img-83-274.el5_11.x86_64.rpm kvm-tools-83-274.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5279 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKRPoXlSAg2UNWIIRAlGuAKClFFh8AiP9fEjpghaXzpXzwjbjsACfbvSL csbE4YaGS0k2SCI/QXIO1+8= =omUi -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 22 19:54:56 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Oct 2015 19:54:56 +0000 Subject: [RHSA-2015:1926-01] Critical: java-1.8.0-oracle security update Message-ID: <201510221954.t9MJsvaH026549@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2015:1926-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1926.html Issue date: 2015-10-22 CVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 ===================================================================== 1. Summary: Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193) 1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383) 1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392) 1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891) 1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413) 1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688) 1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671) 1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) 1273328 - CVE-2015-4868 OpenJDK: CRL checking flaw (Libraries, 8081744) 1273338 - CVE-2015-4840 OpenJDK: OOB access in CMS code (2D, 8086092) 1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387) 1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427) 1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030) 1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339) 1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) 1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733) 1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078) 1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291) 1273856 - CVE-2015-4901 Oracle JDK: unspecified vulnerability fixed in 8u65 (JavaFX) 1273858 - CVE-2015-4810 Oracle JDK: unspecified vulnerability fixed in 7u91 and 8u65 (Deployment) 1273860 - CVE-2015-4902 Oracle JDK: unspecified vulnerability fixed in 6u105, 7u91 and 8u65 (Deployment) 1273861 - CVE-2015-4906 Oracle JDK: unspecified vulnerability fixed in 8u65 (JavaFX) 1273862 - CVE-2015-4916 Oracle JDK: unspecified vulnerability fixed in 8u65 (JavaFX) 1273863 - CVE-2015-4908 Oracle JDK: unspecified vulnerability fixed in 8u65 (JavaFX) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.8.0-oracle-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.8.0-oracle-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.65-1jpp.3.el7_1.x86_64.rpm java-1.8.0-oracle-src-1.8.0.65-1jpp.3.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4734 https://access.redhat.com/security/cve/CVE-2015-4803 https://access.redhat.com/security/cve/CVE-2015-4805 https://access.redhat.com/security/cve/CVE-2015-4806 https://access.redhat.com/security/cve/CVE-2015-4810 https://access.redhat.com/security/cve/CVE-2015-4835 https://access.redhat.com/security/cve/CVE-2015-4840 https://access.redhat.com/security/cve/CVE-2015-4842 https://access.redhat.com/security/cve/CVE-2015-4843 https://access.redhat.com/security/cve/CVE-2015-4844 https://access.redhat.com/security/cve/CVE-2015-4860 https://access.redhat.com/security/cve/CVE-2015-4868 https://access.redhat.com/security/cve/CVE-2015-4872 https://access.redhat.com/security/cve/CVE-2015-4881 https://access.redhat.com/security/cve/CVE-2015-4882 https://access.redhat.com/security/cve/CVE-2015-4883 https://access.redhat.com/security/cve/CVE-2015-4893 https://access.redhat.com/security/cve/CVE-2015-4901 https://access.redhat.com/security/cve/CVE-2015-4902 https://access.redhat.com/security/cve/CVE-2015-4903 https://access.redhat.com/security/cve/CVE-2015-4906 https://access.redhat.com/security/cve/CVE-2015-4908 https://access.redhat.com/security/cve/CVE-2015-4911 https://access.redhat.com/security/cve/CVE-2015-4916 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKT79XlSAg2UNWIIRAmnDAJ9yxAa86KMOKftDY9a5grRxhJWEtQCeNZaB fbO6UmWvWc+henh89p1AW/w= =PvyR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 22 19:55:51 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Oct 2015 19:55:51 +0000 Subject: [RHSA-2015:1927-01] Critical: java-1.7.0-oracle security update Message-ID: <201510221955.t9MJtpEg012903@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2015:1927-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1927.html Issue date: 2015-10-22 CVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 91 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193) 1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383) 1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392) 1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891) 1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413) 1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688) 1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671) 1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) 1273338 - CVE-2015-4840 OpenJDK: OOB access in CMS code (2D, 8086092) 1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387) 1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427) 1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030) 1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339) 1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) 1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733) 1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078) 1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291) 1273858 - CVE-2015-4810 Oracle JDK: unspecified vulnerability fixed in 7u91 and 8u65 (Deployment) 1273859 - CVE-2015-4871 Oracle JDK: unspecified vulnerability fixed in 7u91 (Libraries) 1273860 - CVE-2015-4902 Oracle JDK: unspecified vulnerability fixed in 6u105, 7u91 and 8u65 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.7.0-oracle-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.91-1jpp.1.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.91-1jpp.1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4734 https://access.redhat.com/security/cve/CVE-2015-4803 https://access.redhat.com/security/cve/CVE-2015-4805 https://access.redhat.com/security/cve/CVE-2015-4806 https://access.redhat.com/security/cve/CVE-2015-4810 https://access.redhat.com/security/cve/CVE-2015-4835 https://access.redhat.com/security/cve/CVE-2015-4840 https://access.redhat.com/security/cve/CVE-2015-4842 https://access.redhat.com/security/cve/CVE-2015-4843 https://access.redhat.com/security/cve/CVE-2015-4844 https://access.redhat.com/security/cve/CVE-2015-4860 https://access.redhat.com/security/cve/CVE-2015-4871 https://access.redhat.com/security/cve/CVE-2015-4872 https://access.redhat.com/security/cve/CVE-2015-4881 https://access.redhat.com/security/cve/CVE-2015-4882 https://access.redhat.com/security/cve/CVE-2015-4883 https://access.redhat.com/security/cve/CVE-2015-4893 https://access.redhat.com/security/cve/CVE-2015-4902 https://access.redhat.com/security/cve/CVE-2015-4903 https://access.redhat.com/security/cve/CVE-2015-4911 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKT84XlSAg2UNWIIRAl8xAJ9GW36en0UWDgh16dfejX61tc1BZgCgqQph 6HBHhcJKV0SwDtNWDiGuJcM= =jh6w -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 22 19:57:48 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Oct 2015 19:57:48 +0000 Subject: [RHSA-2015:1928-01] Important: java-1.6.0-sun security update Message-ID: <201510221957.t9MJvnPl013877@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-sun security update Advisory ID: RHSA-2015:1928-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1928.html Issue date: 2015-10-22 CVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 105 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193) 1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383) 1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392) 1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891) 1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413) 1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688) 1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671) 1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) 1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387) 1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427) 1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030) 1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339) 1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) 1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733) 1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078) 1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291) 1273860 - CVE-2015-4902 Oracle JDK: unspecified vulnerability fixed in 6u105, 7u91 and 8u65 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.6.0-sun-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-demo-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.i686.rpm java-1.6.0-sun-devel-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.105-1jpp.2.el7_1.x86_64.rpm java-1.6.0-sun-src-1.6.0.105-1jpp.2.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4734 https://access.redhat.com/security/cve/CVE-2015-4803 https://access.redhat.com/security/cve/CVE-2015-4805 https://access.redhat.com/security/cve/CVE-2015-4806 https://access.redhat.com/security/cve/CVE-2015-4835 https://access.redhat.com/security/cve/CVE-2015-4842 https://access.redhat.com/security/cve/CVE-2015-4843 https://access.redhat.com/security/cve/CVE-2015-4844 https://access.redhat.com/security/cve/CVE-2015-4860 https://access.redhat.com/security/cve/CVE-2015-4872 https://access.redhat.com/security/cve/CVE-2015-4881 https://access.redhat.com/security/cve/CVE-2015-4882 https://access.redhat.com/security/cve/CVE-2015-4883 https://access.redhat.com/security/cve/CVE-2015-4893 https://access.redhat.com/security/cve/CVE-2015-4902 https://access.redhat.com/security/cve/CVE-2015-4903 https://access.redhat.com/security/cve/CVE-2015-4911 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKT+aXlSAg2UNWIIRAp6uAKCDbZM/uwB45ExlHTWX8bdbmTxUBwCfUyKo 9xArM37Jn8U8O23wMYp+9pc= =l97t -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 22 20:06:39 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Oct 2015 20:06:39 +0000 Subject: [RHSA-2015:1929-01] Important: openstack-ironic-discoverd security update Message-ID: <201510222006.t9MK6eXR017816@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-ironic-discoverd security update Advisory ID: RHSA-2015:1929-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1929 Issue date: 2015-10-22 CVE Names: CVE-2015-5306 ===================================================================== 1. Summary: Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 7.0 Director for RHEL 7 - noarch 3. Description: Ironic provides bare metal provisioning for OpenStack nodes. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be able to access the debug console (effectively, a command shell). (CVE-2015-5306) All openstack-ironic-discoverd users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1256421 - Incorrect RAM report 1273698 - CVE-2015-5306 openstack-ironic-discoverd: potential remote code execution with debug mode enabled 6. Package List: OpenStack 7.0 Director for RHEL 7: Source: openstack-ironic-discoverd-1.1.0-8.el7ost.src.rpm noarch: openstack-ironic-discoverd-1.1.0-8.el7ost.noarch.rpm openstack-ironic-discoverd-ramdisk-1.1.0-8.el7ost.noarch.rpm python-ironic-discoverd-1.1.0-8.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5306 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWKUGdXlSAg2UNWIIRApu+AJ43oSwTrXPe428gIreOc0hRRyMjXACfc83c gi30TIZ/c+d7frLe6iAKVhA= =eg7y -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 26 21:28:44 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 26 Oct 2015 17:28:44 -0400 Subject: [RHSA-2015:1930-01] Important: ntp security update Message-ID: <201510262128.t9QLSiGP013843@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2015:1930-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1930.html Issue date: 2015-10-26 CVE Names: CVE-2015-5300 CVE-2015-7704 ===================================================================== 1. Summary: Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704) It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300) Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg of Boston University for reporting these issues. All ntp users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet 1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm ppc64: ntp-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntpdate-4.2.6p5-5.el6_7.2.ppc64.rpm s390x: ntp-4.2.6p5-5.el6_7.2.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntpdate-4.2.6p5-5.el6_7.2.s390x.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-perl-4.2.6p5-5.el6_7.2.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntp-perl-4.2.6p5-5.el6_7.2.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm ppc64: ntp-4.2.6p5-19.el7_1.3.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm ntpdate-4.2.6p5-19.el7_1.3.ppc64.rpm s390x: ntp-4.2.6p5-19.el7_1.3.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm ntpdate-4.2.6p5-19.el7_1.3.s390x.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-19.ael7b_1.3.src.rpm ppc64le: ntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntpdate-4.2.6p5-19.ael7b_1.3.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm sntp-4.2.6p5-19.el7_1.3.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm sntp-4.2.6p5-19.el7_1.3.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.ael7b_1.3.noarch.rpm ntp-perl-4.2.6p5-19.ael7b_1.3.noarch.rpm ppc64le: ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm sntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5300 https://access.redhat.com/security/cve/CVE-2015-7704 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWLpsKXlSAg2UNWIIRAvn5AJ0YbKe9DZYq3JmTarVuEvM3l3fC3gCgmwd8 D1msx7GTmRIz9oZ3uE0m6Io= =mPYp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 27 09:00:19 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Oct 2015 09:00:19 +0000 Subject: [RHSA-2015:1943-01] Moderate: qemu-kvm security update Message-ID: <201510270900.t9R90KBx025437@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security update Advisory ID: RHSA-2015:1943-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1943.html Issue date: 2015-10-27 CVE Names: CVE-2015-1779 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. (CVE-2015-1779) This issue was discovered by Daniel P. Berrange of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1199572 - CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder 1273098 - qemu-kvm build failure race condition in tests/ide-test 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.8.src.rpm x86_64: libcacard-1.5.3-86.el7_1.8.i686.rpm libcacard-1.5.3-86.el7_1.8.x86_64.rpm qemu-img-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.8.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.8.i686.rpm libcacard-devel-1.5.3-86.el7_1.8.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.8.src.rpm x86_64: libcacard-1.5.3-86.el7_1.8.i686.rpm libcacard-1.5.3-86.el7_1.8.x86_64.rpm libcacard-devel-1.5.3-86.el7_1.8.i686.rpm libcacard-devel-1.5.3-86.el7_1.8.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.8.x86_64.rpm qemu-img-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.8.src.rpm ppc64: qemu-img-1.5.3-86.el7_1.8.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.ppc64.rpm x86_64: libcacard-1.5.3-86.el7_1.8.i686.rpm libcacard-1.5.3-86.el7_1.8.x86_64.rpm qemu-img-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcacard-1.5.3-86.el7_1.8.ppc.rpm libcacard-1.5.3-86.el7_1.8.ppc64.rpm libcacard-devel-1.5.3-86.el7_1.8.ppc.rpm libcacard-devel-1.5.3-86.el7_1.8.ppc64.rpm libcacard-tools-1.5.3-86.el7_1.8.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.ppc.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.ppc64.rpm x86_64: libcacard-devel-1.5.3-86.el7_1.8.i686.rpm libcacard-devel-1.5.3-86.el7_1.8.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.8.src.rpm x86_64: libcacard-1.5.3-86.el7_1.8.i686.rpm libcacard-1.5.3-86.el7_1.8.x86_64.rpm qemu-img-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.8.i686.rpm libcacard-devel-1.5.3-86.el7_1.8.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.8.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1779 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWLzz5XlSAg2UNWIIRApH7AJ9cEK6ok1WIsf8hf4R57VoZUKADHwCgkol/ loI4EWjrbUklXCUJHhUP6So= =nRFr -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 27 20:24:53 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Oct 2015 20:24:53 +0000 Subject: [RHSA-2015:1945-01] Moderate: kubernetes security update Message-ID: <201510272024.t9RKOrj9020018@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kubernetes security update Advisory ID: RHSA-2015:1945-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2015:1945 Issue date: 2015-10-27 CVE Names: CVE-2015-5305 ===================================================================== 1. Summary: Updated kubernetes packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the references section. 2. Relevant releases/architectures: RHOSE 3.0 - x86_64 3. Description: Kubernetes allows orchestration and control of Docker containers as used in OpenShift Enterprise 3. Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal. (CVE-2015-5305) Red Hat would like to thank Jordan Liggitt for discovering and reporting this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1273969 - CVE-2015-5305 Kubernetes: Missing name validation allows path traversal in etcd 6. Package List: RHOSE 3.0: Source: openshift-3.0.2.0-0.git.20.656dc3e.el7ose.src.rpm x86_64: openshift-3.0.2.0-0.git.20.656dc3e.el7ose.x86_64.rpm openshift-clients-3.0.2.0-0.git.20.656dc3e.el7ose.x86_64.rpm openshift-master-3.0.2.0-0.git.20.656dc3e.el7ose.x86_64.rpm openshift-node-3.0.2.0-0.git.20.656dc3e.el7ose.x86_64.rpm openshift-sdn-ovs-3.0.2.0-0.git.20.656dc3e.el7ose.x86_64.rpm tuned-profiles-openshift-node-3.0.2.0-0.git.20.656dc3e.el7ose.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5305 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWL92MXlSAg2UNWIIRAsfzAJ9jYsruhmOCYIU+k6lVdzf7BsYVNwCgwfJa Wk0nEnkjuyouXqfX1SYQ5Ew= =RML7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 29 19:42:48 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 Oct 2015 15:42:48 -0400 Subject: [RHSA-2015:1955-01] Low: Red Hat Enterprise Linux 6.5 Extended Update Support One-Month Notice Message-ID: <201510291942.t9TJgm8v009713@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.5 Extended Update Support One-Month Notice Advisory ID: RHSA-2015:1955-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1955.html Issue date: 2015-10-29 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 6.5 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.5. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.5 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.5): Source: redhat-release-server-6Server-6.5.0.3.el6_5.1.src.rpm i386: redhat-release-server-6Server-6.5.0.3.el6_5.1.i686.rpm ppc64: redhat-release-server-6Server-6.5.0.3.el6_5.1.ppc64.rpm s390x: redhat-release-server-6Server-6.5.0.3.el6_5.1.s390x.rpm x86_64: redhat-release-server-6Server-6.5.0.3.el6_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/articles/64664 https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWMna1XlSAg2UNWIIRAhNPAJ9sLKzUENe//uWrrbfTiFV9QA4/SwCghAzl vkDua94UeQXkoq/17euDzWU= =cPUq -----END PGP SIGNATURE-----