From bugzilla at redhat.com Fri Apr 1 06:44:44 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Apr 2016 06:44:44 +0000 Subject: [RHSA-2016:0532-01] Moderate: krb5 security update Message-ID: <201604010644.u316ijE7017095@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2016:0532-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0532.html Issue date: 2016-03-31 CVE Names: CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 ===================================================================== 1. Summary: An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1302617 - CVE-2015-8629 krb5: xdr_nullstring() doesn't check for terminating null character 1302632 - CVE-2015-8630 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask 1302642 - CVE-2015-8631 krb5: Memory leak caused by supplying a null principal name in request 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: krb5-1.13.2-12.el7_2.src.rpm x86_64: krb5-debuginfo-1.13.2-12.el7_2.i686.rpm krb5-debuginfo-1.13.2-12.el7_2.x86_64.rpm krb5-libs-1.13.2-12.el7_2.i686.rpm krb5-libs-1.13.2-12.el7_2.x86_64.rpm krb5-pkinit-1.13.2-12.el7_2.x86_64.rpm krb5-workstation-1.13.2-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: krb5-debuginfo-1.13.2-12.el7_2.i686.rpm krb5-debuginfo-1.13.2-12.el7_2.x86_64.rpm krb5-devel-1.13.2-12.el7_2.i686.rpm krb5-devel-1.13.2-12.el7_2.x86_64.rpm krb5-server-1.13.2-12.el7_2.x86_64.rpm krb5-server-ldap-1.13.2-12.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: krb5-1.13.2-12.el7_2.src.rpm x86_64: krb5-debuginfo-1.13.2-12.el7_2.i686.rpm krb5-debuginfo-1.13.2-12.el7_2.x86_64.rpm krb5-libs-1.13.2-12.el7_2.i686.rpm krb5-libs-1.13.2-12.el7_2.x86_64.rpm krb5-pkinit-1.13.2-12.el7_2.x86_64.rpm krb5-workstation-1.13.2-12.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: krb5-debuginfo-1.13.2-12.el7_2.i686.rpm krb5-debuginfo-1.13.2-12.el7_2.x86_64.rpm krb5-devel-1.13.2-12.el7_2.i686.rpm krb5-devel-1.13.2-12.el7_2.x86_64.rpm krb5-server-1.13.2-12.el7_2.x86_64.rpm krb5-server-ldap-1.13.2-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: krb5-1.13.2-12.el7_2.src.rpm ppc64: krb5-debuginfo-1.13.2-12.el7_2.ppc.rpm krb5-debuginfo-1.13.2-12.el7_2.ppc64.rpm krb5-devel-1.13.2-12.el7_2.ppc.rpm krb5-devel-1.13.2-12.el7_2.ppc64.rpm krb5-libs-1.13.2-12.el7_2.ppc.rpm krb5-libs-1.13.2-12.el7_2.ppc64.rpm krb5-pkinit-1.13.2-12.el7_2.ppc64.rpm krb5-server-1.13.2-12.el7_2.ppc64.rpm krb5-server-ldap-1.13.2-12.el7_2.ppc64.rpm krb5-workstation-1.13.2-12.el7_2.ppc64.rpm ppc64le: krb5-debuginfo-1.13.2-12.el7_2.ppc64le.rpm krb5-devel-1.13.2-12.el7_2.ppc64le.rpm krb5-libs-1.13.2-12.el7_2.ppc64le.rpm krb5-pkinit-1.13.2-12.el7_2.ppc64le.rpm krb5-server-1.13.2-12.el7_2.ppc64le.rpm krb5-server-ldap-1.13.2-12.el7_2.ppc64le.rpm krb5-workstation-1.13.2-12.el7_2.ppc64le.rpm s390x: krb5-debuginfo-1.13.2-12.el7_2.s390.rpm krb5-debuginfo-1.13.2-12.el7_2.s390x.rpm krb5-devel-1.13.2-12.el7_2.s390.rpm krb5-devel-1.13.2-12.el7_2.s390x.rpm krb5-libs-1.13.2-12.el7_2.s390.rpm krb5-libs-1.13.2-12.el7_2.s390x.rpm krb5-pkinit-1.13.2-12.el7_2.s390x.rpm krb5-server-1.13.2-12.el7_2.s390x.rpm krb5-server-ldap-1.13.2-12.el7_2.s390x.rpm krb5-workstation-1.13.2-12.el7_2.s390x.rpm x86_64: krb5-debuginfo-1.13.2-12.el7_2.i686.rpm krb5-debuginfo-1.13.2-12.el7_2.x86_64.rpm krb5-devel-1.13.2-12.el7_2.i686.rpm krb5-devel-1.13.2-12.el7_2.x86_64.rpm krb5-libs-1.13.2-12.el7_2.i686.rpm krb5-libs-1.13.2-12.el7_2.x86_64.rpm krb5-pkinit-1.13.2-12.el7_2.x86_64.rpm krb5-server-1.13.2-12.el7_2.x86_64.rpm krb5-server-ldap-1.13.2-12.el7_2.x86_64.rpm krb5-workstation-1.13.2-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: krb5-1.13.2-12.el7_2.src.rpm x86_64: krb5-debuginfo-1.13.2-12.el7_2.i686.rpm krb5-debuginfo-1.13.2-12.el7_2.x86_64.rpm krb5-devel-1.13.2-12.el7_2.i686.rpm krb5-devel-1.13.2-12.el7_2.x86_64.rpm krb5-libs-1.13.2-12.el7_2.i686.rpm krb5-libs-1.13.2-12.el7_2.x86_64.rpm krb5-pkinit-1.13.2-12.el7_2.x86_64.rpm krb5-server-1.13.2-12.el7_2.x86_64.rpm krb5-server-ldap-1.13.2-12.el7_2.x86_64.rpm krb5-workstation-1.13.2-12.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8629 https://access.redhat.com/security/cve/CVE-2015-8630 https://access.redhat.com/security/cve/CVE-2015-8631 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/hi0XlSAg2UNWIIRAlyjAJ9Bipj0PJsQDDLqTm5Q3nRQc6ayhQCfZHc7 7HmVp75EMs1o//2tOwDk8FY= =GL/q -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 1 06:46:28 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Apr 2016 06:46:28 +0000 Subject: [RHSA-2016:0534-01] Moderate: mariadb security and bug fix update Message-ID: <201604010646.u316kSi7002739@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb security and bug fix update Advisory ID: RHSA-2016:0534-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0534.html Issue date: 2016-03-31 CVE Names: CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-2047 ===================================================================== 1. Summary: An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix(es): * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616) Bug Fix(es): * When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a "Duplicate key" error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1274752 - CVE-2015-4792 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274756 - CVE-2015-4802 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274759 - CVE-2015-4815 mysql: unspecified vulnerability related to Server:DDL (CPU October 2015) 1274761 - CVE-2015-4816 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274764 - CVE-2015-4819 mysql: unspecified vulnerability related to Client programs (CPU October 2015) 1274766 - CVE-2015-4826 mysql: unspecified vulnerability related to Server:Types (CPU October 2015) 1274767 - CVE-2015-4830 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015) 1274771 - CVE-2015-4836 mysql: unspecified vulnerability related to Server:SP (CPU October 2015) 1274773 - CVE-2015-4858 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274776 - CVE-2015-4861 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274781 - CVE-2015-4870 mysql: unspecified vulnerability related to Server:Parser (CPU October 2015) 1274783 - CVE-2015-4879 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274794 - CVE-2015-4913 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1301492 - CVE-2016-0505 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU January 2016) 1301493 - CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016) 1301496 - CVE-2016-0596 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301497 - CVE-2016-0597 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301498 - CVE-2016-0598 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301501 - CVE-2016-0600 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016) 1301504 - CVE-2016-0606 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016) 1301506 - CVE-2016-0608 mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016) 1301507 - CVE-2016-0609 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU January 2016) 1301510 - CVE-2016-0616 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301874 - CVE-2016-2047 mysql: ssl-validate-cert incorrect hostname check 1303946 - Duplicate key with auto increment 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.47-1.el7_2.src.rpm x86_64: mariadb-5.5.47-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-libs-5.5.47-1.el7_2.i686.rpm mariadb-libs-5.5.47-1.el7_2.x86_64.rpm mariadb-server-5.5.47-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.47-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-devel-5.5.47-1.el7_2.i686.rpm mariadb-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-5.5.47-1.el7_2.i686.rpm mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-test-5.5.47-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.47-1.el7_2.src.rpm x86_64: mariadb-5.5.47-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-libs-5.5.47-1.el7_2.i686.rpm mariadb-libs-5.5.47-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.47-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-devel-5.5.47-1.el7_2.i686.rpm mariadb-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-5.5.47-1.el7_2.i686.rpm mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-server-5.5.47-1.el7_2.x86_64.rpm mariadb-test-5.5.47-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.47-1.el7_2.src.rpm ppc64: mariadb-5.5.47-1.el7_2.ppc64.rpm mariadb-bench-5.5.47-1.el7_2.ppc64.rpm mariadb-debuginfo-5.5.47-1.el7_2.ppc.rpm mariadb-debuginfo-5.5.47-1.el7_2.ppc64.rpm mariadb-devel-5.5.47-1.el7_2.ppc.rpm mariadb-devel-5.5.47-1.el7_2.ppc64.rpm mariadb-libs-5.5.47-1.el7_2.ppc.rpm mariadb-libs-5.5.47-1.el7_2.ppc64.rpm mariadb-server-5.5.47-1.el7_2.ppc64.rpm mariadb-test-5.5.47-1.el7_2.ppc64.rpm ppc64le: mariadb-5.5.47-1.el7_2.ppc64le.rpm mariadb-bench-5.5.47-1.el7_2.ppc64le.rpm mariadb-debuginfo-5.5.47-1.el7_2.ppc64le.rpm mariadb-devel-5.5.47-1.el7_2.ppc64le.rpm mariadb-libs-5.5.47-1.el7_2.ppc64le.rpm mariadb-server-5.5.47-1.el7_2.ppc64le.rpm mariadb-test-5.5.47-1.el7_2.ppc64le.rpm s390x: mariadb-5.5.47-1.el7_2.s390x.rpm mariadb-bench-5.5.47-1.el7_2.s390x.rpm mariadb-debuginfo-5.5.47-1.el7_2.s390.rpm mariadb-debuginfo-5.5.47-1.el7_2.s390x.rpm mariadb-devel-5.5.47-1.el7_2.s390.rpm mariadb-devel-5.5.47-1.el7_2.s390x.rpm mariadb-libs-5.5.47-1.el7_2.s390.rpm mariadb-libs-5.5.47-1.el7_2.s390x.rpm mariadb-server-5.5.47-1.el7_2.s390x.rpm mariadb-test-5.5.47-1.el7_2.s390x.rpm x86_64: mariadb-5.5.47-1.el7_2.x86_64.rpm mariadb-bench-5.5.47-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-devel-5.5.47-1.el7_2.i686.rpm mariadb-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-libs-5.5.47-1.el7_2.i686.rpm mariadb-libs-5.5.47-1.el7_2.x86_64.rpm mariadb-server-5.5.47-1.el7_2.x86_64.rpm mariadb-test-5.5.47-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.47-1.el7_2.ppc.rpm mariadb-debuginfo-5.5.47-1.el7_2.ppc64.rpm mariadb-embedded-5.5.47-1.el7_2.ppc.rpm mariadb-embedded-5.5.47-1.el7_2.ppc64.rpm mariadb-embedded-devel-5.5.47-1.el7_2.ppc.rpm mariadb-embedded-devel-5.5.47-1.el7_2.ppc64.rpm ppc64le: mariadb-debuginfo-5.5.47-1.el7_2.ppc64le.rpm mariadb-embedded-5.5.47-1.el7_2.ppc64le.rpm mariadb-embedded-devel-5.5.47-1.el7_2.ppc64le.rpm s390x: mariadb-debuginfo-5.5.47-1.el7_2.s390.rpm mariadb-debuginfo-5.5.47-1.el7_2.s390x.rpm mariadb-embedded-5.5.47-1.el7_2.s390.rpm mariadb-embedded-5.5.47-1.el7_2.s390x.rpm mariadb-embedded-devel-5.5.47-1.el7_2.s390.rpm mariadb-embedded-devel-5.5.47-1.el7_2.s390x.rpm x86_64: mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-5.5.47-1.el7_2.i686.rpm mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.47-1.el7_2.src.rpm x86_64: mariadb-5.5.47-1.el7_2.x86_64.rpm mariadb-bench-5.5.47-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-devel-5.5.47-1.el7_2.i686.rpm mariadb-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-libs-5.5.47-1.el7_2.i686.rpm mariadb-libs-5.5.47-1.el7_2.x86_64.rpm mariadb-server-5.5.47-1.el7_2.x86_64.rpm mariadb-test-5.5.47-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-5.5.47-1.el7_2.i686.rpm mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4792 https://access.redhat.com/security/cve/CVE-2015-4802 https://access.redhat.com/security/cve/CVE-2015-4815 https://access.redhat.com/security/cve/CVE-2015-4816 https://access.redhat.com/security/cve/CVE-2015-4819 https://access.redhat.com/security/cve/CVE-2015-4826 https://access.redhat.com/security/cve/CVE-2015-4830 https://access.redhat.com/security/cve/CVE-2015-4836 https://access.redhat.com/security/cve/CVE-2015-4858 https://access.redhat.com/security/cve/CVE-2015-4861 https://access.redhat.com/security/cve/CVE-2015-4870 https://access.redhat.com/security/cve/CVE-2015-4879 https://access.redhat.com/security/cve/CVE-2015-4913 https://access.redhat.com/security/cve/CVE-2016-0505 https://access.redhat.com/security/cve/CVE-2016-0546 https://access.redhat.com/security/cve/CVE-2016-0596 https://access.redhat.com/security/cve/CVE-2016-0597 https://access.redhat.com/security/cve/CVE-2016-0598 https://access.redhat.com/security/cve/CVE-2016-0600 https://access.redhat.com/security/cve/CVE-2016-0606 https://access.redhat.com/security/cve/CVE-2016-0608 https://access.redhat.com/security/cve/CVE-2016-0609 https://access.redhat.com/security/cve/CVE-2016-0616 https://access.redhat.com/security/cve/CVE-2016-2047 https://access.redhat.com/security/updates/classification/#moderate https://mariadb.com/kb/en/mariadb/mariadb-5545-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/hkRXlSAg2UNWIIRAtdYAJ4uEUY//8aVX9/k96UKo8JLrgsyEwCfbj3T 2tr2GppP4oArq+rrZ6BIIEg= =VflW -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 1 06:51:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Apr 2016 06:51:17 +0000 Subject: [RHSA-2016:0566-01] Moderate: libssh security update Message-ID: <201604010651.u316pKOr000365@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libssh security update Advisory ID: RHSA-2016:0566-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0566.html Issue date: 2016-03-31 CVE Names: CVE-2016-0739 ===================================================================== 1. Summary: An update for libssh is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - x86_64 3. Description: libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): * A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0739) Red Hat would like to thank Aris Adamantiadis for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing these updated packages, all running applications using libssh must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1305971 - CVE-2016-0739 libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: libssh-0.7.1-2.el7.src.rpm x86_64: libssh-0.7.1-2.el7.x86_64.rpm libssh-debuginfo-0.7.1-2.el7.x86_64.rpm libssh-devel-0.7.1-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0739 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/hpBXlSAg2UNWIIRAl7kAJ9+tkwVgOdO0H8HzJOXfK3fkuQP/wCfTjHw ITqcXdwjt3h7seFx5vhHONs= =GUeP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 5 14:25:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Apr 2016 14:25:13 +0000 Subject: [RHSA-2016:0591-01] Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update Message-ID: <201604051425.u35EPFqf014034@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2016:0591-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0591.html Issue date: 2016-04-05 CVE Names: CVE-2016-1978 CVE-2016-1979 ===================================================================== 1. Summary: An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es): * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1299861 - Rebase RHEL 6.7.z to NSPR 4.11 in preparation for Firefox 45. 1299874 - Rebase RHEL 6.7.z to NSS-util 3.21 in preparation for Firefox 45. 1300629 - Rebase RHEL 6.7.z to NSS 3.21 in preparation for Firefox 45. 1315202 - CVE-2016-1979 nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36) 1315565 - CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nspr-4.11.0-0.1.el6_7.src.rpm nss-3.21.0-0.3.el6_7.src.rpm nss-util-3.21.0-0.3.el6_7.src.rpm i386: nspr-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nss-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-sysinit-3.21.0-0.3.el6_7.i686.rpm nss-tools-3.21.0-0.3.el6_7.i686.rpm nss-util-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm x86_64: nspr-4.11.0-0.1.el6_7.i686.rpm nspr-4.11.0-0.1.el6_7.x86_64.rpm nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.x86_64.rpm nss-3.21.0-0.3.el6_7.i686.rpm nss-3.21.0-0.3.el6_7.x86_64.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-sysinit-3.21.0-0.3.el6_7.x86_64.rpm nss-tools-3.21.0-0.3.el6_7.x86_64.rpm nss-util-3.21.0-0.3.el6_7.i686.rpm nss-util-3.21.0-0.3.el6_7.x86_64.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-devel-4.11.0-0.1.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-devel-3.21.0-0.3.el6_7.i686.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-devel-3.21.0-0.3.el6_7.i686.rpm x86_64: nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.x86_64.rpm nspr-devel-4.11.0-0.1.el6_7.i686.rpm nspr-devel-4.11.0-0.1.el6_7.x86_64.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-devel-3.21.0-0.3.el6_7.i686.rpm nss-devel-3.21.0-0.3.el6_7.x86_64.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.x86_64.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-util-devel-3.21.0-0.3.el6_7.i686.rpm nss-util-devel-3.21.0-0.3.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nspr-4.11.0-0.1.el6_7.src.rpm nss-3.21.0-0.3.el6_7.src.rpm nss-util-3.21.0-0.3.el6_7.src.rpm x86_64: nspr-4.11.0-0.1.el6_7.i686.rpm nspr-4.11.0-0.1.el6_7.x86_64.rpm nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.x86_64.rpm nss-3.21.0-0.3.el6_7.i686.rpm nss-3.21.0-0.3.el6_7.x86_64.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-sysinit-3.21.0-0.3.el6_7.x86_64.rpm nss-tools-3.21.0-0.3.el6_7.x86_64.rpm nss-util-3.21.0-0.3.el6_7.i686.rpm nss-util-3.21.0-0.3.el6_7.x86_64.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.x86_64.rpm nspr-devel-4.11.0-0.1.el6_7.i686.rpm nspr-devel-4.11.0-0.1.el6_7.x86_64.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-devel-3.21.0-0.3.el6_7.i686.rpm nss-devel-3.21.0-0.3.el6_7.x86_64.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.x86_64.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-util-devel-3.21.0-0.3.el6_7.i686.rpm nss-util-devel-3.21.0-0.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nspr-4.11.0-0.1.el6_7.src.rpm nss-3.21.0-0.3.el6_7.src.rpm nss-util-3.21.0-0.3.el6_7.src.rpm i386: nspr-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-devel-4.11.0-0.1.el6_7.i686.rpm nss-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-devel-3.21.0-0.3.el6_7.i686.rpm nss-sysinit-3.21.0-0.3.el6_7.i686.rpm nss-tools-3.21.0-0.3.el6_7.i686.rpm nss-util-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-devel-3.21.0-0.3.el6_7.i686.rpm ppc64: nspr-4.11.0-0.1.el6_7.ppc.rpm nspr-4.11.0-0.1.el6_7.ppc64.rpm nspr-debuginfo-4.11.0-0.1.el6_7.ppc.rpm nspr-debuginfo-4.11.0-0.1.el6_7.ppc64.rpm nspr-devel-4.11.0-0.1.el6_7.ppc.rpm nspr-devel-4.11.0-0.1.el6_7.ppc64.rpm nss-3.21.0-0.3.el6_7.ppc.rpm nss-3.21.0-0.3.el6_7.ppc64.rpm nss-debuginfo-3.21.0-0.3.el6_7.ppc.rpm nss-debuginfo-3.21.0-0.3.el6_7.ppc64.rpm nss-devel-3.21.0-0.3.el6_7.ppc.rpm nss-devel-3.21.0-0.3.el6_7.ppc64.rpm nss-sysinit-3.21.0-0.3.el6_7.ppc64.rpm nss-tools-3.21.0-0.3.el6_7.ppc64.rpm nss-util-3.21.0-0.3.el6_7.ppc.rpm nss-util-3.21.0-0.3.el6_7.ppc64.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.ppc.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.ppc64.rpm nss-util-devel-3.21.0-0.3.el6_7.ppc.rpm nss-util-devel-3.21.0-0.3.el6_7.ppc64.rpm s390x: nspr-4.11.0-0.1.el6_7.s390.rpm nspr-4.11.0-0.1.el6_7.s390x.rpm nspr-debuginfo-4.11.0-0.1.el6_7.s390.rpm nspr-debuginfo-4.11.0-0.1.el6_7.s390x.rpm nspr-devel-4.11.0-0.1.el6_7.s390.rpm nspr-devel-4.11.0-0.1.el6_7.s390x.rpm nss-3.21.0-0.3.el6_7.s390.rpm nss-3.21.0-0.3.el6_7.s390x.rpm nss-debuginfo-3.21.0-0.3.el6_7.s390.rpm nss-debuginfo-3.21.0-0.3.el6_7.s390x.rpm nss-devel-3.21.0-0.3.el6_7.s390.rpm nss-devel-3.21.0-0.3.el6_7.s390x.rpm nss-sysinit-3.21.0-0.3.el6_7.s390x.rpm nss-tools-3.21.0-0.3.el6_7.s390x.rpm nss-util-3.21.0-0.3.el6_7.s390.rpm nss-util-3.21.0-0.3.el6_7.s390x.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.s390.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.s390x.rpm nss-util-devel-3.21.0-0.3.el6_7.s390.rpm nss-util-devel-3.21.0-0.3.el6_7.s390x.rpm x86_64: nspr-4.11.0-0.1.el6_7.i686.rpm nspr-4.11.0-0.1.el6_7.x86_64.rpm nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.x86_64.rpm nspr-devel-4.11.0-0.1.el6_7.i686.rpm nspr-devel-4.11.0-0.1.el6_7.x86_64.rpm nss-3.21.0-0.3.el6_7.i686.rpm nss-3.21.0-0.3.el6_7.x86_64.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-devel-3.21.0-0.3.el6_7.i686.rpm nss-devel-3.21.0-0.3.el6_7.x86_64.rpm nss-sysinit-3.21.0-0.3.el6_7.x86_64.rpm nss-tools-3.21.0-0.3.el6_7.x86_64.rpm nss-util-3.21.0-0.3.el6_7.i686.rpm nss-util-3.21.0-0.3.el6_7.x86_64.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-util-devel-3.21.0-0.3.el6_7.i686.rpm nss-util-devel-3.21.0-0.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm ppc64: nss-debuginfo-3.21.0-0.3.el6_7.ppc.rpm nss-debuginfo-3.21.0-0.3.el6_7.ppc64.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.ppc.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.ppc64.rpm s390x: nss-debuginfo-3.21.0-0.3.el6_7.s390.rpm nss-debuginfo-3.21.0-0.3.el6_7.s390x.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.s390.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.s390x.rpm x86_64: nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nspr-4.11.0-0.1.el6_7.src.rpm nss-3.21.0-0.3.el6_7.src.rpm nss-util-3.21.0-0.3.el6_7.src.rpm i386: nspr-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-devel-4.11.0-0.1.el6_7.i686.rpm nss-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-devel-3.21.0-0.3.el6_7.i686.rpm nss-sysinit-3.21.0-0.3.el6_7.i686.rpm nss-tools-3.21.0-0.3.el6_7.i686.rpm nss-util-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-devel-3.21.0-0.3.el6_7.i686.rpm x86_64: nspr-4.11.0-0.1.el6_7.i686.rpm nspr-4.11.0-0.1.el6_7.x86_64.rpm nspr-debuginfo-4.11.0-0.1.el6_7.i686.rpm nspr-debuginfo-4.11.0-0.1.el6_7.x86_64.rpm nspr-devel-4.11.0-0.1.el6_7.i686.rpm nspr-devel-4.11.0-0.1.el6_7.x86_64.rpm nss-3.21.0-0.3.el6_7.i686.rpm nss-3.21.0-0.3.el6_7.x86_64.rpm nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-devel-3.21.0-0.3.el6_7.i686.rpm nss-devel-3.21.0-0.3.el6_7.x86_64.rpm nss-sysinit-3.21.0-0.3.el6_7.x86_64.rpm nss-tools-3.21.0-0.3.el6_7.x86_64.rpm nss-util-3.21.0-0.3.el6_7.i686.rpm nss-util-3.21.0-0.3.el6_7.x86_64.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-util-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-util-devel-3.21.0-0.3.el6_7.i686.rpm nss-util-devel-3.21.0-0.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm x86_64: nss-debuginfo-3.21.0-0.3.el6_7.i686.rpm nss-debuginfo-3.21.0-0.3.el6_7.x86_64.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm nss-pkcs11-devel-3.21.0-0.3.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1978 https://access.redhat.com/security/cve/CVE-2016-1979 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXA8q4XlSAg2UNWIIRAslAAKCAbesoacweNPLuPuxww8sojlxfTQCfVm6P 6vYE8xrPpY5gKzaAsiPwAYs= =580y -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 5 23:41:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Apr 2016 23:41:22 +0000 Subject: [RHSA-2016:0594-01] Important: graphite2 security, bug fix, and enhancement update Message-ID: <201604052341.u35NfMFh004605@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: graphite2 security, bug fix, and enhancement update Advisory ID: RHSA-2016:0594-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0594.html Issue date: 2016-04-05 CVE Names: CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 ===================================================================== 1. Summary: An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2 (1.3.6). Security Fix(es): * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1305805 - CVE-2016-1521 graphite2: Out-of-bound read vulnerability triggered by crafted fonts 1305810 - CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities 1305813 - CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality 1308590 - CVE-2016-1526 graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: graphite2-1.3.6-1.el7_2.src.rpm x86_64: graphite2-1.3.6-1.el7_2.i686.rpm graphite2-1.3.6-1.el7_2.x86_64.rpm graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm graphite2-devel-1.3.6-1.el7_2.i686.rpm graphite2-devel-1.3.6-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: graphite2-1.3.6-1.el7_2.src.rpm x86_64: graphite2-1.3.6-1.el7_2.i686.rpm graphite2-1.3.6-1.el7_2.x86_64.rpm graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm graphite2-devel-1.3.6-1.el7_2.i686.rpm graphite2-devel-1.3.6-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: graphite2-1.3.6-1.el7_2.src.rpm ppc64: graphite2-1.3.6-1.el7_2.ppc.rpm graphite2-1.3.6-1.el7_2.ppc64.rpm graphite2-debuginfo-1.3.6-1.el7_2.ppc.rpm graphite2-debuginfo-1.3.6-1.el7_2.ppc64.rpm ppc64le: graphite2-1.3.6-1.el7_2.ppc64le.rpm graphite2-debuginfo-1.3.6-1.el7_2.ppc64le.rpm s390x: graphite2-1.3.6-1.el7_2.s390.rpm graphite2-1.3.6-1.el7_2.s390x.rpm graphite2-debuginfo-1.3.6-1.el7_2.s390.rpm graphite2-debuginfo-1.3.6-1.el7_2.s390x.rpm x86_64: graphite2-1.3.6-1.el7_2.i686.rpm graphite2-1.3.6-1.el7_2.x86_64.rpm graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: graphite2-debuginfo-1.3.6-1.el7_2.ppc.rpm graphite2-debuginfo-1.3.6-1.el7_2.ppc64.rpm graphite2-devel-1.3.6-1.el7_2.ppc.rpm graphite2-devel-1.3.6-1.el7_2.ppc64.rpm ppc64le: graphite2-debuginfo-1.3.6-1.el7_2.ppc64le.rpm graphite2-devel-1.3.6-1.el7_2.ppc64le.rpm s390x: graphite2-debuginfo-1.3.6-1.el7_2.s390.rpm graphite2-debuginfo-1.3.6-1.el7_2.s390x.rpm graphite2-devel-1.3.6-1.el7_2.s390.rpm graphite2-devel-1.3.6-1.el7_2.s390x.rpm x86_64: graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm graphite2-devel-1.3.6-1.el7_2.i686.rpm graphite2-devel-1.3.6-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: graphite2-1.3.6-1.el7_2.src.rpm x86_64: graphite2-1.3.6-1.el7_2.i686.rpm graphite2-1.3.6-1.el7_2.x86_64.rpm graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm graphite2-devel-1.3.6-1.el7_2.i686.rpm graphite2-devel-1.3.6-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1521 https://access.redhat.com/security/cve/CVE-2016-1522 https://access.redhat.com/security/cve/CVE-2016-1523 https://access.redhat.com/security/cve/CVE-2016-1526 https://access.redhat.com/security/updates/classification/#important https://raw.githubusercontent.com/silnrsi/graphite/master/ChangeLog 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXBE0TXlSAg2UNWIIRAgsmAKCP1UrievRfR3Qv7JXM4JhHncfDBACeLi6o yH1xX6GiV4kfuKGygHOmZ0I= =+LeH -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 6 11:50:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Apr 2016 11:50:27 +0000 Subject: [RHSA-2016:0601-01] Important: bind security update Message-ID: <201604061150.u36BoSih024734@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:0601-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0601.html Issue date: 2016-04-06 CVE Names: CVE-2016-1285 CVE-2016-1286 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) * A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1315674 - CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure 1315680 - CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.4.src.rpm x86_64: bind-9.7.3-8.P3.el6_2.4.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.4.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.4.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.4.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.4.i686.rpm bind-libs-9.7.3-8.P3.el6_2.4.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.4.src.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.4.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.4.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.4.i686.rpm bind-devel-9.7.3-8.P3.el6_2.4.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1285 https://access.redhat.com/security/cve/CVE-2016-1286 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01352 https://kb.isc.org/article/AA-01353 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXBPfPXlSAg2UNWIIRAp3cAJ97cjoALiPxxBcEuGYv2vbehQZKJQCfYKwz mYi7SrQ6Pd/MNvZfDG2yaow= =q50T -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 8 12:59:08 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 8 Apr 2016 12:59:08 +0000 Subject: [RHSA-2016:0610-01] Critical: flash-plugin security update Message-ID: <201604081259.u38Cx8do025578@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0610-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html Issue date: 2016-04-08 CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012 CVE-2016-1013 CVE-2016-1014 CVE-2016-1015 CVE-2016-1016 CVE-2016-1017 CVE-2016-1018 CVE-2016-1019 CVE-2016-1020 CVE-2016-1021 CVE-2016-1022 CVE-2016-1023 CVE-2016-1024 CVE-2016-1025 CVE-2016-1026 CVE-2016-1027 CVE-2016-1028 CVE-2016-1029 CVE-2016-1030 CVE-2016-1031 CVE-2016-1032 CVE-2016-1033 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.616. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.616-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.616-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.616-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.616-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1006 https://access.redhat.com/security/cve/CVE-2016-1011 https://access.redhat.com/security/cve/CVE-2016-1012 https://access.redhat.com/security/cve/CVE-2016-1013 https://access.redhat.com/security/cve/CVE-2016-1014 https://access.redhat.com/security/cve/CVE-2016-1015 https://access.redhat.com/security/cve/CVE-2016-1016 https://access.redhat.com/security/cve/CVE-2016-1017 https://access.redhat.com/security/cve/CVE-2016-1018 https://access.redhat.com/security/cve/CVE-2016-1019 https://access.redhat.com/security/cve/CVE-2016-1020 https://access.redhat.com/security/cve/CVE-2016-1021 https://access.redhat.com/security/cve/CVE-2016-1022 https://access.redhat.com/security/cve/CVE-2016-1023 https://access.redhat.com/security/cve/CVE-2016-1024 https://access.redhat.com/security/cve/CVE-2016-1025 https://access.redhat.com/security/cve/CVE-2016-1026 https://access.redhat.com/security/cve/CVE-2016-1027 https://access.redhat.com/security/cve/CVE-2016-1028 https://access.redhat.com/security/cve/CVE-2016-1029 https://access.redhat.com/security/cve/CVE-2016-1030 https://access.redhat.com/security/cve/CVE-2016-1031 https://access.redhat.com/security/cve/CVE-2016-1032 https://access.redhat.com/security/cve/CVE-2016-1033 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://helpx.adobe.com/security/products/flash-player/apsa16-01.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu G9PFZU0Qlj7WStliuEGAtVg= =hje9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 07:25:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 07:25:27 +0000 Subject: [RHSA-2016:0615-01] Important: openvswitch security update Message-ID: <201604120725.u3C7PRxZ016077@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openvswitch security update Advisory ID: RHSA-2016:0615-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:0615 Issue date: 2016-04-11 CVE Names: CVE-2016-2074 ===================================================================== 1. Summary: Updated openvswitch packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. (CVE-2016-2074) Red Hat would like to thank the Open vSwitch Project for reporting these issues. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the original reporters of CVE-2016-2074. This update includes the following images: openshift3/openvswitch:v3.1.1.6-9 aep3_beta/openvswitch:v3.1.1.6-9 openshift3/node:v3.1.1.6-16 aep3_beta/node:v3.1.1.6-16 All openvswitch users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: openvswitch-2.4.0-2.el7_2.src.rpm noarch: openvswitch-test-2.4.0-2.el7_2.noarch.rpm python-openvswitch-2.4.0-2.el7_2.noarch.rpm x86_64: openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm openvswitch-devel-2.4.0-2.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDKHJXlSAg2UNWIIRArVMAJ9kWC3bedooegoZ6ADWrLKD9xKzCQCfUQmK /IpUBYvFD22Fc2VwgoAoq2g= =EyZn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 09:29:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 09:29:32 +0000 Subject: [RHSA-2016:0617-01] Moderate: kernel security and bug fix update Message-ID: <201604120929.u3C9T1mo001186@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2016:0617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0617.html Issue date: 2016-04-12 CVE Names: CVE-2016-0774 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) The security impact of this issue was discovered by Red Hat. Bug Fix(es): * Due to prematurely decremented calc_load_task, the calculated load average was off by up to the number of CPUs in the machine. As a consequence, job scheduling worked improperly causing a drop in the system performance. This update keeps the delta of the CPU going into NO_HZ idle separately, and folds the pending idle delta into the global active count while correctly aging the averages for the idle-duration when leaving NO_HZ mode. Now, job scheduling works correctly, ensuring balanced CPU load. (BZ#1308968) * Previously, the Stream Control Transmission Protocol (SCTP) retransmission path selection was not fully RFC compliant when Partial Failover had been enabled. The provided patch provides SCTP path selection updates, thus fixing this bug. (BZ#1306565) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1303961 - CVE-2016-0774 kernel: pipe buffer state corruption after unsuccessful atomic read from pipe 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: kernel-2.6.32-504.46.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.46.1.el6.noarch.rpm kernel-doc-2.6.32-504.46.1.el6.noarch.rpm kernel-firmware-2.6.32-504.46.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.46.1.el6.x86_64.rpm kernel-debug-2.6.32-504.46.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.46.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.46.1.el6.x86_64.rpm kernel-devel-2.6.32-504.46.1.el6.x86_64.rpm kernel-headers-2.6.32-504.46.1.el6.x86_64.rpm perf-2.6.32-504.46.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.46.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm python-perf-2.6.32-504.46.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: kernel-2.6.32-504.46.1.el6.src.rpm i386: kernel-2.6.32-504.46.1.el6.i686.rpm kernel-debug-2.6.32-504.46.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.46.1.el6.i686.rpm kernel-devel-2.6.32-504.46.1.el6.i686.rpm kernel-headers-2.6.32-504.46.1.el6.i686.rpm perf-2.6.32-504.46.1.el6.i686.rpm perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.46.1.el6.noarch.rpm kernel-doc-2.6.32-504.46.1.el6.noarch.rpm kernel-firmware-2.6.32-504.46.1.el6.noarch.rpm ppc64: kernel-2.6.32-504.46.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.46.1.el6.ppc64.rpm kernel-debug-2.6.32-504.46.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.46.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.46.1.el6.ppc64.rpm kernel-devel-2.6.32-504.46.1.el6.ppc64.rpm kernel-headers-2.6.32-504.46.1.el6.ppc64.rpm perf-2.6.32-504.46.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm s390x: kernel-2.6.32-504.46.1.el6.s390x.rpm kernel-debug-2.6.32-504.46.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.46.1.el6.s390x.rpm kernel-debug-devel-2.6.32-504.46.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.46.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.46.1.el6.s390x.rpm kernel-devel-2.6.32-504.46.1.el6.s390x.rpm kernel-headers-2.6.32-504.46.1.el6.s390x.rpm kernel-kdump-2.6.32-504.46.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.46.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.46.1.el6.s390x.rpm perf-2.6.32-504.46.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.46.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.s390x.rpm x86_64: kernel-2.6.32-504.46.1.el6.x86_64.rpm kernel-debug-2.6.32-504.46.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.46.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.46.1.el6.x86_64.rpm kernel-devel-2.6.32-504.46.1.el6.x86_64.rpm kernel-headers-2.6.32-504.46.1.el6.x86_64.rpm perf-2.6.32-504.46.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: kernel-debug-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.46.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.46.1.el6.i686.rpm perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm python-perf-2.6.32-504.46.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.46.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm python-perf-2.6.32-504.46.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.46.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.46.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.46.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.46.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.46.1.el6.s390x.rpm python-perf-2.6.32-504.46.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.46.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm python-perf-2.6.32-504.46.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.46.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0774 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDL+/XlSAg2UNWIIRAol+AJwNhTwTSUKXQDUAKKr4q2mPe7uaCwCcCxm7 M3jbmpCfb8xbsvKiLrq7PRE= =CEra -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 20:28:49 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 20:28:49 +0000 Subject: [RHSA-2016:0611-01] Critical: samba security update Message-ID: <201604122028.u3CKSnDr008840@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2016:0611-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0611.html Issue date: 2016-04-12 CVE Names: CVE-2015-5370 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2112, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba-3.6.23-30.el6_7.src.rpm i386: libsmbclient-3.6.23-30.el6_7.i686.rpm samba-client-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-winbind-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm x86_64: libsmbclient-3.6.23-30.el6_7.i686.rpm libsmbclient-3.6.23-30.el6_7.x86_64.rpm samba-client-3.6.23-30.el6_7.x86_64.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-winbind-3.6.23-30.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libsmbclient-devel-3.6.23-30.el6_7.i686.rpm samba-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-doc-3.6.23-30.el6_7.i686.rpm samba-domainjoin-gui-3.6.23-30.el6_7.i686.rpm samba-swat-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.i686.rpm x86_64: libsmbclient-devel-3.6.23-30.el6_7.i686.rpm libsmbclient-devel-3.6.23-30.el6_7.x86_64.rpm samba-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-doc-3.6.23-30.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_7.x86_64.rpm samba-glusterfs-3.6.23-30.el6_7.x86_64.rpm samba-swat-3.6.23-30.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba-3.6.23-30.el6_7.src.rpm x86_64: samba-client-3.6.23-30.el6_7.x86_64.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-winbind-3.6.23-30.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libsmbclient-3.6.23-30.el6_7.i686.rpm libsmbclient-3.6.23-30.el6_7.x86_64.rpm libsmbclient-devel-3.6.23-30.el6_7.i686.rpm libsmbclient-devel-3.6.23-30.el6_7.x86_64.rpm samba-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-doc-3.6.23-30.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_7.x86_64.rpm samba-glusterfs-3.6.23-30.el6_7.x86_64.rpm samba-swat-3.6.23-30.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba-3.6.23-30.el6_7.src.rpm i386: libsmbclient-3.6.23-30.el6_7.i686.rpm samba-3.6.23-30.el6_7.i686.rpm samba-client-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-winbind-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm ppc64: libsmbclient-3.6.23-30.el6_7.ppc.rpm libsmbclient-3.6.23-30.el6_7.ppc64.rpm samba-3.6.23-30.el6_7.ppc64.rpm samba-client-3.6.23-30.el6_7.ppc64.rpm samba-common-3.6.23-30.el6_7.ppc.rpm samba-common-3.6.23-30.el6_7.ppc64.rpm samba-debuginfo-3.6.23-30.el6_7.ppc.rpm samba-debuginfo-3.6.23-30.el6_7.ppc64.rpm samba-winbind-3.6.23-30.el6_7.ppc64.rpm samba-winbind-clients-3.6.23-30.el6_7.ppc.rpm samba-winbind-clients-3.6.23-30.el6_7.ppc64.rpm s390x: libsmbclient-3.6.23-30.el6_7.s390.rpm libsmbclient-3.6.23-30.el6_7.s390x.rpm samba-3.6.23-30.el6_7.s390x.rpm samba-client-3.6.23-30.el6_7.s390x.rpm samba-common-3.6.23-30.el6_7.s390.rpm samba-common-3.6.23-30.el6_7.s390x.rpm samba-debuginfo-3.6.23-30.el6_7.s390.rpm samba-debuginfo-3.6.23-30.el6_7.s390x.rpm samba-winbind-3.6.23-30.el6_7.s390x.rpm samba-winbind-clients-3.6.23-30.el6_7.s390.rpm samba-winbind-clients-3.6.23-30.el6_7.s390x.rpm x86_64: libsmbclient-3.6.23-30.el6_7.i686.rpm libsmbclient-3.6.23-30.el6_7.x86_64.rpm samba-3.6.23-30.el6_7.x86_64.rpm samba-client-3.6.23-30.el6_7.x86_64.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-winbind-3.6.23-30.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libsmbclient-devel-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-doc-3.6.23-30.el6_7.i686.rpm samba-domainjoin-gui-3.6.23-30.el6_7.i686.rpm samba-swat-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.i686.rpm ppc64: libsmbclient-devel-3.6.23-30.el6_7.ppc.rpm libsmbclient-devel-3.6.23-30.el6_7.ppc64.rpm samba-debuginfo-3.6.23-30.el6_7.ppc.rpm samba-debuginfo-3.6.23-30.el6_7.ppc64.rpm samba-doc-3.6.23-30.el6_7.ppc64.rpm samba-domainjoin-gui-3.6.23-30.el6_7.ppc64.rpm samba-swat-3.6.23-30.el6_7.ppc64.rpm samba-winbind-devel-3.6.23-30.el6_7.ppc.rpm samba-winbind-devel-3.6.23-30.el6_7.ppc64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.ppc64.rpm s390x: libsmbclient-devel-3.6.23-30.el6_7.s390.rpm libsmbclient-devel-3.6.23-30.el6_7.s390x.rpm samba-debuginfo-3.6.23-30.el6_7.s390.rpm samba-debuginfo-3.6.23-30.el6_7.s390x.rpm samba-doc-3.6.23-30.el6_7.s390x.rpm samba-domainjoin-gui-3.6.23-30.el6_7.s390x.rpm samba-swat-3.6.23-30.el6_7.s390x.rpm samba-winbind-devel-3.6.23-30.el6_7.s390.rpm samba-winbind-devel-3.6.23-30.el6_7.s390x.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.s390x.rpm x86_64: libsmbclient-devel-3.6.23-30.el6_7.i686.rpm libsmbclient-devel-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-doc-3.6.23-30.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_7.x86_64.rpm samba-glusterfs-3.6.23-30.el6_7.x86_64.rpm samba-swat-3.6.23-30.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba-3.6.23-30.el6_7.src.rpm i386: libsmbclient-3.6.23-30.el6_7.i686.rpm samba-3.6.23-30.el6_7.i686.rpm samba-client-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-winbind-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm x86_64: libsmbclient-3.6.23-30.el6_7.i686.rpm libsmbclient-3.6.23-30.el6_7.x86_64.rpm samba-3.6.23-30.el6_7.x86_64.rpm samba-client-3.6.23-30.el6_7.x86_64.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-winbind-3.6.23-30.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libsmbclient-devel-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-doc-3.6.23-30.el6_7.i686.rpm samba-domainjoin-gui-3.6.23-30.el6_7.i686.rpm samba-swat-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.i686.rpm x86_64: libsmbclient-devel-3.6.23-30.el6_7.i686.rpm libsmbclient-devel-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-doc-3.6.23-30.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_7.x86_64.rpm samba-glusterfs-3.6.23-30.el6_7.x86_64.rpm samba-swat-3.6.23-30.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDVptXlSAg2UNWIIRAoPsAJ9zdtJa0gFvYDzspH9btOqxbcdx8ACfcxka n90FVGdsCjAGhLucjiL7fKI= =4KMh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 20:29:29 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 20:29:29 +0000 Subject: [RHSA-2016:0613-01] Critical: samba3x security update Message-ID: <201604122029.u3CKTTY6026692@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba3x security update Advisory ID: RHSA-2016:0613-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0613.html Issue date: 2016-04-12 CVE Names: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba3x is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: samba3x-3.6.23-12.el5_11.src.rpm i386: samba3x-3.6.23-12.el5_11.i386.rpm samba3x-client-3.6.23-12.el5_11.i386.rpm samba3x-common-3.6.23-12.el5_11.i386.rpm samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm samba3x-doc-3.6.23-12.el5_11.i386.rpm samba3x-domainjoin-gui-3.6.23-12.el5_11.i386.rpm samba3x-swat-3.6.23-12.el5_11.i386.rpm samba3x-winbind-3.6.23-12.el5_11.i386.rpm x86_64: samba3x-3.6.23-12.el5_11.x86_64.rpm samba3x-client-3.6.23-12.el5_11.x86_64.rpm samba3x-common-3.6.23-12.el5_11.x86_64.rpm samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm samba3x-debuginfo-3.6.23-12.el5_11.x86_64.rpm samba3x-doc-3.6.23-12.el5_11.x86_64.rpm samba3x-domainjoin-gui-3.6.23-12.el5_11.x86_64.rpm samba3x-swat-3.6.23-12.el5_11.x86_64.rpm samba3x-winbind-3.6.23-12.el5_11.i386.rpm samba3x-winbind-3.6.23-12.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: samba3x-3.6.23-12.el5_11.src.rpm i386: samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm x86_64: samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm samba3x-debuginfo-3.6.23-12.el5_11.x86_64.rpm samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: samba3x-3.6.23-12.el5_11.src.rpm i386: samba3x-3.6.23-12.el5_11.i386.rpm samba3x-client-3.6.23-12.el5_11.i386.rpm samba3x-common-3.6.23-12.el5_11.i386.rpm samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm samba3x-doc-3.6.23-12.el5_11.i386.rpm samba3x-domainjoin-gui-3.6.23-12.el5_11.i386.rpm samba3x-swat-3.6.23-12.el5_11.i386.rpm samba3x-winbind-3.6.23-12.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm ia64: samba3x-3.6.23-12.el5_11.ia64.rpm samba3x-client-3.6.23-12.el5_11.ia64.rpm samba3x-common-3.6.23-12.el5_11.ia64.rpm samba3x-debuginfo-3.6.23-12.el5_11.ia64.rpm samba3x-doc-3.6.23-12.el5_11.ia64.rpm samba3x-domainjoin-gui-3.6.23-12.el5_11.ia64.rpm samba3x-swat-3.6.23-12.el5_11.ia64.rpm samba3x-winbind-3.6.23-12.el5_11.ia64.rpm samba3x-winbind-devel-3.6.23-12.el5_11.ia64.rpm ppc: samba3x-3.6.23-12.el5_11.ppc.rpm samba3x-client-3.6.23-12.el5_11.ppc.rpm samba3x-common-3.6.23-12.el5_11.ppc.rpm samba3x-debuginfo-3.6.23-12.el5_11.ppc.rpm samba3x-debuginfo-3.6.23-12.el5_11.ppc64.rpm samba3x-doc-3.6.23-12.el5_11.ppc.rpm samba3x-domainjoin-gui-3.6.23-12.el5_11.ppc.rpm samba3x-swat-3.6.23-12.el5_11.ppc.rpm samba3x-winbind-3.6.23-12.el5_11.ppc.rpm samba3x-winbind-3.6.23-12.el5_11.ppc64.rpm samba3x-winbind-devel-3.6.23-12.el5_11.ppc.rpm samba3x-winbind-devel-3.6.23-12.el5_11.ppc64.rpm s390x: samba3x-3.6.23-12.el5_11.s390x.rpm samba3x-client-3.6.23-12.el5_11.s390x.rpm samba3x-common-3.6.23-12.el5_11.s390x.rpm samba3x-debuginfo-3.6.23-12.el5_11.s390.rpm samba3x-debuginfo-3.6.23-12.el5_11.s390x.rpm samba3x-doc-3.6.23-12.el5_11.s390x.rpm samba3x-domainjoin-gui-3.6.23-12.el5_11.s390x.rpm samba3x-swat-3.6.23-12.el5_11.s390x.rpm samba3x-winbind-3.6.23-12.el5_11.s390.rpm samba3x-winbind-3.6.23-12.el5_11.s390x.rpm samba3x-winbind-devel-3.6.23-12.el5_11.s390.rpm samba3x-winbind-devel-3.6.23-12.el5_11.s390x.rpm x86_64: samba3x-3.6.23-12.el5_11.x86_64.rpm samba3x-client-3.6.23-12.el5_11.x86_64.rpm samba3x-common-3.6.23-12.el5_11.x86_64.rpm samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm samba3x-debuginfo-3.6.23-12.el5_11.x86_64.rpm samba3x-doc-3.6.23-12.el5_11.x86_64.rpm samba3x-domainjoin-gui-3.6.23-12.el5_11.x86_64.rpm samba3x-swat-3.6.23-12.el5_11.x86_64.rpm samba3x-winbind-3.6.23-12.el5_11.i386.rpm samba3x-winbind-3.6.23-12.el5_11.x86_64.rpm samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDVqdXlSAg2UNWIIRAjMSAKCLFhagJ+je2PAvXLVUFXthhmkeuACdFzNR 1HQ8NO41Ko+xBfVbZj6yDuE= =s7iv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 20:30:11 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 20:30:11 +0000 Subject: [RHSA-2016:0621-01] Important: samba security update Message-ID: <201604122030.u3CKUC8L020088@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba security update Advisory ID: RHSA-2016:0621-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0621.html Issue date: 2016-04-12 CVE Names: CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: samba-3.0.33-3.41.el5_11.src.rpm i386: libsmbclient-3.0.33-3.41.el5_11.i386.rpm samba-3.0.33-3.41.el5_11.i386.rpm samba-client-3.0.33-3.41.el5_11.i386.rpm samba-common-3.0.33-3.41.el5_11.i386.rpm samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm samba-swat-3.0.33-3.41.el5_11.i386.rpm x86_64: libsmbclient-3.0.33-3.41.el5_11.i386.rpm libsmbclient-3.0.33-3.41.el5_11.x86_64.rpm samba-3.0.33-3.41.el5_11.x86_64.rpm samba-client-3.0.33-3.41.el5_11.x86_64.rpm samba-common-3.0.33-3.41.el5_11.i386.rpm samba-common-3.0.33-3.41.el5_11.x86_64.rpm samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm samba-debuginfo-3.0.33-3.41.el5_11.x86_64.rpm samba-swat-3.0.33-3.41.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: samba-3.0.33-3.41.el5_11.src.rpm i386: libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm x86_64: libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm libsmbclient-devel-3.0.33-3.41.el5_11.x86_64.rpm samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm samba-debuginfo-3.0.33-3.41.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: samba-3.0.33-3.41.el5_11.src.rpm i386: libsmbclient-3.0.33-3.41.el5_11.i386.rpm libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm samba-3.0.33-3.41.el5_11.i386.rpm samba-client-3.0.33-3.41.el5_11.i386.rpm samba-common-3.0.33-3.41.el5_11.i386.rpm samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm samba-swat-3.0.33-3.41.el5_11.i386.rpm ia64: libsmbclient-3.0.33-3.41.el5_11.ia64.rpm libsmbclient-devel-3.0.33-3.41.el5_11.ia64.rpm samba-3.0.33-3.41.el5_11.ia64.rpm samba-client-3.0.33-3.41.el5_11.ia64.rpm samba-common-3.0.33-3.41.el5_11.ia64.rpm samba-debuginfo-3.0.33-3.41.el5_11.ia64.rpm samba-swat-3.0.33-3.41.el5_11.ia64.rpm ppc: libsmbclient-3.0.33-3.41.el5_11.ppc.rpm libsmbclient-3.0.33-3.41.el5_11.ppc64.rpm libsmbclient-devel-3.0.33-3.41.el5_11.ppc.rpm libsmbclient-devel-3.0.33-3.41.el5_11.ppc64.rpm samba-3.0.33-3.41.el5_11.ppc.rpm samba-client-3.0.33-3.41.el5_11.ppc.rpm samba-common-3.0.33-3.41.el5_11.ppc.rpm samba-common-3.0.33-3.41.el5_11.ppc64.rpm samba-debuginfo-3.0.33-3.41.el5_11.ppc.rpm samba-debuginfo-3.0.33-3.41.el5_11.ppc64.rpm samba-swat-3.0.33-3.41.el5_11.ppc.rpm s390x: libsmbclient-3.0.33-3.41.el5_11.s390.rpm libsmbclient-3.0.33-3.41.el5_11.s390x.rpm libsmbclient-devel-3.0.33-3.41.el5_11.s390.rpm libsmbclient-devel-3.0.33-3.41.el5_11.s390x.rpm samba-3.0.33-3.41.el5_11.s390x.rpm samba-client-3.0.33-3.41.el5_11.s390x.rpm samba-common-3.0.33-3.41.el5_11.s390.rpm samba-common-3.0.33-3.41.el5_11.s390x.rpm samba-debuginfo-3.0.33-3.41.el5_11.s390.rpm samba-debuginfo-3.0.33-3.41.el5_11.s390x.rpm samba-swat-3.0.33-3.41.el5_11.s390x.rpm x86_64: libsmbclient-3.0.33-3.41.el5_11.i386.rpm libsmbclient-3.0.33-3.41.el5_11.x86_64.rpm libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm libsmbclient-devel-3.0.33-3.41.el5_11.x86_64.rpm samba-3.0.33-3.41.el5_11.x86_64.rpm samba-client-3.0.33-3.41.el5_11.x86_64.rpm samba-common-3.0.33-3.41.el5_11.i386.rpm samba-common-3.0.33-3.41.el5_11.x86_64.rpm samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm samba-debuginfo-3.0.33-3.41.el5_11.x86_64.rpm samba-swat-3.0.33-3.41.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDVrHXlSAg2UNWIIRAtKmAJ9bMCR9cm7julHd1h965ev7RS3DzwCfRpUg 4PBUcK28sYTv0h5qOcoCxK0= =hV3B -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 20:43:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 16:43:17 -0400 Subject: [RHSA-2016:0623-01] Important: samba security update Message-ID: <201604122043.u3CKhHFc009648@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba security update Advisory ID: RHSA-2016:0623-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0623.html Issue date: 2016-04-12 CVE Names: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.6 server): Source: samba-3.0.33-3.30.el5_6.src.rpm i386: libsmbclient-3.0.33-3.30.el5_6.i386.rpm libsmbclient-devel-3.0.33-3.30.el5_6.i386.rpm samba-3.0.33-3.30.el5_6.i386.rpm samba-client-3.0.33-3.30.el5_6.i386.rpm samba-common-3.0.33-3.30.el5_6.i386.rpm samba-debuginfo-3.0.33-3.30.el5_6.i386.rpm samba-swat-3.0.33-3.30.el5_6.i386.rpm ia64: libsmbclient-3.0.33-3.30.el5_6.ia64.rpm libsmbclient-devel-3.0.33-3.30.el5_6.ia64.rpm samba-3.0.33-3.30.el5_6.ia64.rpm samba-client-3.0.33-3.30.el5_6.ia64.rpm samba-common-3.0.33-3.30.el5_6.ia64.rpm samba-debuginfo-3.0.33-3.30.el5_6.ia64.rpm samba-swat-3.0.33-3.30.el5_6.ia64.rpm x86_64: libsmbclient-3.0.33-3.30.el5_6.i386.rpm libsmbclient-3.0.33-3.30.el5_6.x86_64.rpm libsmbclient-devel-3.0.33-3.30.el5_6.i386.rpm libsmbclient-devel-3.0.33-3.30.el5_6.x86_64.rpm samba-3.0.33-3.30.el5_6.x86_64.rpm samba-client-3.0.33-3.30.el5_6.x86_64.rpm samba-common-3.0.33-3.30.el5_6.i386.rpm samba-common-3.0.33-3.30.el5_6.x86_64.rpm samba-debuginfo-3.0.33-3.30.el5_6.i386.rpm samba-debuginfo-3.0.33-3.30.el5_6.x86_64.rpm samba-swat-3.0.33-3.30.el5_6.x86_64.rpm Red Hat Enterprise Linux Long Life (v. 5.9 server): Source: samba-3.0.33-3.40.el5_9.src.rpm i386: libsmbclient-3.0.33-3.40.el5_9.i386.rpm libsmbclient-devel-3.0.33-3.40.el5_9.i386.rpm samba-3.0.33-3.40.el5_9.i386.rpm samba-client-3.0.33-3.40.el5_9.i386.rpm samba-common-3.0.33-3.40.el5_9.i386.rpm samba-debuginfo-3.0.33-3.40.el5_9.i386.rpm samba-swat-3.0.33-3.40.el5_9.i386.rpm ia64: libsmbclient-3.0.33-3.40.el5_9.ia64.rpm libsmbclient-devel-3.0.33-3.40.el5_9.ia64.rpm samba-3.0.33-3.40.el5_9.ia64.rpm samba-client-3.0.33-3.40.el5_9.ia64.rpm samba-common-3.0.33-3.40.el5_9.ia64.rpm samba-debuginfo-3.0.33-3.40.el5_9.ia64.rpm samba-swat-3.0.33-3.40.el5_9.ia64.rpm ppc: libsmbclient-3.0.33-3.40.el5_9.ppc.rpm libsmbclient-3.0.33-3.40.el5_9.ppc64.rpm libsmbclient-devel-3.0.33-3.40.el5_9.ppc.rpm libsmbclient-devel-3.0.33-3.40.el5_9.ppc64.rpm samba-3.0.33-3.40.el5_9.ppc.rpm samba-client-3.0.33-3.40.el5_9.ppc.rpm samba-common-3.0.33-3.40.el5_9.ppc.rpm samba-common-3.0.33-3.40.el5_9.ppc64.rpm samba-debuginfo-3.0.33-3.40.el5_9.ppc.rpm samba-debuginfo-3.0.33-3.40.el5_9.ppc64.rpm samba-swat-3.0.33-3.40.el5_9.ppc.rpm s390x: libsmbclient-3.0.33-3.40.el5_9.s390.rpm libsmbclient-3.0.33-3.40.el5_9.s390x.rpm libsmbclient-devel-3.0.33-3.40.el5_9.s390.rpm libsmbclient-devel-3.0.33-3.40.el5_9.s390x.rpm samba-3.0.33-3.40.el5_9.s390x.rpm samba-client-3.0.33-3.40.el5_9.s390x.rpm samba-common-3.0.33-3.40.el5_9.s390.rpm samba-common-3.0.33-3.40.el5_9.s390x.rpm samba-debuginfo-3.0.33-3.40.el5_9.s390.rpm samba-debuginfo-3.0.33-3.40.el5_9.s390x.rpm samba-swat-3.0.33-3.40.el5_9.s390x.rpm x86_64: libsmbclient-3.0.33-3.40.el5_9.i386.rpm libsmbclient-3.0.33-3.40.el5_9.x86_64.rpm libsmbclient-devel-3.0.33-3.40.el5_9.i386.rpm libsmbclient-devel-3.0.33-3.40.el5_9.x86_64.rpm samba-3.0.33-3.40.el5_9.x86_64.rpm samba-client-3.0.33-3.40.el5_9.x86_64.rpm samba-common-3.0.33-3.40.el5_9.i386.rpm samba-common-3.0.33-3.40.el5_9.x86_64.rpm samba-debuginfo-3.0.33-3.40.el5_9.i386.rpm samba-debuginfo-3.0.33-3.40.el5_9.x86_64.rpm samba-swat-3.0.33-3.40.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDV3kXlSAg2UNWIIRAvq4AJ4zNBRqyDWkZ89tunD2xV4qyKFc7QCeOfv4 hNq0ySm45U6MYz0Z3JKZRIM= =d6LY -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 20:43:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 16:43:40 -0400 Subject: [RHSA-2016:0619-01] Critical: samba security update Message-ID: <201604122043.u3CKhe5h004552@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2016:0619-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0619.html Issue date: 2016-04-12 CVE Names: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: samba-3.6.23-30.el6_6.src.rpm x86_64: samba-client-3.6.23-30.el6_6.x86_64.rpm samba-common-3.6.23-30.el6_6.i686.rpm samba-common-3.6.23-30.el6_6.x86_64.rpm samba-debuginfo-3.6.23-30.el6_6.i686.rpm samba-debuginfo-3.6.23-30.el6_6.x86_64.rpm samba-winbind-3.6.23-30.el6_6.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_6.i686.rpm samba-winbind-clients-3.6.23-30.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: libsmbclient-3.6.23-30.el6_6.i686.rpm libsmbclient-3.6.23-30.el6_6.x86_64.rpm libsmbclient-devel-3.6.23-30.el6_6.i686.rpm libsmbclient-devel-3.6.23-30.el6_6.x86_64.rpm samba-3.6.23-30.el6_6.x86_64.rpm samba-debuginfo-3.6.23-30.el6_6.i686.rpm samba-debuginfo-3.6.23-30.el6_6.x86_64.rpm samba-doc-3.6.23-30.el6_6.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_6.x86_64.rpm samba-glusterfs-3.6.23-30.el6_6.x86_64.rpm samba-swat-3.6.23-30.el6_6.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_6.i686.rpm samba-winbind-devel-3.6.23-30.el6_6.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_6.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: samba-3.6.23-30.el6_2.src.rpm x86_64: libsmbclient-3.6.23-30.el6_2.i686.rpm libsmbclient-3.6.23-30.el6_2.x86_64.rpm samba-3.6.23-30.el6_2.x86_64.rpm samba-client-3.6.23-30.el6_2.x86_64.rpm samba-common-3.6.23-30.el6_2.i686.rpm samba-common-3.6.23-30.el6_2.x86_64.rpm samba-debuginfo-3.6.23-30.el6_2.i686.rpm samba-debuginfo-3.6.23-30.el6_2.x86_64.rpm samba-winbind-3.6.23-30.el6_2.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_2.i686.rpm samba-winbind-clients-3.6.23-30.el6_2.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: samba-3.6.23-30.el6_4.src.rpm x86_64: libsmbclient-3.6.23-30.el6_4.i686.rpm libsmbclient-3.6.23-30.el6_4.x86_64.rpm samba-3.6.23-30.el6_4.x86_64.rpm samba-client-3.6.23-30.el6_4.x86_64.rpm samba-common-3.6.23-30.el6_4.i686.rpm samba-common-3.6.23-30.el6_4.x86_64.rpm samba-debuginfo-3.6.23-30.el6_4.i686.rpm samba-debuginfo-3.6.23-30.el6_4.x86_64.rpm samba-winbind-3.6.23-30.el6_4.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_4.i686.rpm samba-winbind-clients-3.6.23-30.el6_4.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: samba-3.6.23-30.el6_5.src.rpm x86_64: libsmbclient-3.6.23-30.el6_5.i686.rpm libsmbclient-3.6.23-30.el6_5.x86_64.rpm samba-3.6.23-30.el6_5.x86_64.rpm samba-client-3.6.23-30.el6_5.x86_64.rpm samba-common-3.6.23-30.el6_5.i686.rpm samba-common-3.6.23-30.el6_5.x86_64.rpm samba-debuginfo-3.6.23-30.el6_5.i686.rpm samba-debuginfo-3.6.23-30.el6_5.x86_64.rpm samba-winbind-3.6.23-30.el6_5.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_5.i686.rpm samba-winbind-clients-3.6.23-30.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: samba-3.6.23-30.el6_6.src.rpm i386: libsmbclient-3.6.23-30.el6_6.i686.rpm samba-3.6.23-30.el6_6.i686.rpm samba-client-3.6.23-30.el6_6.i686.rpm samba-common-3.6.23-30.el6_6.i686.rpm samba-debuginfo-3.6.23-30.el6_6.i686.rpm samba-winbind-3.6.23-30.el6_6.i686.rpm samba-winbind-clients-3.6.23-30.el6_6.i686.rpm ppc64: libsmbclient-3.6.23-30.el6_6.ppc.rpm libsmbclient-3.6.23-30.el6_6.ppc64.rpm samba-3.6.23-30.el6_6.ppc64.rpm samba-client-3.6.23-30.el6_6.ppc64.rpm samba-common-3.6.23-30.el6_6.ppc.rpm samba-common-3.6.23-30.el6_6.ppc64.rpm samba-debuginfo-3.6.23-30.el6_6.ppc.rpm samba-debuginfo-3.6.23-30.el6_6.ppc64.rpm samba-winbind-3.6.23-30.el6_6.ppc64.rpm samba-winbind-clients-3.6.23-30.el6_6.ppc.rpm samba-winbind-clients-3.6.23-30.el6_6.ppc64.rpm s390x: libsmbclient-3.6.23-30.el6_6.s390.rpm libsmbclient-3.6.23-30.el6_6.s390x.rpm samba-3.6.23-30.el6_6.s390x.rpm samba-client-3.6.23-30.el6_6.s390x.rpm samba-common-3.6.23-30.el6_6.s390.rpm samba-common-3.6.23-30.el6_6.s390x.rpm samba-debuginfo-3.6.23-30.el6_6.s390.rpm samba-debuginfo-3.6.23-30.el6_6.s390x.rpm samba-winbind-3.6.23-30.el6_6.s390x.rpm samba-winbind-clients-3.6.23-30.el6_6.s390.rpm samba-winbind-clients-3.6.23-30.el6_6.s390x.rpm x86_64: libsmbclient-3.6.23-30.el6_6.i686.rpm libsmbclient-3.6.23-30.el6_6.x86_64.rpm samba-3.6.23-30.el6_6.x86_64.rpm samba-client-3.6.23-30.el6_6.x86_64.rpm samba-common-3.6.23-30.el6_6.i686.rpm samba-common-3.6.23-30.el6_6.x86_64.rpm samba-debuginfo-3.6.23-30.el6_6.i686.rpm samba-debuginfo-3.6.23-30.el6_6.x86_64.rpm samba-winbind-3.6.23-30.el6_6.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_6.i686.rpm samba-winbind-clients-3.6.23-30.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: samba-3.6.23-30.el6_2.src.rpm x86_64: libsmbclient-devel-3.6.23-30.el6_2.i686.rpm libsmbclient-devel-3.6.23-30.el6_2.x86_64.rpm samba-debuginfo-3.6.23-30.el6_2.i686.rpm samba-debuginfo-3.6.23-30.el6_2.x86_64.rpm samba-doc-3.6.23-30.el6_2.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_2.x86_64.rpm samba-swat-3.6.23-30.el6_2.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_2.i686.rpm samba-winbind-devel-3.6.23-30.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: samba-3.6.23-30.el6_4.src.rpm x86_64: libsmbclient-devel-3.6.23-30.el6_4.i686.rpm libsmbclient-devel-3.6.23-30.el6_4.x86_64.rpm samba-debuginfo-3.6.23-30.el6_4.i686.rpm samba-debuginfo-3.6.23-30.el6_4.x86_64.rpm samba-doc-3.6.23-30.el6_4.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_4.x86_64.rpm samba-swat-3.6.23-30.el6_4.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_4.i686.rpm samba-winbind-devel-3.6.23-30.el6_4.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: samba-3.6.23-30.el6_5.src.rpm x86_64: libsmbclient-devel-3.6.23-30.el6_5.i686.rpm libsmbclient-devel-3.6.23-30.el6_5.x86_64.rpm samba-debuginfo-3.6.23-30.el6_5.i686.rpm samba-debuginfo-3.6.23-30.el6_5.x86_64.rpm samba-doc-3.6.23-30.el6_5.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_5.x86_64.rpm samba-swat-3.6.23-30.el6_5.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_5.i686.rpm samba-winbind-devel-3.6.23-30.el6_5.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: libsmbclient-devel-3.6.23-30.el6_6.i686.rpm samba-debuginfo-3.6.23-30.el6_6.i686.rpm samba-doc-3.6.23-30.el6_6.i686.rpm samba-domainjoin-gui-3.6.23-30.el6_6.i686.rpm samba-swat-3.6.23-30.el6_6.i686.rpm samba-winbind-devel-3.6.23-30.el6_6.i686.rpm samba-winbind-krb5-locator-3.6.23-30.el6_6.i686.rpm ppc64: libsmbclient-devel-3.6.23-30.el6_6.ppc.rpm libsmbclient-devel-3.6.23-30.el6_6.ppc64.rpm samba-debuginfo-3.6.23-30.el6_6.ppc.rpm samba-debuginfo-3.6.23-30.el6_6.ppc64.rpm samba-doc-3.6.23-30.el6_6.ppc64.rpm samba-domainjoin-gui-3.6.23-30.el6_6.ppc64.rpm samba-swat-3.6.23-30.el6_6.ppc64.rpm samba-winbind-devel-3.6.23-30.el6_6.ppc.rpm samba-winbind-devel-3.6.23-30.el6_6.ppc64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_6.ppc64.rpm s390x: libsmbclient-devel-3.6.23-30.el6_6.s390.rpm libsmbclient-devel-3.6.23-30.el6_6.s390x.rpm samba-debuginfo-3.6.23-30.el6_6.s390.rpm samba-debuginfo-3.6.23-30.el6_6.s390x.rpm samba-doc-3.6.23-30.el6_6.s390x.rpm samba-domainjoin-gui-3.6.23-30.el6_6.s390x.rpm samba-swat-3.6.23-30.el6_6.s390x.rpm samba-winbind-devel-3.6.23-30.el6_6.s390.rpm samba-winbind-devel-3.6.23-30.el6_6.s390x.rpm samba-winbind-krb5-locator-3.6.23-30.el6_6.s390x.rpm x86_64: libsmbclient-devel-3.6.23-30.el6_6.i686.rpm libsmbclient-devel-3.6.23-30.el6_6.x86_64.rpm samba-debuginfo-3.6.23-30.el6_6.i686.rpm samba-debuginfo-3.6.23-30.el6_6.x86_64.rpm samba-doc-3.6.23-30.el6_6.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_6.x86_64.rpm samba-glusterfs-3.6.23-30.el6_6.x86_64.rpm samba-swat-3.6.23-30.el6_6.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_6.i686.rpm samba-winbind-devel-3.6.23-30.el6_6.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDV36XlSAg2UNWIIRAhKLAKC+0w+ZT28D71ukxl7eCaZCNJ9aOQCfW7ek RJ2Xsd9Sc1Xc/TUs0DDsBDg= =A2sj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 20:43:54 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 16:43:54 -0400 Subject: [RHSA-2016:0624-01] Critical: samba3x security update Message-ID: <201604122043.u3CKhsJi019509@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba3x security update Advisory ID: RHSA-2016:0624-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0624.html Issue date: 2016-04-12 CVE Names: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba3x is now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.6 server): Source: samba3x-3.6.23-12.el5_6.src.rpm i386: samba3x-3.6.23-12.el5_6.i386.rpm samba3x-client-3.6.23-12.el5_6.i386.rpm samba3x-common-3.6.23-12.el5_6.i386.rpm samba3x-debuginfo-3.6.23-12.el5_6.i386.rpm samba3x-doc-3.6.23-12.el5_6.i386.rpm samba3x-domainjoin-gui-3.6.23-12.el5_6.i386.rpm samba3x-swat-3.6.23-12.el5_6.i386.rpm samba3x-winbind-3.6.23-12.el5_6.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_6.i386.rpm ia64: samba3x-3.6.23-12.el5_6.ia64.rpm samba3x-client-3.6.23-12.el5_6.ia64.rpm samba3x-common-3.6.23-12.el5_6.ia64.rpm samba3x-debuginfo-3.6.23-12.el5_6.ia64.rpm samba3x-doc-3.6.23-12.el5_6.ia64.rpm samba3x-domainjoin-gui-3.6.23-12.el5_6.ia64.rpm samba3x-swat-3.6.23-12.el5_6.ia64.rpm samba3x-winbind-3.6.23-12.el5_6.ia64.rpm samba3x-winbind-devel-3.6.23-12.el5_6.ia64.rpm x86_64: samba3x-3.6.23-12.el5_6.x86_64.rpm samba3x-client-3.6.23-12.el5_6.x86_64.rpm samba3x-common-3.6.23-12.el5_6.x86_64.rpm samba3x-debuginfo-3.6.23-12.el5_6.i386.rpm samba3x-debuginfo-3.6.23-12.el5_6.x86_64.rpm samba3x-doc-3.6.23-12.el5_6.x86_64.rpm samba3x-domainjoin-gui-3.6.23-12.el5_6.x86_64.rpm samba3x-swat-3.6.23-12.el5_6.x86_64.rpm samba3x-winbind-3.6.23-12.el5_6.i386.rpm samba3x-winbind-3.6.23-12.el5_6.x86_64.rpm samba3x-winbind-devel-3.6.23-12.el5_6.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_6.x86_64.rpm Red Hat Enterprise Linux Long Life (v. 5.9 server): Source: samba3x-3.6.23-12.el5_9.src.rpm i386: samba3x-3.6.23-12.el5_9.i386.rpm samba3x-client-3.6.23-12.el5_9.i386.rpm samba3x-common-3.6.23-12.el5_9.i386.rpm samba3x-debuginfo-3.6.23-12.el5_9.i386.rpm samba3x-doc-3.6.23-12.el5_9.i386.rpm samba3x-domainjoin-gui-3.6.23-12.el5_9.i386.rpm samba3x-swat-3.6.23-12.el5_9.i386.rpm samba3x-winbind-3.6.23-12.el5_9.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_9.i386.rpm ia64: samba3x-3.6.23-12.el5_9.ia64.rpm samba3x-client-3.6.23-12.el5_9.ia64.rpm samba3x-common-3.6.23-12.el5_9.ia64.rpm samba3x-debuginfo-3.6.23-12.el5_9.ia64.rpm samba3x-doc-3.6.23-12.el5_9.ia64.rpm samba3x-domainjoin-gui-3.6.23-12.el5_9.ia64.rpm samba3x-swat-3.6.23-12.el5_9.ia64.rpm samba3x-winbind-3.6.23-12.el5_9.ia64.rpm samba3x-winbind-devel-3.6.23-12.el5_9.ia64.rpm ppc: samba3x-3.6.23-12.el5_9.ppc.rpm samba3x-client-3.6.23-12.el5_9.ppc.rpm samba3x-common-3.6.23-12.el5_9.ppc.rpm samba3x-debuginfo-3.6.23-12.el5_9.ppc.rpm samba3x-debuginfo-3.6.23-12.el5_9.ppc64.rpm samba3x-doc-3.6.23-12.el5_9.ppc.rpm samba3x-domainjoin-gui-3.6.23-12.el5_9.ppc.rpm samba3x-swat-3.6.23-12.el5_9.ppc.rpm samba3x-winbind-3.6.23-12.el5_9.ppc.rpm samba3x-winbind-3.6.23-12.el5_9.ppc64.rpm samba3x-winbind-devel-3.6.23-12.el5_9.ppc.rpm samba3x-winbind-devel-3.6.23-12.el5_9.ppc64.rpm s390x: samba3x-3.6.23-12.el5_9.s390x.rpm samba3x-client-3.6.23-12.el5_9.s390x.rpm samba3x-common-3.6.23-12.el5_9.s390x.rpm samba3x-debuginfo-3.6.23-12.el5_9.s390.rpm samba3x-debuginfo-3.6.23-12.el5_9.s390x.rpm samba3x-doc-3.6.23-12.el5_9.s390x.rpm samba3x-domainjoin-gui-3.6.23-12.el5_9.s390x.rpm samba3x-swat-3.6.23-12.el5_9.s390x.rpm samba3x-winbind-3.6.23-12.el5_9.s390.rpm samba3x-winbind-3.6.23-12.el5_9.s390x.rpm samba3x-winbind-devel-3.6.23-12.el5_9.s390.rpm samba3x-winbind-devel-3.6.23-12.el5_9.s390x.rpm x86_64: samba3x-3.6.23-12.el5_9.x86_64.rpm samba3x-client-3.6.23-12.el5_9.x86_64.rpm samba3x-common-3.6.23-12.el5_9.x86_64.rpm samba3x-debuginfo-3.6.23-12.el5_9.i386.rpm samba3x-debuginfo-3.6.23-12.el5_9.x86_64.rpm samba3x-doc-3.6.23-12.el5_9.x86_64.rpm samba3x-domainjoin-gui-3.6.23-12.el5_9.x86_64.rpm samba3x-swat-3.6.23-12.el5_9.x86_64.rpm samba3x-winbind-3.6.23-12.el5_9.i386.rpm samba3x-winbind-3.6.23-12.el5_9.x86_64.rpm samba3x-winbind-devel-3.6.23-12.el5_9.i386.rpm samba3x-winbind-devel-3.6.23-12.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDV4IXlSAg2UNWIIRAhcLAJ9W0yEGACSHJalMb6cilXWZ8idNDACdEjXJ eu/tzsFPf3uUT+QUH9Z1BOE= =uz1b -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 21:41:11 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 17:41:11 -0400 Subject: [RHSA-2016:0620-01] Critical: samba4 security, bug fix, and enhancement update Message-ID: <201604122141.u3CLfBki017197@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba4 security, bug fix, and enhancement update Advisory ID: RHSA-2016:0620-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0620.html Issue date: 2016-04-12 CVE Names: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba4 is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1311910 - CVE-2016-2113 samba: Server certificates not validated at client side 1312082 - CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: ipa-3.0.0-42.el6_6.1.src.rpm libldb-1.1.25-2.el6_6.src.rpm samba4-4.2.10-6.el6_6.src.rpm x86_64: ipa-client-3.0.0-42.el6_6.1.x86_64.rpm ipa-debuginfo-3.0.0-42.el6_6.1.x86_64.rpm ipa-python-3.0.0-42.el6_6.1.x86_64.rpm libldb-1.1.25-2.el6_6.i686.rpm libldb-1.1.25-2.el6_6.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_6.i686.rpm libldb-debuginfo-1.1.25-2.el6_6.x86_64.rpm libldb-devel-1.1.25-2.el6_6.i686.rpm libldb-devel-1.1.25-2.el6_6.x86_64.rpm pyldb-1.1.25-2.el6_6.x86_64.rpm samba4-4.2.10-6.el6_6.x86_64.rpm samba4-client-4.2.10-6.el6_6.x86_64.rpm samba4-common-4.2.10-6.el6_6.x86_64.rpm samba4-dc-4.2.10-6.el6_6.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_6.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_6.x86_64.rpm samba4-devel-4.2.10-6.el6_6.x86_64.rpm samba4-libs-4.2.10-6.el6_6.x86_64.rpm samba4-pidl-4.2.10-6.el6_6.x86_64.rpm samba4-python-4.2.10-6.el6_6.x86_64.rpm samba4-test-4.2.10-6.el6_6.x86_64.rpm samba4-winbind-4.2.10-6.el6_6.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_6.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: ipa-admintools-3.0.0-42.el6_6.1.x86_64.rpm ipa-debuginfo-3.0.0-42.el6_6.1.x86_64.rpm ipa-server-3.0.0-42.el6_6.1.x86_64.rpm ipa-server-selinux-3.0.0-42.el6_6.1.x86_64.rpm ipa-server-trust-ad-3.0.0-42.el6_6.1.x86_64.rpm ldb-tools-1.1.25-2.el6_6.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_6.x86_64.rpm pyldb-devel-1.1.25-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: libldb-1.1.25-2.el6_2.src.rpm sssd-1.5.1-66.el6_2.5.src.rpm x86_64: libipa_hbac-1.5.1-66.el6_2.5.i686.rpm libipa_hbac-1.5.1-66.el6_2.5.x86_64.rpm libipa_hbac-python-1.5.1-66.el6_2.5.x86_64.rpm libldb-1.1.25-2.el6_2.i686.rpm libldb-1.1.25-2.el6_2.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_2.i686.rpm libldb-debuginfo-1.1.25-2.el6_2.x86_64.rpm libldb-devel-1.1.25-2.el6_2.i686.rpm libldb-devel-1.1.25-2.el6_2.x86_64.rpm pyldb-1.1.25-2.el6_2.x86_64.rpm sssd-1.5.1-66.el6_2.5.x86_64.rpm sssd-client-1.5.1-66.el6_2.5.i686.rpm sssd-client-1.5.1-66.el6_2.5.x86_64.rpm sssd-debuginfo-1.5.1-66.el6_2.5.i686.rpm sssd-debuginfo-1.5.1-66.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: ipa-3.0.0-26.el6_4.5.src.rpm libldb-1.1.25-2.el6_4.src.rpm samba4-4.2.10-6.el6_4.src.rpm sssd-1.9.2-82.12.el6_4.src.rpm x86_64: ipa-admintools-3.0.0-26.el6_4.5.x86_64.rpm ipa-client-3.0.0-26.el6_4.5.x86_64.rpm ipa-debuginfo-3.0.0-26.el6_4.5.x86_64.rpm ipa-python-3.0.0-26.el6_4.5.x86_64.rpm ipa-server-3.0.0-26.el6_4.5.x86_64.rpm ipa-server-selinux-3.0.0-26.el6_4.5.x86_64.rpm ipa-server-trust-ad-3.0.0-26.el6_4.5.x86_64.rpm libipa_hbac-1.9.2-82.12.el6_4.i686.rpm libipa_hbac-1.9.2-82.12.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.12.el6_4.x86_64.rpm libldb-1.1.25-2.el6_4.i686.rpm libldb-1.1.25-2.el6_4.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_4.i686.rpm libldb-debuginfo-1.1.25-2.el6_4.x86_64.rpm libldb-devel-1.1.25-2.el6_4.i686.rpm libldb-devel-1.1.25-2.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.12.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.12.el6_4.i686.rpm libsss_idmap-1.9.2-82.12.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.12.el6_4.x86_64.rpm pyldb-1.1.25-2.el6_4.x86_64.rpm samba4-4.2.10-6.el6_4.x86_64.rpm samba4-client-4.2.10-6.el6_4.x86_64.rpm samba4-common-4.2.10-6.el6_4.x86_64.rpm samba4-dc-4.2.10-6.el6_4.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_4.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_4.x86_64.rpm samba4-devel-4.2.10-6.el6_4.x86_64.rpm samba4-libs-4.2.10-6.el6_4.x86_64.rpm samba4-pidl-4.2.10-6.el6_4.x86_64.rpm samba4-python-4.2.10-6.el6_4.x86_64.rpm samba4-test-4.2.10-6.el6_4.x86_64.rpm samba4-winbind-4.2.10-6.el6_4.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_4.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_4.x86_64.rpm sssd-1.9.2-82.12.el6_4.x86_64.rpm sssd-client-1.9.2-82.12.el6_4.i686.rpm sssd-client-1.9.2-82.12.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.12.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: ipa-3.0.0-37.el6_5.1.src.rpm libldb-1.1.25-2.el6_5.src.rpm samba4-4.2.10-6.el6_5.src.rpm sssd-1.9.2-129.el6_5.7.src.rpm x86_64: ipa-admintools-3.0.0-37.el6_5.1.x86_64.rpm ipa-client-3.0.0-37.el6_5.1.x86_64.rpm ipa-debuginfo-3.0.0-37.el6_5.1.x86_64.rpm ipa-python-3.0.0-37.el6_5.1.x86_64.rpm ipa-server-3.0.0-37.el6_5.1.x86_64.rpm ipa-server-selinux-3.0.0-37.el6_5.1.x86_64.rpm ipa-server-trust-ad-3.0.0-37.el6_5.1.x86_64.rpm libipa_hbac-1.9.2-129.el6_5.7.i686.rpm libipa_hbac-1.9.2-129.el6_5.7.x86_64.rpm libipa_hbac-python-1.9.2-129.el6_5.7.x86_64.rpm libldb-1.1.25-2.el6_5.i686.rpm libldb-1.1.25-2.el6_5.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_5.i686.rpm libldb-debuginfo-1.1.25-2.el6_5.x86_64.rpm libldb-devel-1.1.25-2.el6_5.i686.rpm libldb-devel-1.1.25-2.el6_5.x86_64.rpm libsss_autofs-1.9.2-129.el6_5.7.x86_64.rpm libsss_idmap-1.9.2-129.el6_5.7.i686.rpm libsss_idmap-1.9.2-129.el6_5.7.x86_64.rpm libsss_sudo-1.9.2-129.el6_5.7.x86_64.rpm pyldb-1.1.25-2.el6_5.x86_64.rpm samba4-4.2.10-6.el6_5.x86_64.rpm samba4-client-4.2.10-6.el6_5.x86_64.rpm samba4-common-4.2.10-6.el6_5.x86_64.rpm samba4-dc-4.2.10-6.el6_5.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_5.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_5.x86_64.rpm samba4-devel-4.2.10-6.el6_5.x86_64.rpm samba4-libs-4.2.10-6.el6_5.x86_64.rpm samba4-pidl-4.2.10-6.el6_5.x86_64.rpm samba4-python-4.2.10-6.el6_5.x86_64.rpm samba4-test-4.2.10-6.el6_5.x86_64.rpm samba4-winbind-4.2.10-6.el6_5.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_5.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_5.x86_64.rpm sssd-1.9.2-129.el6_5.7.x86_64.rpm sssd-client-1.9.2-129.el6_5.7.i686.rpm sssd-client-1.9.2-129.el6_5.7.x86_64.rpm sssd-debuginfo-1.9.2-129.el6_5.7.i686.rpm sssd-debuginfo-1.9.2-129.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ipa-3.0.0-42.el6_6.1.src.rpm libldb-1.1.25-2.el6_6.src.rpm samba4-4.2.10-6.el6_6.src.rpm i386: ipa-admintools-3.0.0-42.el6_6.1.i686.rpm ipa-client-3.0.0-42.el6_6.1.i686.rpm ipa-debuginfo-3.0.0-42.el6_6.1.i686.rpm ipa-python-3.0.0-42.el6_6.1.i686.rpm ipa-server-3.0.0-42.el6_6.1.i686.rpm ipa-server-selinux-3.0.0-42.el6_6.1.i686.rpm ipa-server-trust-ad-3.0.0-42.el6_6.1.i686.rpm libldb-1.1.25-2.el6_6.i686.rpm libldb-debuginfo-1.1.25-2.el6_6.i686.rpm libldb-devel-1.1.25-2.el6_6.i686.rpm pyldb-1.1.25-2.el6_6.i686.rpm samba4-4.2.10-6.el6_6.i686.rpm samba4-client-4.2.10-6.el6_6.i686.rpm samba4-common-4.2.10-6.el6_6.i686.rpm samba4-dc-4.2.10-6.el6_6.i686.rpm samba4-dc-libs-4.2.10-6.el6_6.i686.rpm samba4-debuginfo-4.2.10-6.el6_6.i686.rpm samba4-devel-4.2.10-6.el6_6.i686.rpm samba4-libs-4.2.10-6.el6_6.i686.rpm samba4-pidl-4.2.10-6.el6_6.i686.rpm samba4-python-4.2.10-6.el6_6.i686.rpm samba4-test-4.2.10-6.el6_6.i686.rpm samba4-winbind-4.2.10-6.el6_6.i686.rpm samba4-winbind-clients-4.2.10-6.el6_6.i686.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_6.i686.rpm ppc64: ipa-admintools-3.0.0-42.el6_6.1.ppc64.rpm ipa-client-3.0.0-42.el6_6.1.ppc64.rpm ipa-debuginfo-3.0.0-42.el6_6.1.ppc64.rpm ipa-python-3.0.0-42.el6_6.1.ppc64.rpm libldb-1.1.25-2.el6_6.ppc.rpm libldb-1.1.25-2.el6_6.ppc64.rpm libldb-debuginfo-1.1.25-2.el6_6.ppc.rpm libldb-debuginfo-1.1.25-2.el6_6.ppc64.rpm libldb-devel-1.1.25-2.el6_6.ppc.rpm libldb-devel-1.1.25-2.el6_6.ppc64.rpm pyldb-1.1.25-2.el6_6.ppc64.rpm samba4-4.2.10-6.el6_6.ppc64.rpm samba4-client-4.2.10-6.el6_6.ppc64.rpm samba4-common-4.2.10-6.el6_6.ppc64.rpm samba4-dc-4.2.10-6.el6_6.ppc64.rpm samba4-dc-libs-4.2.10-6.el6_6.ppc64.rpm samba4-debuginfo-4.2.10-6.el6_6.ppc64.rpm samba4-devel-4.2.10-6.el6_6.ppc64.rpm samba4-libs-4.2.10-6.el6_6.ppc64.rpm samba4-pidl-4.2.10-6.el6_6.ppc64.rpm samba4-python-4.2.10-6.el6_6.ppc64.rpm samba4-test-4.2.10-6.el6_6.ppc64.rpm samba4-winbind-4.2.10-6.el6_6.ppc64.rpm samba4-winbind-clients-4.2.10-6.el6_6.ppc64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_6.ppc64.rpm s390x: ipa-admintools-3.0.0-42.el6_6.1.s390x.rpm ipa-client-3.0.0-42.el6_6.1.s390x.rpm ipa-debuginfo-3.0.0-42.el6_6.1.s390x.rpm ipa-python-3.0.0-42.el6_6.1.s390x.rpm libldb-1.1.25-2.el6_6.s390.rpm libldb-1.1.25-2.el6_6.s390x.rpm libldb-debuginfo-1.1.25-2.el6_6.s390.rpm libldb-debuginfo-1.1.25-2.el6_6.s390x.rpm libldb-devel-1.1.25-2.el6_6.s390.rpm libldb-devel-1.1.25-2.el6_6.s390x.rpm pyldb-1.1.25-2.el6_6.s390x.rpm samba4-4.2.10-6.el6_6.s390x.rpm samba4-client-4.2.10-6.el6_6.s390x.rpm samba4-common-4.2.10-6.el6_6.s390x.rpm samba4-dc-4.2.10-6.el6_6.s390x.rpm samba4-dc-libs-4.2.10-6.el6_6.s390x.rpm samba4-debuginfo-4.2.10-6.el6_6.s390x.rpm samba4-devel-4.2.10-6.el6_6.s390x.rpm samba4-libs-4.2.10-6.el6_6.s390x.rpm samba4-pidl-4.2.10-6.el6_6.s390x.rpm samba4-python-4.2.10-6.el6_6.s390x.rpm samba4-test-4.2.10-6.el6_6.s390x.rpm samba4-winbind-4.2.10-6.el6_6.s390x.rpm samba4-winbind-clients-4.2.10-6.el6_6.s390x.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_6.s390x.rpm x86_64: ipa-admintools-3.0.0-42.el6_6.1.x86_64.rpm ipa-client-3.0.0-42.el6_6.1.x86_64.rpm ipa-debuginfo-3.0.0-42.el6_6.1.x86_64.rpm ipa-python-3.0.0-42.el6_6.1.x86_64.rpm ipa-server-3.0.0-42.el6_6.1.x86_64.rpm ipa-server-selinux-3.0.0-42.el6_6.1.x86_64.rpm ipa-server-trust-ad-3.0.0-42.el6_6.1.x86_64.rpm libldb-1.1.25-2.el6_6.i686.rpm libldb-1.1.25-2.el6_6.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_6.i686.rpm libldb-debuginfo-1.1.25-2.el6_6.x86_64.rpm libldb-devel-1.1.25-2.el6_6.i686.rpm libldb-devel-1.1.25-2.el6_6.x86_64.rpm pyldb-1.1.25-2.el6_6.x86_64.rpm samba4-4.2.10-6.el6_6.x86_64.rpm samba4-client-4.2.10-6.el6_6.x86_64.rpm samba4-common-4.2.10-6.el6_6.x86_64.rpm samba4-dc-4.2.10-6.el6_6.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_6.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_6.x86_64.rpm samba4-devel-4.2.10-6.el6_6.x86_64.rpm samba4-libs-4.2.10-6.el6_6.x86_64.rpm samba4-pidl-4.2.10-6.el6_6.x86_64.rpm samba4-python-4.2.10-6.el6_6.x86_64.rpm samba4-test-4.2.10-6.el6_6.x86_64.rpm samba4-winbind-4.2.10-6.el6_6.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_6.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: evolution-mapi-0.28.3-8.el6_2.src.rpm libldb-1.1.25-2.el6_2.src.rpm openchange-1.0-1.el6_2.src.rpm samba4-4.2.10-6.el6_2.src.rpm sssd-1.5.1-66.el6_2.5.src.rpm x86_64: evolution-mapi-0.28.3-8.el6_2.i686.rpm evolution-mapi-0.28.3-8.el6_2.x86_64.rpm evolution-mapi-debuginfo-0.28.3-8.el6_2.i686.rpm evolution-mapi-debuginfo-0.28.3-8.el6_2.x86_64.rpm evolution-mapi-devel-0.28.3-8.el6_2.i686.rpm evolution-mapi-devel-0.28.3-8.el6_2.x86_64.rpm ldb-tools-1.1.25-2.el6_2.x86_64.rpm libipa_hbac-devel-1.5.1-66.el6_2.5.i686.rpm libipa_hbac-devel-1.5.1-66.el6_2.5.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_2.i686.rpm libldb-debuginfo-1.1.25-2.el6_2.x86_64.rpm libldb-devel-1.1.25-2.el6_2.i686.rpm libldb-devel-1.1.25-2.el6_2.x86_64.rpm openchange-1.0-1.el6_2.i686.rpm openchange-1.0-1.el6_2.x86_64.rpm openchange-client-1.0-1.el6_2.x86_64.rpm openchange-debuginfo-1.0-1.el6_2.i686.rpm openchange-debuginfo-1.0-1.el6_2.x86_64.rpm openchange-devel-1.0-1.el6_2.i686.rpm openchange-devel-1.0-1.el6_2.x86_64.rpm openchange-devel-docs-1.0-1.el6_2.x86_64.rpm pyldb-devel-1.1.25-2.el6_2.x86_64.rpm samba4-4.2.10-6.el6_2.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_2.i686.rpm samba4-debuginfo-4.2.10-6.el6_2.x86_64.rpm samba4-devel-4.2.10-6.el6_2.i686.rpm samba4-devel-4.2.10-6.el6_2.x86_64.rpm samba4-libs-4.2.10-6.el6_2.i686.rpm samba4-libs-4.2.10-6.el6_2.x86_64.rpm samba4-pidl-4.2.10-6.el6_2.x86_64.rpm sssd-debuginfo-1.5.1-66.el6_2.5.i686.rpm sssd-debuginfo-1.5.1-66.el6_2.5.x86_64.rpm sssd-tools-1.5.1-66.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: libldb-1.1.25-2.el6_4.src.rpm openchange-1.0-5.el6_4.src.rpm sssd-1.9.2-82.12.el6_4.src.rpm x86_64: ldb-tools-1.1.25-2.el6_4.x86_64.rpm libipa_hbac-devel-1.9.2-82.12.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.12.el6_4.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_4.x86_64.rpm libsss_idmap-devel-1.9.2-82.12.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.12.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.12.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.12.el6_4.x86_64.rpm openchange-1.0-5.el6_4.x86_64.rpm openchange-client-1.0-5.el6_4.x86_64.rpm openchange-debuginfo-1.0-5.el6_4.x86_64.rpm openchange-devel-1.0-5.el6_4.x86_64.rpm openchange-devel-docs-1.0-5.el6_4.x86_64.rpm pyldb-devel-1.1.25-2.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.12.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.12.el6_4.x86_64.rpm sssd-tools-1.9.2-82.12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: libldb-1.1.25-2.el6_5.src.rpm openchange-1.0-7.el6_5.src.rpm sssd-1.9.2-129.el6_5.7.src.rpm x86_64: ldb-tools-1.1.25-2.el6_5.x86_64.rpm libipa_hbac-devel-1.9.2-129.el6_5.7.i686.rpm libipa_hbac-devel-1.9.2-129.el6_5.7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_5.x86_64.rpm libsss_idmap-devel-1.9.2-129.el6_5.7.i686.rpm libsss_idmap-devel-1.9.2-129.el6_5.7.x86_64.rpm libsss_sudo-devel-1.9.2-129.el6_5.7.i686.rpm libsss_sudo-devel-1.9.2-129.el6_5.7.x86_64.rpm openchange-1.0-7.el6_5.x86_64.rpm openchange-client-1.0-7.el6_5.x86_64.rpm openchange-debuginfo-1.0-7.el6_5.x86_64.rpm openchange-devel-1.0-7.el6_5.x86_64.rpm openchange-devel-docs-1.0-7.el6_5.x86_64.rpm pyldb-devel-1.1.25-2.el6_5.x86_64.rpm sssd-debuginfo-1.9.2-129.el6_5.7.i686.rpm sssd-debuginfo-1.9.2-129.el6_5.7.x86_64.rpm sssd-tools-1.9.2-129.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): Source: openchange-1.0-7.el6_6.src.rpm i386: ldb-tools-1.1.25-2.el6_6.i686.rpm libldb-debuginfo-1.1.25-2.el6_6.i686.rpm openchange-1.0-7.el6_6.i686.rpm openchange-client-1.0-7.el6_6.i686.rpm openchange-debuginfo-1.0-7.el6_6.i686.rpm openchange-devel-1.0-7.el6_6.i686.rpm openchange-devel-docs-1.0-7.el6_6.i686.rpm pyldb-devel-1.1.25-2.el6_6.i686.rpm ppc64: ldb-tools-1.1.25-2.el6_6.ppc64.rpm libldb-debuginfo-1.1.25-2.el6_6.ppc64.rpm openchange-1.0-7.el6_6.ppc64.rpm openchange-client-1.0-7.el6_6.ppc64.rpm openchange-debuginfo-1.0-7.el6_6.ppc64.rpm openchange-devel-1.0-7.el6_6.ppc64.rpm openchange-devel-docs-1.0-7.el6_6.ppc64.rpm pyldb-devel-1.1.25-2.el6_6.ppc64.rpm s390x: ldb-tools-1.1.25-2.el6_6.s390x.rpm libldb-debuginfo-1.1.25-2.el6_6.s390x.rpm openchange-1.0-7.el6_6.s390x.rpm openchange-client-1.0-7.el6_6.s390x.rpm openchange-debuginfo-1.0-7.el6_6.s390x.rpm openchange-devel-1.0-7.el6_6.s390x.rpm openchange-devel-docs-1.0-7.el6_6.s390x.rpm pyldb-devel-1.1.25-2.el6_6.s390x.rpm x86_64: ldb-tools-1.1.25-2.el6_6.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_6.x86_64.rpm openchange-1.0-7.el6_6.x86_64.rpm openchange-client-1.0-7.el6_6.x86_64.rpm openchange-debuginfo-1.0-7.el6_6.x86_64.rpm openchange-devel-1.0-7.el6_6.x86_64.rpm openchange-devel-docs-1.0-7.el6_6.x86_64.rpm pyldb-devel-1.1.25-2.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2113 https://access.redhat.com/security/cve/CVE-2016-2114 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#critical https://www.samba.org/samba/history/samba-4.2.10.html https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDWt0XlSAg2UNWIIRArsGAJ9p5AGoGq4zBzB+5A/zyjpBQHEU6QCfVEKS NrofnuCBUq+Q1qucqIpT/gE= =6alT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 21:41:21 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2016 17:41:21 -0400 Subject: [RHSA-2016:0625-01] Important: samba security update Message-ID: <201604122141.u3CLfLJS012521@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba security update Advisory ID: RHSA-2016:0625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0625.html Issue date: 2016-04-12 CVE Names: CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 4 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: samba-3.0.33-3.37.el4.src.rpm i386: samba-3.0.33-3.37.el4.i386.rpm samba-client-3.0.33-3.37.el4.i386.rpm samba-common-3.0.33-3.37.el4.i386.rpm samba-debuginfo-3.0.33-3.37.el4.i386.rpm samba-swat-3.0.33-3.37.el4.i386.rpm ia64: samba-3.0.33-3.37.el4.ia64.rpm samba-client-3.0.33-3.37.el4.ia64.rpm samba-common-3.0.33-3.37.el4.i386.rpm samba-common-3.0.33-3.37.el4.ia64.rpm samba-debuginfo-3.0.33-3.37.el4.i386.rpm samba-debuginfo-3.0.33-3.37.el4.ia64.rpm samba-swat-3.0.33-3.37.el4.ia64.rpm x86_64: samba-3.0.33-3.37.el4.x86_64.rpm samba-client-3.0.33-3.37.el4.x86_64.rpm samba-common-3.0.33-3.37.el4.i386.rpm samba-common-3.0.33-3.37.el4.x86_64.rpm samba-debuginfo-3.0.33-3.37.el4.i386.rpm samba-debuginfo-3.0.33-3.37.el4.x86_64.rpm samba-swat-3.0.33-3.37.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: samba-3.0.33-3.37.el4.src.rpm i386: samba-3.0.33-3.37.el4.i386.rpm samba-client-3.0.33-3.37.el4.i386.rpm samba-common-3.0.33-3.37.el4.i386.rpm samba-debuginfo-3.0.33-3.37.el4.i386.rpm samba-swat-3.0.33-3.37.el4.i386.rpm x86_64: samba-3.0.33-3.37.el4.x86_64.rpm samba-client-3.0.33-3.37.el4.x86_64.rpm samba-common-3.0.33-3.37.el4.i386.rpm samba-common-3.0.33-3.37.el4.x86_64.rpm samba-debuginfo-3.0.33-3.37.el4.i386.rpm samba-debuginfo-3.0.33-3.37.el4.x86_64.rpm samba-swat-3.0.33-3.37.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDWt/XlSAg2UNWIIRAkJwAKCmf+NjM/zGdtYJ4v4AeEOp3XG2pgCeOd0T 7WUsQE0oTDuSC8D+58bRrcw= =f4Ey -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 13 01:34:19 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Apr 2016 01:34:19 +0000 Subject: [RHSA-2016:0612-01] Critical: samba and samba4 security, bug fix, and enhancement update Message-ID: <201604130134.u3D1YJa2019501@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba and samba4 security, bug fix, and enhancement update Advisory ID: RHSA-2016:0612-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0612.html Issue date: 2016-04-12 Updated on: 2016-04-13 CVE Names: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1311910 - CVE-2016-2113 samba: Server certificates not validated at client side 1312082 - CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ipa-3.0.0-47.el6_7.2.src.rpm libldb-1.1.25-2.el6_7.src.rpm libtalloc-2.1.5-1.el6_7.src.rpm libtdb-1.3.8-1.el6_7.src.rpm libtevent-0.9.26-2.el6_7.src.rpm openchange-1.0-7.el6_7.src.rpm samba4-4.2.10-6.el6_7.src.rpm i386: ipa-client-3.0.0-47.el6_7.2.i686.rpm ipa-debuginfo-3.0.0-47.el6_7.2.i686.rpm ipa-python-3.0.0-47.el6_7.2.i686.rpm libldb-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libldb-devel-1.1.25-2.el6_7.i686.rpm libtalloc-2.1.5-1.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtalloc-devel-2.1.5-1.el6_7.i686.rpm libtdb-1.3.8-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm libtdb-devel-1.3.8-1.el6_7.i686.rpm libtevent-0.9.26-2.el6_7.i686.rpm libtevent-debuginfo-0.9.26-2.el6_7.i686.rpm libtevent-devel-0.9.26-2.el6_7.i686.rpm openchange-1.0-7.el6_7.i686.rpm openchange-debuginfo-1.0-7.el6_7.i686.rpm pyldb-1.1.25-2.el6_7.i686.rpm pytalloc-2.1.5-1.el6_7.i686.rpm python-tdb-1.3.8-1.el6_7.i686.rpm python-tevent-0.9.26-2.el6_7.i686.rpm samba4-4.2.10-6.el6_7.i686.rpm samba4-client-4.2.10-6.el6_7.i686.rpm samba4-common-4.2.10-6.el6_7.i686.rpm samba4-dc-4.2.10-6.el6_7.i686.rpm samba4-dc-libs-4.2.10-6.el6_7.i686.rpm samba4-debuginfo-4.2.10-6.el6_7.i686.rpm samba4-devel-4.2.10-6.el6_7.i686.rpm samba4-libs-4.2.10-6.el6_7.i686.rpm samba4-pidl-4.2.10-6.el6_7.i686.rpm samba4-python-4.2.10-6.el6_7.i686.rpm samba4-test-4.2.10-6.el6_7.i686.rpm samba4-winbind-4.2.10-6.el6_7.i686.rpm samba4-winbind-clients-4.2.10-6.el6_7.i686.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.i686.rpm x86_64: ipa-client-3.0.0-47.el6_7.2.x86_64.rpm ipa-debuginfo-3.0.0-47.el6_7.2.x86_64.rpm ipa-python-3.0.0-47.el6_7.2.x86_64.rpm libldb-1.1.25-2.el6_7.i686.rpm libldb-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libldb-devel-1.1.25-2.el6_7.i686.rpm libldb-devel-1.1.25-2.el6_7.x86_64.rpm libtalloc-2.1.5-1.el6_7.i686.rpm libtalloc-2.1.5-1.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm libtalloc-devel-2.1.5-1.el6_7.i686.rpm libtalloc-devel-2.1.5-1.el6_7.x86_64.rpm libtdb-1.3.8-1.el6_7.i686.rpm libtdb-1.3.8-1.el6_7.x86_64.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.x86_64.rpm libtdb-devel-1.3.8-1.el6_7.i686.rpm libtdb-devel-1.3.8-1.el6_7.x86_64.rpm libtevent-0.9.26-2.el6_7.i686.rpm libtevent-0.9.26-2.el6_7.x86_64.rpm libtevent-debuginfo-0.9.26-2.el6_7.i686.rpm libtevent-debuginfo-0.9.26-2.el6_7.x86_64.rpm libtevent-devel-0.9.26-2.el6_7.i686.rpm libtevent-devel-0.9.26-2.el6_7.x86_64.rpm openchange-1.0-7.el6_7.x86_64.rpm openchange-debuginfo-1.0-7.el6_7.x86_64.rpm pyldb-1.1.25-2.el6_7.x86_64.rpm pytalloc-2.1.5-1.el6_7.x86_64.rpm python-tdb-1.3.8-1.el6_7.x86_64.rpm python-tevent-0.9.26-2.el6_7.x86_64.rpm samba4-4.2.10-6.el6_7.x86_64.rpm samba4-client-4.2.10-6.el6_7.x86_64.rpm samba4-common-4.2.10-6.el6_7.x86_64.rpm samba4-dc-4.2.10-6.el6_7.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_7.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_7.x86_64.rpm samba4-devel-4.2.10-6.el6_7.x86_64.rpm samba4-libs-4.2.10-6.el6_7.x86_64.rpm samba4-pidl-4.2.10-6.el6_7.x86_64.rpm samba4-python-4.2.10-6.el6_7.x86_64.rpm samba4-test-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ipa-admintools-3.0.0-47.el6_7.2.i686.rpm ipa-debuginfo-3.0.0-47.el6_7.2.i686.rpm ipa-server-3.0.0-47.el6_7.2.i686.rpm ipa-server-selinux-3.0.0-47.el6_7.2.i686.rpm ipa-server-trust-ad-3.0.0-47.el6_7.2.i686.rpm ldb-tools-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm openchange-client-1.0-7.el6_7.i686.rpm openchange-debuginfo-1.0-7.el6_7.i686.rpm openchange-devel-1.0-7.el6_7.i686.rpm openchange-devel-docs-1.0-7.el6_7.i686.rpm pyldb-devel-1.1.25-2.el6_7.i686.rpm pytalloc-devel-2.1.5-1.el6_7.i686.rpm tdb-tools-1.3.8-1.el6_7.i686.rpm x86_64: ipa-admintools-3.0.0-47.el6_7.2.x86_64.rpm ipa-debuginfo-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-selinux-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6_7.2.x86_64.rpm ldb-tools-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm libtdb-debuginfo-1.3.8-1.el6_7.x86_64.rpm openchange-client-1.0-7.el6_7.x86_64.rpm openchange-debuginfo-1.0-7.el6_7.x86_64.rpm openchange-devel-1.0-7.el6_7.x86_64.rpm openchange-devel-docs-1.0-7.el6_7.x86_64.rpm pyldb-devel-1.1.25-2.el6_7.x86_64.rpm pytalloc-devel-2.1.5-1.el6_7.x86_64.rpm tdb-tools-1.3.8-1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ipa-3.0.0-47.el6_7.2.src.rpm libldb-1.1.25-2.el6_7.src.rpm libtalloc-2.1.5-1.el6_7.src.rpm libtdb-1.3.8-1.el6_7.src.rpm libtevent-0.9.26-2.el6_7.src.rpm samba4-4.2.10-6.el6_7.src.rpm x86_64: ipa-client-3.0.0-47.el6_7.2.x86_64.rpm ipa-debuginfo-3.0.0-47.el6_7.2.x86_64.rpm ipa-python-3.0.0-47.el6_7.2.x86_64.rpm libldb-1.1.25-2.el6_7.i686.rpm libldb-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libldb-devel-1.1.25-2.el6_7.i686.rpm libldb-devel-1.1.25-2.el6_7.x86_64.rpm libtalloc-2.1.5-1.el6_7.i686.rpm libtalloc-2.1.5-1.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm libtalloc-devel-2.1.5-1.el6_7.i686.rpm libtalloc-devel-2.1.5-1.el6_7.x86_64.rpm libtdb-1.3.8-1.el6_7.i686.rpm libtdb-1.3.8-1.el6_7.x86_64.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.x86_64.rpm libtdb-devel-1.3.8-1.el6_7.i686.rpm libtdb-devel-1.3.8-1.el6_7.x86_64.rpm libtevent-0.9.26-2.el6_7.i686.rpm libtevent-0.9.26-2.el6_7.x86_64.rpm libtevent-debuginfo-0.9.26-2.el6_7.i686.rpm libtevent-debuginfo-0.9.26-2.el6_7.x86_64.rpm libtevent-devel-0.9.26-2.el6_7.i686.rpm libtevent-devel-0.9.26-2.el6_7.x86_64.rpm pyldb-1.1.25-2.el6_7.x86_64.rpm pytalloc-2.1.5-1.el6_7.x86_64.rpm python-tdb-1.3.8-1.el6_7.x86_64.rpm python-tevent-0.9.26-2.el6_7.x86_64.rpm samba4-4.2.10-6.el6_7.x86_64.rpm samba4-client-4.2.10-6.el6_7.x86_64.rpm samba4-common-4.2.10-6.el6_7.x86_64.rpm samba4-dc-4.2.10-6.el6_7.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_7.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_7.x86_64.rpm samba4-devel-4.2.10-6.el6_7.x86_64.rpm samba4-libs-4.2.10-6.el6_7.x86_64.rpm samba4-pidl-4.2.10-6.el6_7.x86_64.rpm samba4-python-4.2.10-6.el6_7.x86_64.rpm samba4-test-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: ipa-admintools-3.0.0-47.el6_7.2.x86_64.rpm ipa-debuginfo-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-selinux-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6_7.2.x86_64.rpm ldb-tools-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm libtdb-debuginfo-1.3.8-1.el6_7.x86_64.rpm pyldb-devel-1.1.25-2.el6_7.x86_64.rpm pytalloc-devel-2.1.5-1.el6_7.x86_64.rpm tdb-tools-1.3.8-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ipa-3.0.0-47.el6_7.2.src.rpm libldb-1.1.25-2.el6_7.src.rpm libtalloc-2.1.5-1.el6_7.src.rpm libtdb-1.3.8-1.el6_7.src.rpm libtevent-0.9.26-2.el6_7.src.rpm samba4-4.2.10-6.el6_7.src.rpm i386: ipa-admintools-3.0.0-47.el6_7.2.i686.rpm ipa-client-3.0.0-47.el6_7.2.i686.rpm ipa-debuginfo-3.0.0-47.el6_7.2.i686.rpm ipa-python-3.0.0-47.el6_7.2.i686.rpm ipa-server-3.0.0-47.el6_7.2.i686.rpm ipa-server-selinux-3.0.0-47.el6_7.2.i686.rpm ipa-server-trust-ad-3.0.0-47.el6_7.2.i686.rpm libldb-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libldb-devel-1.1.25-2.el6_7.i686.rpm libtalloc-2.1.5-1.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtalloc-devel-2.1.5-1.el6_7.i686.rpm libtdb-1.3.8-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm libtdb-devel-1.3.8-1.el6_7.i686.rpm libtevent-0.9.26-2.el6_7.i686.rpm libtevent-debuginfo-0.9.26-2.el6_7.i686.rpm libtevent-devel-0.9.26-2.el6_7.i686.rpm pyldb-1.1.25-2.el6_7.i686.rpm pytalloc-2.1.5-1.el6_7.i686.rpm python-tdb-1.3.8-1.el6_7.i686.rpm python-tevent-0.9.26-2.el6_7.i686.rpm samba4-4.2.10-6.el6_7.i686.rpm samba4-client-4.2.10-6.el6_7.i686.rpm samba4-common-4.2.10-6.el6_7.i686.rpm samba4-dc-4.2.10-6.el6_7.i686.rpm samba4-dc-libs-4.2.10-6.el6_7.i686.rpm samba4-debuginfo-4.2.10-6.el6_7.i686.rpm samba4-devel-4.2.10-6.el6_7.i686.rpm samba4-libs-4.2.10-6.el6_7.i686.rpm samba4-pidl-4.2.10-6.el6_7.i686.rpm samba4-python-4.2.10-6.el6_7.i686.rpm samba4-test-4.2.10-6.el6_7.i686.rpm samba4-winbind-4.2.10-6.el6_7.i686.rpm samba4-winbind-clients-4.2.10-6.el6_7.i686.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.i686.rpm tdb-tools-1.3.8-1.el6_7.i686.rpm ppc64: ipa-admintools-3.0.0-47.el6_7.2.ppc64.rpm ipa-client-3.0.0-47.el6_7.2.ppc64.rpm ipa-debuginfo-3.0.0-47.el6_7.2.ppc64.rpm ipa-python-3.0.0-47.el6_7.2.ppc64.rpm libldb-1.1.25-2.el6_7.ppc.rpm libldb-1.1.25-2.el6_7.ppc64.rpm libldb-debuginfo-1.1.25-2.el6_7.ppc.rpm libldb-debuginfo-1.1.25-2.el6_7.ppc64.rpm libldb-devel-1.1.25-2.el6_7.ppc.rpm libldb-devel-1.1.25-2.el6_7.ppc64.rpm libtalloc-2.1.5-1.el6_7.ppc.rpm libtalloc-2.1.5-1.el6_7.ppc64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.ppc.rpm libtalloc-debuginfo-2.1.5-1.el6_7.ppc64.rpm libtalloc-devel-2.1.5-1.el6_7.ppc.rpm libtalloc-devel-2.1.5-1.el6_7.ppc64.rpm libtdb-1.3.8-1.el6_7.ppc.rpm libtdb-1.3.8-1.el6_7.ppc64.rpm libtdb-debuginfo-1.3.8-1.el6_7.ppc.rpm libtdb-debuginfo-1.3.8-1.el6_7.ppc64.rpm libtdb-devel-1.3.8-1.el6_7.ppc.rpm libtdb-devel-1.3.8-1.el6_7.ppc64.rpm libtevent-0.9.26-2.el6_7.ppc.rpm libtevent-0.9.26-2.el6_7.ppc64.rpm libtevent-debuginfo-0.9.26-2.el6_7.ppc.rpm libtevent-debuginfo-0.9.26-2.el6_7.ppc64.rpm libtevent-devel-0.9.26-2.el6_7.ppc.rpm libtevent-devel-0.9.26-2.el6_7.ppc64.rpm pyldb-1.1.25-2.el6_7.ppc64.rpm pytalloc-2.1.5-1.el6_7.ppc64.rpm python-tdb-1.3.8-1.el6_7.ppc64.rpm python-tevent-0.9.26-2.el6_7.ppc64.rpm samba4-4.2.10-6.el6_7.ppc64.rpm samba4-client-4.2.10-6.el6_7.ppc64.rpm samba4-common-4.2.10-6.el6_7.ppc64.rpm samba4-dc-4.2.10-6.el6_7.ppc64.rpm samba4-dc-libs-4.2.10-6.el6_7.ppc64.rpm samba4-debuginfo-4.2.10-6.el6_7.ppc64.rpm samba4-devel-4.2.10-6.el6_7.ppc64.rpm samba4-libs-4.2.10-6.el6_7.ppc64.rpm samba4-pidl-4.2.10-6.el6_7.ppc64.rpm samba4-python-4.2.10-6.el6_7.ppc64.rpm samba4-test-4.2.10-6.el6_7.ppc64.rpm samba4-winbind-4.2.10-6.el6_7.ppc64.rpm samba4-winbind-clients-4.2.10-6.el6_7.ppc64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.ppc64.rpm tdb-tools-1.3.8-1.el6_7.ppc64.rpm s390x: ipa-admintools-3.0.0-47.el6_7.2.s390x.rpm ipa-client-3.0.0-47.el6_7.2.s390x.rpm ipa-debuginfo-3.0.0-47.el6_7.2.s390x.rpm ipa-python-3.0.0-47.el6_7.2.s390x.rpm libldb-1.1.25-2.el6_7.s390.rpm libldb-1.1.25-2.el6_7.s390x.rpm libldb-debuginfo-1.1.25-2.el6_7.s390.rpm libldb-debuginfo-1.1.25-2.el6_7.s390x.rpm libldb-devel-1.1.25-2.el6_7.s390.rpm libldb-devel-1.1.25-2.el6_7.s390x.rpm libtalloc-2.1.5-1.el6_7.s390.rpm libtalloc-2.1.5-1.el6_7.s390x.rpm libtalloc-debuginfo-2.1.5-1.el6_7.s390.rpm libtalloc-debuginfo-2.1.5-1.el6_7.s390x.rpm libtalloc-devel-2.1.5-1.el6_7.s390.rpm libtalloc-devel-2.1.5-1.el6_7.s390x.rpm libtdb-1.3.8-1.el6_7.s390.rpm libtdb-1.3.8-1.el6_7.s390x.rpm libtdb-debuginfo-1.3.8-1.el6_7.s390.rpm libtdb-debuginfo-1.3.8-1.el6_7.s390x.rpm libtdb-devel-1.3.8-1.el6_7.s390.rpm libtdb-devel-1.3.8-1.el6_7.s390x.rpm libtevent-0.9.26-2.el6_7.s390.rpm libtevent-0.9.26-2.el6_7.s390x.rpm libtevent-debuginfo-0.9.26-2.el6_7.s390.rpm libtevent-debuginfo-0.9.26-2.el6_7.s390x.rpm libtevent-devel-0.9.26-2.el6_7.s390.rpm libtevent-devel-0.9.26-2.el6_7.s390x.rpm pyldb-1.1.25-2.el6_7.s390x.rpm pytalloc-2.1.5-1.el6_7.s390x.rpm python-tdb-1.3.8-1.el6_7.s390x.rpm python-tevent-0.9.26-2.el6_7.s390x.rpm samba4-4.2.10-6.el6_7.s390x.rpm samba4-client-4.2.10-6.el6_7.s390x.rpm samba4-common-4.2.10-6.el6_7.s390x.rpm samba4-dc-4.2.10-6.el6_7.s390x.rpm samba4-dc-libs-4.2.10-6.el6_7.s390x.rpm samba4-debuginfo-4.2.10-6.el6_7.s390x.rpm samba4-devel-4.2.10-6.el6_7.s390x.rpm samba4-libs-4.2.10-6.el6_7.s390x.rpm samba4-pidl-4.2.10-6.el6_7.s390x.rpm samba4-python-4.2.10-6.el6_7.s390x.rpm samba4-test-4.2.10-6.el6_7.s390x.rpm samba4-winbind-4.2.10-6.el6_7.s390x.rpm samba4-winbind-clients-4.2.10-6.el6_7.s390x.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.s390x.rpm tdb-tools-1.3.8-1.el6_7.s390x.rpm x86_64: ipa-admintools-3.0.0-47.el6_7.2.x86_64.rpm ipa-client-3.0.0-47.el6_7.2.x86_64.rpm ipa-debuginfo-3.0.0-47.el6_7.2.x86_64.rpm ipa-python-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-selinux-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6_7.2.x86_64.rpm libldb-1.1.25-2.el6_7.i686.rpm libldb-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libldb-devel-1.1.25-2.el6_7.i686.rpm libldb-devel-1.1.25-2.el6_7.x86_64.rpm libtalloc-2.1.5-1.el6_7.i686.rpm libtalloc-2.1.5-1.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm libtalloc-devel-2.1.5-1.el6_7.i686.rpm libtalloc-devel-2.1.5-1.el6_7.x86_64.rpm libtdb-1.3.8-1.el6_7.i686.rpm libtdb-1.3.8-1.el6_7.x86_64.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.x86_64.rpm libtdb-devel-1.3.8-1.el6_7.i686.rpm libtdb-devel-1.3.8-1.el6_7.x86_64.rpm libtevent-0.9.26-2.el6_7.i686.rpm libtevent-0.9.26-2.el6_7.x86_64.rpm libtevent-debuginfo-0.9.26-2.el6_7.i686.rpm libtevent-debuginfo-0.9.26-2.el6_7.x86_64.rpm libtevent-devel-0.9.26-2.el6_7.i686.rpm libtevent-devel-0.9.26-2.el6_7.x86_64.rpm pyldb-1.1.25-2.el6_7.x86_64.rpm pytalloc-2.1.5-1.el6_7.x86_64.rpm python-tdb-1.3.8-1.el6_7.x86_64.rpm python-tevent-0.9.26-2.el6_7.x86_64.rpm samba4-4.2.10-6.el6_7.x86_64.rpm samba4-client-4.2.10-6.el6_7.x86_64.rpm samba4-common-4.2.10-6.el6_7.x86_64.rpm samba4-dc-4.2.10-6.el6_7.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_7.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_7.x86_64.rpm samba4-devel-4.2.10-6.el6_7.x86_64.rpm samba4-libs-4.2.10-6.el6_7.x86_64.rpm samba4-pidl-4.2.10-6.el6_7.x86_64.rpm samba4-python-4.2.10-6.el6_7.x86_64.rpm samba4-test-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.x86_64.rpm tdb-tools-1.3.8-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: openchange-1.0-7.el6_7.src.rpm i386: ldb-tools-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm openchange-1.0-7.el6_7.i686.rpm openchange-client-1.0-7.el6_7.i686.rpm openchange-debuginfo-1.0-7.el6_7.i686.rpm openchange-devel-1.0-7.el6_7.i686.rpm openchange-devel-docs-1.0-7.el6_7.i686.rpm pyldb-devel-1.1.25-2.el6_7.i686.rpm pytalloc-devel-2.1.5-1.el6_7.i686.rpm ppc64: ldb-tools-1.1.25-2.el6_7.ppc64.rpm libldb-debuginfo-1.1.25-2.el6_7.ppc64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.ppc64.rpm openchange-1.0-7.el6_7.ppc64.rpm openchange-client-1.0-7.el6_7.ppc64.rpm openchange-debuginfo-1.0-7.el6_7.ppc64.rpm openchange-devel-1.0-7.el6_7.ppc64.rpm openchange-devel-docs-1.0-7.el6_7.ppc64.rpm pyldb-devel-1.1.25-2.el6_7.ppc64.rpm pytalloc-devel-2.1.5-1.el6_7.ppc64.rpm s390x: ldb-tools-1.1.25-2.el6_7.s390x.rpm libldb-debuginfo-1.1.25-2.el6_7.s390x.rpm libtalloc-debuginfo-2.1.5-1.el6_7.s390x.rpm openchange-1.0-7.el6_7.s390x.rpm openchange-client-1.0-7.el6_7.s390x.rpm openchange-debuginfo-1.0-7.el6_7.s390x.rpm openchange-devel-1.0-7.el6_7.s390x.rpm openchange-devel-docs-1.0-7.el6_7.s390x.rpm pyldb-devel-1.1.25-2.el6_7.s390x.rpm pytalloc-devel-2.1.5-1.el6_7.s390x.rpm x86_64: ldb-tools-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm openchange-1.0-7.el6_7.x86_64.rpm openchange-client-1.0-7.el6_7.x86_64.rpm openchange-debuginfo-1.0-7.el6_7.x86_64.rpm openchange-devel-1.0-7.el6_7.x86_64.rpm openchange-devel-docs-1.0-7.el6_7.x86_64.rpm pyldb-devel-1.1.25-2.el6_7.x86_64.rpm pytalloc-devel-2.1.5-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ipa-3.0.0-47.el6_7.2.src.rpm libldb-1.1.25-2.el6_7.src.rpm libtalloc-2.1.5-1.el6_7.src.rpm libtdb-1.3.8-1.el6_7.src.rpm libtevent-0.9.26-2.el6_7.src.rpm openchange-1.0-7.el6_7.src.rpm samba4-4.2.10-6.el6_7.src.rpm i386: ipa-admintools-3.0.0-47.el6_7.2.i686.rpm ipa-client-3.0.0-47.el6_7.2.i686.rpm ipa-debuginfo-3.0.0-47.el6_7.2.i686.rpm ipa-python-3.0.0-47.el6_7.2.i686.rpm ipa-server-3.0.0-47.el6_7.2.i686.rpm ipa-server-selinux-3.0.0-47.el6_7.2.i686.rpm ipa-server-trust-ad-3.0.0-47.el6_7.2.i686.rpm libldb-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libldb-devel-1.1.25-2.el6_7.i686.rpm libtalloc-2.1.5-1.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtalloc-devel-2.1.5-1.el6_7.i686.rpm libtdb-1.3.8-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm libtdb-devel-1.3.8-1.el6_7.i686.rpm libtevent-0.9.26-2.el6_7.i686.rpm libtevent-debuginfo-0.9.26-2.el6_7.i686.rpm libtevent-devel-0.9.26-2.el6_7.i686.rpm openchange-1.0-7.el6_7.i686.rpm openchange-debuginfo-1.0-7.el6_7.i686.rpm pyldb-1.1.25-2.el6_7.i686.rpm pytalloc-2.1.5-1.el6_7.i686.rpm python-tdb-1.3.8-1.el6_7.i686.rpm python-tevent-0.9.26-2.el6_7.i686.rpm samba4-4.2.10-6.el6_7.i686.rpm samba4-client-4.2.10-6.el6_7.i686.rpm samba4-common-4.2.10-6.el6_7.i686.rpm samba4-dc-4.2.10-6.el6_7.i686.rpm samba4-dc-libs-4.2.10-6.el6_7.i686.rpm samba4-debuginfo-4.2.10-6.el6_7.i686.rpm samba4-devel-4.2.10-6.el6_7.i686.rpm samba4-libs-4.2.10-6.el6_7.i686.rpm samba4-pidl-4.2.10-6.el6_7.i686.rpm samba4-python-4.2.10-6.el6_7.i686.rpm samba4-test-4.2.10-6.el6_7.i686.rpm samba4-winbind-4.2.10-6.el6_7.i686.rpm samba4-winbind-clients-4.2.10-6.el6_7.i686.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.i686.rpm tdb-tools-1.3.8-1.el6_7.i686.rpm x86_64: ipa-admintools-3.0.0-47.el6_7.2.x86_64.rpm ipa-client-3.0.0-47.el6_7.2.x86_64.rpm ipa-debuginfo-3.0.0-47.el6_7.2.x86_64.rpm ipa-python-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-selinux-3.0.0-47.el6_7.2.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6_7.2.x86_64.rpm libldb-1.1.25-2.el6_7.i686.rpm libldb-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libldb-devel-1.1.25-2.el6_7.i686.rpm libldb-devel-1.1.25-2.el6_7.x86_64.rpm libtalloc-2.1.5-1.el6_7.i686.rpm libtalloc-2.1.5-1.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm libtalloc-devel-2.1.5-1.el6_7.i686.rpm libtalloc-devel-2.1.5-1.el6_7.x86_64.rpm libtdb-1.3.8-1.el6_7.i686.rpm libtdb-1.3.8-1.el6_7.x86_64.rpm libtdb-debuginfo-1.3.8-1.el6_7.i686.rpm libtdb-debuginfo-1.3.8-1.el6_7.x86_64.rpm libtdb-devel-1.3.8-1.el6_7.i686.rpm libtdb-devel-1.3.8-1.el6_7.x86_64.rpm libtevent-0.9.26-2.el6_7.i686.rpm libtevent-0.9.26-2.el6_7.x86_64.rpm libtevent-debuginfo-0.9.26-2.el6_7.i686.rpm libtevent-debuginfo-0.9.26-2.el6_7.x86_64.rpm libtevent-devel-0.9.26-2.el6_7.i686.rpm libtevent-devel-0.9.26-2.el6_7.x86_64.rpm openchange-1.0-7.el6_7.x86_64.rpm openchange-debuginfo-1.0-7.el6_7.x86_64.rpm pyldb-1.1.25-2.el6_7.x86_64.rpm pytalloc-2.1.5-1.el6_7.x86_64.rpm python-tdb-1.3.8-1.el6_7.x86_64.rpm python-tevent-0.9.26-2.el6_7.x86_64.rpm samba4-4.2.10-6.el6_7.x86_64.rpm samba4-client-4.2.10-6.el6_7.x86_64.rpm samba4-common-4.2.10-6.el6_7.x86_64.rpm samba4-dc-4.2.10-6.el6_7.x86_64.rpm samba4-dc-libs-4.2.10-6.el6_7.x86_64.rpm samba4-debuginfo-4.2.10-6.el6_7.x86_64.rpm samba4-devel-4.2.10-6.el6_7.x86_64.rpm samba4-libs-4.2.10-6.el6_7.x86_64.rpm samba4-pidl-4.2.10-6.el6_7.x86_64.rpm samba4-python-4.2.10-6.el6_7.x86_64.rpm samba4-test-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-clients-4.2.10-6.el6_7.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-6.el6_7.x86_64.rpm tdb-tools-1.3.8-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ldb-tools-1.1.25-2.el6_7.i686.rpm libldb-debuginfo-1.1.25-2.el6_7.i686.rpm libtalloc-debuginfo-2.1.5-1.el6_7.i686.rpm openchange-client-1.0-7.el6_7.i686.rpm openchange-debuginfo-1.0-7.el6_7.i686.rpm openchange-devel-1.0-7.el6_7.i686.rpm openchange-devel-docs-1.0-7.el6_7.i686.rpm pyldb-devel-1.1.25-2.el6_7.i686.rpm pytalloc-devel-2.1.5-1.el6_7.i686.rpm x86_64: ldb-tools-1.1.25-2.el6_7.x86_64.rpm libldb-debuginfo-1.1.25-2.el6_7.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el6_7.x86_64.rpm openchange-client-1.0-7.el6_7.x86_64.rpm openchange-debuginfo-1.0-7.el6_7.x86_64.rpm openchange-devel-1.0-7.el6_7.x86_64.rpm openchange-devel-docs-1.0-7.el6_7.x86_64.rpm pyldb-devel-1.1.25-2.el6_7.x86_64.rpm pytalloc-devel-2.1.5-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ipa-4.2.0-15.el7_2.6.1.src.rpm libldb-1.1.25-1.el7_2.src.rpm libtalloc-2.1.5-1.el7_2.src.rpm libtdb-1.3.8-1.el7_2.src.rpm libtevent-0.9.26-1.el7_2.src.rpm openchange-2.0-10.el7_2.src.rpm samba-4.2.10-6.el7_2.src.rpm noarch: samba-common-4.2.10-6.el7_2.noarch.rpm x86_64: ipa-client-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-python-4.2.0-15.el7_2.6.1.x86_64.rpm libldb-1.1.25-1.el7_2.i686.rpm libldb-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libsmbclient-4.2.10-6.el7_2.i686.rpm libsmbclient-4.2.10-6.el7_2.x86_64.rpm libtalloc-2.1.5-1.el7_2.i686.rpm libtalloc-2.1.5-1.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtdb-1.3.8-1.el7_2.i686.rpm libtdb-1.3.8-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtevent-0.9.26-1.el7_2.i686.rpm libtevent-0.9.26-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libwbclient-4.2.10-6.el7_2.i686.rpm libwbclient-4.2.10-6.el7_2.x86_64.rpm openchange-2.0-10.el7_2.i686.rpm openchange-2.0-10.el7_2.x86_64.rpm openchange-debuginfo-2.0-10.el7_2.i686.rpm openchange-debuginfo-2.0-10.el7_2.x86_64.rpm pytalloc-2.1.5-1.el7_2.i686.rpm pytalloc-2.1.5-1.el7_2.x86_64.rpm samba-client-4.2.10-6.el7_2.x86_64.rpm samba-client-libs-4.2.10-6.el7_2.i686.rpm samba-client-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-tools-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-libs-4.2.10-6.el7_2.i686.rpm samba-libs-4.2.10-6.el7_2.x86_64.rpm samba-winbind-4.2.10-6.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-6.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-6.el7_2.i686.rpm samba-winbind-modules-4.2.10-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: openchange-devel-docs-2.0-10.el7_2.noarch.rpm samba-pidl-4.2.10-6.el7_2.noarch.rpm x86_64: ipa-admintools-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-dns-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-trust-ad-4.2.0-15.el7_2.6.1.x86_64.rpm ldb-tools-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libldb-devel-1.1.25-1.el7_2.i686.rpm libldb-devel-1.1.25-1.el7_2.x86_64.rpm libsmbclient-devel-4.2.10-6.el7_2.i686.rpm libsmbclient-devel-4.2.10-6.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtalloc-devel-2.1.5-1.el7_2.i686.rpm libtalloc-devel-2.1.5-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtdb-devel-1.3.8-1.el7_2.i686.rpm libtdb-devel-1.3.8-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libtevent-devel-0.9.26-1.el7_2.i686.rpm libtevent-devel-0.9.26-1.el7_2.x86_64.rpm libwbclient-devel-4.2.10-6.el7_2.i686.rpm libwbclient-devel-4.2.10-6.el7_2.x86_64.rpm openchange-client-2.0-10.el7_2.x86_64.rpm openchange-debuginfo-2.0-10.el7_2.i686.rpm openchange-debuginfo-2.0-10.el7_2.x86_64.rpm openchange-devel-2.0-10.el7_2.i686.rpm openchange-devel-2.0-10.el7_2.x86_64.rpm pyldb-1.1.25-1.el7_2.i686.rpm pyldb-1.1.25-1.el7_2.x86_64.rpm pyldb-devel-1.1.25-1.el7_2.i686.rpm pyldb-devel-1.1.25-1.el7_2.x86_64.rpm pytalloc-devel-2.1.5-1.el7_2.i686.rpm pytalloc-devel-2.1.5-1.el7_2.x86_64.rpm python-tdb-1.3.8-1.el7_2.i686.rpm python-tdb-1.3.8-1.el7_2.x86_64.rpm python-tevent-0.9.26-1.el7_2.x86_64.rpm samba-4.2.10-6.el7_2.x86_64.rpm samba-dc-4.2.10-6.el7_2.x86_64.rpm samba-dc-libs-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-devel-4.2.10-6.el7_2.i686.rpm samba-devel-4.2.10-6.el7_2.x86_64.rpm samba-python-4.2.10-6.el7_2.x86_64.rpm samba-test-4.2.10-6.el7_2.x86_64.rpm samba-test-devel-4.2.10-6.el7_2.x86_64.rpm samba-test-libs-4.2.10-6.el7_2.i686.rpm samba-test-libs-4.2.10-6.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-6.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-6.el7_2.x86_64.rpm tdb-tools-1.3.8-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ipa-4.2.0-15.el7_2.6.1.src.rpm libldb-1.1.25-1.el7_2.src.rpm libtalloc-2.1.5-1.el7_2.src.rpm libtdb-1.3.8-1.el7_2.src.rpm libtevent-0.9.26-1.el7_2.src.rpm samba-4.2.10-6.el7_2.src.rpm noarch: samba-common-4.2.10-6.el7_2.noarch.rpm x86_64: ipa-client-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-python-4.2.0-15.el7_2.6.1.x86_64.rpm libldb-1.1.25-1.el7_2.i686.rpm libldb-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libsmbclient-4.2.10-6.el7_2.i686.rpm libsmbclient-4.2.10-6.el7_2.x86_64.rpm libtalloc-2.1.5-1.el7_2.i686.rpm libtalloc-2.1.5-1.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtdb-1.3.8-1.el7_2.i686.rpm libtdb-1.3.8-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtevent-0.9.26-1.el7_2.i686.rpm libtevent-0.9.26-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libwbclient-4.2.10-6.el7_2.i686.rpm libwbclient-4.2.10-6.el7_2.x86_64.rpm pytalloc-2.1.5-1.el7_2.i686.rpm pytalloc-2.1.5-1.el7_2.x86_64.rpm samba-client-4.2.10-6.el7_2.x86_64.rpm samba-client-libs-4.2.10-6.el7_2.i686.rpm samba-client-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-tools-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-libs-4.2.10-6.el7_2.i686.rpm samba-libs-4.2.10-6.el7_2.x86_64.rpm samba-winbind-4.2.10-6.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-6.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-6.el7_2.i686.rpm samba-winbind-modules-4.2.10-6.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: samba-pidl-4.2.10-6.el7_2.noarch.rpm x86_64: ipa-admintools-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-dns-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-trust-ad-4.2.0-15.el7_2.6.1.x86_64.rpm ldb-tools-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libldb-devel-1.1.25-1.el7_2.i686.rpm libldb-devel-1.1.25-1.el7_2.x86_64.rpm libsmbclient-devel-4.2.10-6.el7_2.i686.rpm libsmbclient-devel-4.2.10-6.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtalloc-devel-2.1.5-1.el7_2.i686.rpm libtalloc-devel-2.1.5-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtdb-devel-1.3.8-1.el7_2.i686.rpm libtdb-devel-1.3.8-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libtevent-devel-0.9.26-1.el7_2.i686.rpm libtevent-devel-0.9.26-1.el7_2.x86_64.rpm libwbclient-devel-4.2.10-6.el7_2.i686.rpm libwbclient-devel-4.2.10-6.el7_2.x86_64.rpm pyldb-1.1.25-1.el7_2.i686.rpm pyldb-1.1.25-1.el7_2.x86_64.rpm pyldb-devel-1.1.25-1.el7_2.i686.rpm pyldb-devel-1.1.25-1.el7_2.x86_64.rpm pytalloc-devel-2.1.5-1.el7_2.i686.rpm pytalloc-devel-2.1.5-1.el7_2.x86_64.rpm python-tdb-1.3.8-1.el7_2.i686.rpm python-tdb-1.3.8-1.el7_2.x86_64.rpm python-tevent-0.9.26-1.el7_2.x86_64.rpm samba-4.2.10-6.el7_2.x86_64.rpm samba-dc-4.2.10-6.el7_2.x86_64.rpm samba-dc-libs-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-devel-4.2.10-6.el7_2.i686.rpm samba-devel-4.2.10-6.el7_2.x86_64.rpm samba-python-4.2.10-6.el7_2.x86_64.rpm samba-test-4.2.10-6.el7_2.x86_64.rpm samba-test-devel-4.2.10-6.el7_2.x86_64.rpm samba-test-libs-4.2.10-6.el7_2.i686.rpm samba-test-libs-4.2.10-6.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-6.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-6.el7_2.x86_64.rpm tdb-tools-1.3.8-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ipa-4.2.0-15.el7_2.6.1.src.rpm libldb-1.1.25-1.el7_2.src.rpm libtalloc-2.1.5-1.el7_2.src.rpm libtdb-1.3.8-1.el7_2.src.rpm libtevent-0.9.26-1.el7_2.src.rpm samba-4.2.10-6.el7_2.src.rpm noarch: samba-common-4.2.10-6.el7_2.noarch.rpm ppc64: ipa-admintools-4.2.0-15.el7_2.6.1.ppc64.rpm ipa-client-4.2.0-15.el7_2.6.1.ppc64.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.ppc64.rpm ipa-python-4.2.0-15.el7_2.6.1.ppc64.rpm libldb-1.1.25-1.el7_2.ppc.rpm libldb-1.1.25-1.el7_2.ppc64.rpm libldb-debuginfo-1.1.25-1.el7_2.ppc.rpm libldb-debuginfo-1.1.25-1.el7_2.ppc64.rpm libsmbclient-4.2.10-6.el7_2.ppc.rpm libsmbclient-4.2.10-6.el7_2.ppc64.rpm libtalloc-2.1.5-1.el7_2.ppc.rpm libtalloc-2.1.5-1.el7_2.ppc64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.ppc.rpm libtalloc-debuginfo-2.1.5-1.el7_2.ppc64.rpm libtdb-1.3.8-1.el7_2.ppc.rpm libtdb-1.3.8-1.el7_2.ppc64.rpm libtdb-debuginfo-1.3.8-1.el7_2.ppc.rpm libtdb-debuginfo-1.3.8-1.el7_2.ppc64.rpm libtevent-0.9.26-1.el7_2.ppc.rpm libtevent-0.9.26-1.el7_2.ppc64.rpm libtevent-debuginfo-0.9.26-1.el7_2.ppc.rpm libtevent-debuginfo-0.9.26-1.el7_2.ppc64.rpm libwbclient-4.2.10-6.el7_2.ppc.rpm libwbclient-4.2.10-6.el7_2.ppc64.rpm pytalloc-2.1.5-1.el7_2.ppc.rpm pytalloc-2.1.5-1.el7_2.ppc64.rpm samba-4.2.10-6.el7_2.ppc64.rpm samba-client-4.2.10-6.el7_2.ppc64.rpm samba-client-libs-4.2.10-6.el7_2.ppc.rpm samba-client-libs-4.2.10-6.el7_2.ppc64.rpm samba-common-libs-4.2.10-6.el7_2.ppc64.rpm samba-common-tools-4.2.10-6.el7_2.ppc64.rpm samba-debuginfo-4.2.10-6.el7_2.ppc.rpm samba-debuginfo-4.2.10-6.el7_2.ppc64.rpm samba-libs-4.2.10-6.el7_2.ppc.rpm samba-libs-4.2.10-6.el7_2.ppc64.rpm samba-winbind-4.2.10-6.el7_2.ppc64.rpm samba-winbind-clients-4.2.10-6.el7_2.ppc64.rpm samba-winbind-modules-4.2.10-6.el7_2.ppc.rpm samba-winbind-modules-4.2.10-6.el7_2.ppc64.rpm ppc64le: ipa-admintools-4.2.0-15.el7_2.6.1.ppc64le.rpm ipa-client-4.2.0-15.el7_2.6.1.ppc64le.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.ppc64le.rpm ipa-python-4.2.0-15.el7_2.6.1.ppc64le.rpm libldb-1.1.25-1.el7_2.ppc64le.rpm libldb-debuginfo-1.1.25-1.el7_2.ppc64le.rpm libsmbclient-4.2.10-6.el7_2.ppc64le.rpm libtalloc-2.1.5-1.el7_2.ppc64le.rpm libtalloc-debuginfo-2.1.5-1.el7_2.ppc64le.rpm libtdb-1.3.8-1.el7_2.ppc64le.rpm libtdb-debuginfo-1.3.8-1.el7_2.ppc64le.rpm libtevent-0.9.26-1.el7_2.ppc64le.rpm libtevent-debuginfo-0.9.26-1.el7_2.ppc64le.rpm libwbclient-4.2.10-6.el7_2.ppc64le.rpm pytalloc-2.1.5-1.el7_2.ppc64le.rpm samba-4.2.10-6.el7_2.ppc64le.rpm samba-client-4.2.10-6.el7_2.ppc64le.rpm samba-client-libs-4.2.10-6.el7_2.ppc64le.rpm samba-common-libs-4.2.10-6.el7_2.ppc64le.rpm samba-common-tools-4.2.10-6.el7_2.ppc64le.rpm samba-debuginfo-4.2.10-6.el7_2.ppc64le.rpm samba-libs-4.2.10-6.el7_2.ppc64le.rpm samba-winbind-4.2.10-6.el7_2.ppc64le.rpm samba-winbind-clients-4.2.10-6.el7_2.ppc64le.rpm samba-winbind-modules-4.2.10-6.el7_2.ppc64le.rpm s390x: ipa-admintools-4.2.0-15.el7_2.6.1.s390x.rpm ipa-client-4.2.0-15.el7_2.6.1.s390x.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.s390x.rpm ipa-python-4.2.0-15.el7_2.6.1.s390x.rpm libldb-1.1.25-1.el7_2.s390.rpm libldb-1.1.25-1.el7_2.s390x.rpm libldb-debuginfo-1.1.25-1.el7_2.s390.rpm libldb-debuginfo-1.1.25-1.el7_2.s390x.rpm libsmbclient-4.2.10-6.el7_2.s390.rpm libsmbclient-4.2.10-6.el7_2.s390x.rpm libtalloc-2.1.5-1.el7_2.s390.rpm libtalloc-2.1.5-1.el7_2.s390x.rpm libtalloc-debuginfo-2.1.5-1.el7_2.s390.rpm libtalloc-debuginfo-2.1.5-1.el7_2.s390x.rpm libtdb-1.3.8-1.el7_2.s390.rpm libtdb-1.3.8-1.el7_2.s390x.rpm libtdb-debuginfo-1.3.8-1.el7_2.s390.rpm libtdb-debuginfo-1.3.8-1.el7_2.s390x.rpm libtevent-0.9.26-1.el7_2.s390.rpm libtevent-0.9.26-1.el7_2.s390x.rpm libtevent-debuginfo-0.9.26-1.el7_2.s390.rpm libtevent-debuginfo-0.9.26-1.el7_2.s390x.rpm libwbclient-4.2.10-6.el7_2.s390.rpm libwbclient-4.2.10-6.el7_2.s390x.rpm pytalloc-2.1.5-1.el7_2.s390.rpm pytalloc-2.1.5-1.el7_2.s390x.rpm samba-4.2.10-6.el7_2.s390x.rpm samba-client-4.2.10-6.el7_2.s390x.rpm samba-client-libs-4.2.10-6.el7_2.s390.rpm samba-client-libs-4.2.10-6.el7_2.s390x.rpm samba-common-libs-4.2.10-6.el7_2.s390x.rpm samba-common-tools-4.2.10-6.el7_2.s390x.rpm samba-debuginfo-4.2.10-6.el7_2.s390.rpm samba-debuginfo-4.2.10-6.el7_2.s390x.rpm samba-libs-4.2.10-6.el7_2.s390.rpm samba-libs-4.2.10-6.el7_2.s390x.rpm samba-winbind-4.2.10-6.el7_2.s390x.rpm samba-winbind-clients-4.2.10-6.el7_2.s390x.rpm samba-winbind-modules-4.2.10-6.el7_2.s390.rpm samba-winbind-modules-4.2.10-6.el7_2.s390x.rpm x86_64: ipa-admintools-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-client-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-python-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-dns-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-trust-ad-4.2.0-15.el7_2.6.1.x86_64.rpm libldb-1.1.25-1.el7_2.i686.rpm libldb-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libsmbclient-4.2.10-6.el7_2.i686.rpm libsmbclient-4.2.10-6.el7_2.x86_64.rpm libtalloc-2.1.5-1.el7_2.i686.rpm libtalloc-2.1.5-1.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtdb-1.3.8-1.el7_2.i686.rpm libtdb-1.3.8-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtevent-0.9.26-1.el7_2.i686.rpm libtevent-0.9.26-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libwbclient-4.2.10-6.el7_2.i686.rpm libwbclient-4.2.10-6.el7_2.x86_64.rpm pyldb-1.1.25-1.el7_2.i686.rpm pyldb-1.1.25-1.el7_2.x86_64.rpm pytalloc-2.1.5-1.el7_2.i686.rpm pytalloc-2.1.5-1.el7_2.x86_64.rpm python-tdb-1.3.8-1.el7_2.i686.rpm python-tdb-1.3.8-1.el7_2.x86_64.rpm python-tevent-0.9.26-1.el7_2.x86_64.rpm samba-4.2.10-6.el7_2.x86_64.rpm samba-client-4.2.10-6.el7_2.x86_64.rpm samba-client-libs-4.2.10-6.el7_2.i686.rpm samba-client-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-tools-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-libs-4.2.10-6.el7_2.i686.rpm samba-libs-4.2.10-6.el7_2.x86_64.rpm samba-python-4.2.10-6.el7_2.x86_64.rpm samba-winbind-4.2.10-6.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-6.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-6.el7_2.i686.rpm samba-winbind-modules-4.2.10-6.el7_2.x86_64.rpm tdb-tools-1.3.8-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): x86_64: ctdb-4.2.10-6.el7_2.x86_64.rpm ctdb-devel-4.2.10-6.el7_2.i686.rpm ctdb-devel-4.2.10-6.el7_2.x86_64.rpm ctdb-tests-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: openchange-2.0-10.el7_2.src.rpm noarch: openchange-devel-docs-2.0-10.el7_2.noarch.rpm samba-pidl-4.2.10-6.el7_2.noarch.rpm ppc64: ldb-tools-1.1.25-1.el7_2.ppc64.rpm libldb-debuginfo-1.1.25-1.el7_2.ppc.rpm libldb-debuginfo-1.1.25-1.el7_2.ppc64.rpm libldb-devel-1.1.25-1.el7_2.ppc.rpm libldb-devel-1.1.25-1.el7_2.ppc64.rpm libsmbclient-devel-4.2.10-6.el7_2.ppc.rpm libsmbclient-devel-4.2.10-6.el7_2.ppc64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.ppc.rpm libtalloc-debuginfo-2.1.5-1.el7_2.ppc64.rpm libtalloc-devel-2.1.5-1.el7_2.ppc.rpm libtalloc-devel-2.1.5-1.el7_2.ppc64.rpm libtdb-debuginfo-1.3.8-1.el7_2.ppc.rpm libtdb-debuginfo-1.3.8-1.el7_2.ppc64.rpm libtdb-devel-1.3.8-1.el7_2.ppc.rpm libtdb-devel-1.3.8-1.el7_2.ppc64.rpm libtevent-debuginfo-0.9.26-1.el7_2.ppc.rpm libtevent-debuginfo-0.9.26-1.el7_2.ppc64.rpm libtevent-devel-0.9.26-1.el7_2.ppc.rpm libtevent-devel-0.9.26-1.el7_2.ppc64.rpm libwbclient-devel-4.2.10-6.el7_2.ppc.rpm libwbclient-devel-4.2.10-6.el7_2.ppc64.rpm pyldb-1.1.25-1.el7_2.ppc.rpm pyldb-1.1.25-1.el7_2.ppc64.rpm pyldb-devel-1.1.25-1.el7_2.ppc.rpm pyldb-devel-1.1.25-1.el7_2.ppc64.rpm pytalloc-devel-2.1.5-1.el7_2.ppc.rpm pytalloc-devel-2.1.5-1.el7_2.ppc64.rpm python-tdb-1.3.8-1.el7_2.ppc.rpm python-tdb-1.3.8-1.el7_2.ppc64.rpm python-tevent-0.9.26-1.el7_2.ppc64.rpm samba-dc-4.2.10-6.el7_2.ppc64.rpm samba-dc-libs-4.2.10-6.el7_2.ppc64.rpm samba-debuginfo-4.2.10-6.el7_2.ppc.rpm samba-debuginfo-4.2.10-6.el7_2.ppc64.rpm samba-devel-4.2.10-6.el7_2.ppc.rpm samba-devel-4.2.10-6.el7_2.ppc64.rpm samba-python-4.2.10-6.el7_2.ppc64.rpm samba-test-4.2.10-6.el7_2.ppc64.rpm samba-test-devel-4.2.10-6.el7_2.ppc64.rpm samba-test-libs-4.2.10-6.el7_2.ppc.rpm samba-test-libs-4.2.10-6.el7_2.ppc64.rpm samba-winbind-krb5-locator-4.2.10-6.el7_2.ppc64.rpm tdb-tools-1.3.8-1.el7_2.ppc64.rpm ppc64le: ldb-tools-1.1.25-1.el7_2.ppc64le.rpm libldb-debuginfo-1.1.25-1.el7_2.ppc64le.rpm libldb-devel-1.1.25-1.el7_2.ppc64le.rpm libsmbclient-devel-4.2.10-6.el7_2.ppc64le.rpm libtalloc-debuginfo-2.1.5-1.el7_2.ppc64le.rpm libtalloc-devel-2.1.5-1.el7_2.ppc64le.rpm libtdb-debuginfo-1.3.8-1.el7_2.ppc64le.rpm libtdb-devel-1.3.8-1.el7_2.ppc64le.rpm libtevent-debuginfo-0.9.26-1.el7_2.ppc64le.rpm libtevent-devel-0.9.26-1.el7_2.ppc64le.rpm libwbclient-devel-4.2.10-6.el7_2.ppc64le.rpm openchange-2.0-10.el7_2.ppc64le.rpm openchange-client-2.0-10.el7_2.ppc64le.rpm openchange-debuginfo-2.0-10.el7_2.ppc64le.rpm openchange-devel-2.0-10.el7_2.ppc64le.rpm pyldb-1.1.25-1.el7_2.ppc64le.rpm pyldb-devel-1.1.25-1.el7_2.ppc64le.rpm pytalloc-devel-2.1.5-1.el7_2.ppc64le.rpm python-tdb-1.3.8-1.el7_2.ppc64le.rpm python-tevent-0.9.26-1.el7_2.ppc64le.rpm samba-dc-4.2.10-6.el7_2.ppc64le.rpm samba-dc-libs-4.2.10-6.el7_2.ppc64le.rpm samba-debuginfo-4.2.10-6.el7_2.ppc64le.rpm samba-devel-4.2.10-6.el7_2.ppc64le.rpm samba-python-4.2.10-6.el7_2.ppc64le.rpm samba-test-4.2.10-6.el7_2.ppc64le.rpm samba-test-devel-4.2.10-6.el7_2.ppc64le.rpm samba-test-libs-4.2.10-6.el7_2.ppc64le.rpm samba-winbind-krb5-locator-4.2.10-6.el7_2.ppc64le.rpm tdb-tools-1.3.8-1.el7_2.ppc64le.rpm s390x: ldb-tools-1.1.25-1.el7_2.s390x.rpm libldb-debuginfo-1.1.25-1.el7_2.s390.rpm libldb-debuginfo-1.1.25-1.el7_2.s390x.rpm libldb-devel-1.1.25-1.el7_2.s390.rpm libldb-devel-1.1.25-1.el7_2.s390x.rpm libsmbclient-devel-4.2.10-6.el7_2.s390.rpm libsmbclient-devel-4.2.10-6.el7_2.s390x.rpm libtalloc-debuginfo-2.1.5-1.el7_2.s390.rpm libtalloc-debuginfo-2.1.5-1.el7_2.s390x.rpm libtalloc-devel-2.1.5-1.el7_2.s390.rpm libtalloc-devel-2.1.5-1.el7_2.s390x.rpm libtdb-debuginfo-1.3.8-1.el7_2.s390.rpm libtdb-debuginfo-1.3.8-1.el7_2.s390x.rpm libtdb-devel-1.3.8-1.el7_2.s390.rpm libtdb-devel-1.3.8-1.el7_2.s390x.rpm libtevent-debuginfo-0.9.26-1.el7_2.s390.rpm libtevent-debuginfo-0.9.26-1.el7_2.s390x.rpm libtevent-devel-0.9.26-1.el7_2.s390.rpm libtevent-devel-0.9.26-1.el7_2.s390x.rpm libwbclient-devel-4.2.10-6.el7_2.s390.rpm libwbclient-devel-4.2.10-6.el7_2.s390x.rpm pyldb-1.1.25-1.el7_2.s390.rpm pyldb-1.1.25-1.el7_2.s390x.rpm pyldb-devel-1.1.25-1.el7_2.s390.rpm pyldb-devel-1.1.25-1.el7_2.s390x.rpm pytalloc-devel-2.1.5-1.el7_2.s390.rpm pytalloc-devel-2.1.5-1.el7_2.s390x.rpm python-tdb-1.3.8-1.el7_2.s390.rpm python-tdb-1.3.8-1.el7_2.s390x.rpm python-tevent-0.9.26-1.el7_2.s390x.rpm samba-dc-4.2.10-6.el7_2.s390x.rpm samba-dc-libs-4.2.10-6.el7_2.s390x.rpm samba-debuginfo-4.2.10-6.el7_2.s390.rpm samba-debuginfo-4.2.10-6.el7_2.s390x.rpm samba-devel-4.2.10-6.el7_2.s390.rpm samba-devel-4.2.10-6.el7_2.s390x.rpm samba-python-4.2.10-6.el7_2.s390x.rpm samba-test-4.2.10-6.el7_2.s390x.rpm samba-test-devel-4.2.10-6.el7_2.s390x.rpm samba-test-libs-4.2.10-6.el7_2.s390.rpm samba-test-libs-4.2.10-6.el7_2.s390x.rpm samba-winbind-krb5-locator-4.2.10-6.el7_2.s390x.rpm tdb-tools-1.3.8-1.el7_2.s390x.rpm x86_64: ldb-tools-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libldb-devel-1.1.25-1.el7_2.i686.rpm libldb-devel-1.1.25-1.el7_2.x86_64.rpm libsmbclient-devel-4.2.10-6.el7_2.i686.rpm libsmbclient-devel-4.2.10-6.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtalloc-devel-2.1.5-1.el7_2.i686.rpm libtalloc-devel-2.1.5-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtdb-devel-1.3.8-1.el7_2.i686.rpm libtdb-devel-1.3.8-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libtevent-devel-0.9.26-1.el7_2.i686.rpm libtevent-devel-0.9.26-1.el7_2.x86_64.rpm libwbclient-devel-4.2.10-6.el7_2.i686.rpm libwbclient-devel-4.2.10-6.el7_2.x86_64.rpm openchange-2.0-10.el7_2.i686.rpm openchange-2.0-10.el7_2.x86_64.rpm openchange-client-2.0-10.el7_2.x86_64.rpm openchange-debuginfo-2.0-10.el7_2.i686.rpm openchange-debuginfo-2.0-10.el7_2.x86_64.rpm openchange-devel-2.0-10.el7_2.i686.rpm openchange-devel-2.0-10.el7_2.x86_64.rpm pyldb-devel-1.1.25-1.el7_2.i686.rpm pyldb-devel-1.1.25-1.el7_2.x86_64.rpm pytalloc-devel-2.1.5-1.el7_2.i686.rpm pytalloc-devel-2.1.5-1.el7_2.x86_64.rpm samba-dc-4.2.10-6.el7_2.x86_64.rpm samba-dc-libs-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-devel-4.2.10-6.el7_2.i686.rpm samba-devel-4.2.10-6.el7_2.x86_64.rpm samba-test-4.2.10-6.el7_2.x86_64.rpm samba-test-devel-4.2.10-6.el7_2.x86_64.rpm samba-test-libs-4.2.10-6.el7_2.i686.rpm samba-test-libs-4.2.10-6.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-6.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ipa-4.2.0-15.el7_2.6.1.src.rpm libldb-1.1.25-1.el7_2.src.rpm libtalloc-2.1.5-1.el7_2.src.rpm libtdb-1.3.8-1.el7_2.src.rpm libtevent-0.9.26-1.el7_2.src.rpm openchange-2.0-10.el7_2.src.rpm samba-4.2.10-6.el7_2.src.rpm noarch: samba-common-4.2.10-6.el7_2.noarch.rpm x86_64: ipa-admintools-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-client-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-debuginfo-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-python-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-dns-4.2.0-15.el7_2.6.1.x86_64.rpm ipa-server-trust-ad-4.2.0-15.el7_2.6.1.x86_64.rpm libldb-1.1.25-1.el7_2.i686.rpm libldb-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libsmbclient-4.2.10-6.el7_2.i686.rpm libsmbclient-4.2.10-6.el7_2.x86_64.rpm libtalloc-2.1.5-1.el7_2.i686.rpm libtalloc-2.1.5-1.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtdb-1.3.8-1.el7_2.i686.rpm libtdb-1.3.8-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtevent-0.9.26-1.el7_2.i686.rpm libtevent-0.9.26-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libwbclient-4.2.10-6.el7_2.i686.rpm libwbclient-4.2.10-6.el7_2.x86_64.rpm openchange-2.0-10.el7_2.i686.rpm openchange-2.0-10.el7_2.x86_64.rpm openchange-debuginfo-2.0-10.el7_2.i686.rpm openchange-debuginfo-2.0-10.el7_2.x86_64.rpm pyldb-1.1.25-1.el7_2.i686.rpm pyldb-1.1.25-1.el7_2.x86_64.rpm pytalloc-2.1.5-1.el7_2.i686.rpm pytalloc-2.1.5-1.el7_2.x86_64.rpm python-tdb-1.3.8-1.el7_2.i686.rpm python-tdb-1.3.8-1.el7_2.x86_64.rpm python-tevent-0.9.26-1.el7_2.x86_64.rpm samba-4.2.10-6.el7_2.x86_64.rpm samba-client-4.2.10-6.el7_2.x86_64.rpm samba-client-libs-4.2.10-6.el7_2.i686.rpm samba-client-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-libs-4.2.10-6.el7_2.x86_64.rpm samba-common-tools-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-libs-4.2.10-6.el7_2.i686.rpm samba-libs-4.2.10-6.el7_2.x86_64.rpm samba-python-4.2.10-6.el7_2.x86_64.rpm samba-winbind-4.2.10-6.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-6.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-6.el7_2.i686.rpm samba-winbind-modules-4.2.10-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: openchange-devel-docs-2.0-10.el7_2.noarch.rpm samba-pidl-4.2.10-6.el7_2.noarch.rpm x86_64: ldb-tools-1.1.25-1.el7_2.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_2.i686.rpm libldb-debuginfo-1.1.25-1.el7_2.x86_64.rpm libldb-devel-1.1.25-1.el7_2.i686.rpm libldb-devel-1.1.25-1.el7_2.x86_64.rpm libsmbclient-devel-4.2.10-6.el7_2.i686.rpm libsmbclient-devel-4.2.10-6.el7_2.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_2.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_2.x86_64.rpm libtalloc-devel-2.1.5-1.el7_2.i686.rpm libtalloc-devel-2.1.5-1.el7_2.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_2.i686.rpm libtdb-debuginfo-1.3.8-1.el7_2.x86_64.rpm libtdb-devel-1.3.8-1.el7_2.i686.rpm libtdb-devel-1.3.8-1.el7_2.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_2.i686.rpm libtevent-debuginfo-0.9.26-1.el7_2.x86_64.rpm libtevent-devel-0.9.26-1.el7_2.i686.rpm libtevent-devel-0.9.26-1.el7_2.x86_64.rpm libwbclient-devel-4.2.10-6.el7_2.i686.rpm libwbclient-devel-4.2.10-6.el7_2.x86_64.rpm openchange-client-2.0-10.el7_2.x86_64.rpm openchange-debuginfo-2.0-10.el7_2.i686.rpm openchange-debuginfo-2.0-10.el7_2.x86_64.rpm openchange-devel-2.0-10.el7_2.i686.rpm openchange-devel-2.0-10.el7_2.x86_64.rpm pyldb-devel-1.1.25-1.el7_2.i686.rpm pyldb-devel-1.1.25-1.el7_2.x86_64.rpm pytalloc-devel-2.1.5-1.el7_2.i686.rpm pytalloc-devel-2.1.5-1.el7_2.x86_64.rpm samba-dc-4.2.10-6.el7_2.x86_64.rpm samba-dc-libs-4.2.10-6.el7_2.x86_64.rpm samba-debuginfo-4.2.10-6.el7_2.i686.rpm samba-debuginfo-4.2.10-6.el7_2.x86_64.rpm samba-devel-4.2.10-6.el7_2.i686.rpm samba-devel-4.2.10-6.el7_2.x86_64.rpm samba-test-4.2.10-6.el7_2.x86_64.rpm samba-test-devel-4.2.10-6.el7_2.x86_64.rpm samba-test-libs-4.2.10-6.el7_2.i686.rpm samba-test-libs-4.2.10-6.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-6.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-6.el7_2.x86_64.rpm tdb-tools-1.3.8-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2113 https://access.redhat.com/security/cve/CVE-2016-2114 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#critical https://www.samba.org/samba/history/samba-4.2.10.html https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDaHrXlSAg2UNWIIRAq/oAJ9BMWuWcGonAsrzGan8L7D93LswJwCggEof wU9IrOcdFKQU8xImW1MceUA= =0DVB -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 13 01:35:30 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Apr 2016 01:35:30 +0000 Subject: [RHSA-2016:0618-01] Critical: samba security, bug fix, and enhancement update Message-ID: <201604130135.u3D1ZVqG020424@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security, bug fix, and enhancement update Advisory ID: RHSA-2016:0618-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0618.html Issue date: 2016-04-12 Updated on: 2016-04-13 CVE Names: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage EUS (v. 7.1) - x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check 1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication 1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured 1311903 - CVE-2016-2112 samba: Missing downgrade detection 1311910 - CVE-2016-2113 samba: Server certificates not validated at client side 1312082 - CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing 1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage 1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: ipa-4.1.0-18.el7_1.6.src.rpm libldb-1.1.25-1.el7_1.src.rpm libtalloc-2.1.5-1.el7_1.src.rpm libtdb-1.3.8-1.el7_1.src.rpm libtevent-0.9.26-1.el7_1.src.rpm samba-4.2.10-5.el7_1.src.rpm noarch: samba-common-4.2.10-5.el7_1.noarch.rpm x86_64: ipa-client-4.1.0-18.el7_1.6.x86_64.rpm ipa-debuginfo-4.1.0-18.el7_1.6.x86_64.rpm ipa-python-4.1.0-18.el7_1.6.x86_64.rpm libldb-1.1.25-1.el7_1.i686.rpm libldb-1.1.25-1.el7_1.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_1.i686.rpm libldb-debuginfo-1.1.25-1.el7_1.x86_64.rpm libsmbclient-4.2.10-5.el7_1.i686.rpm libsmbclient-4.2.10-5.el7_1.x86_64.rpm libtalloc-2.1.5-1.el7_1.i686.rpm libtalloc-2.1.5-1.el7_1.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_1.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_1.x86_64.rpm libtdb-1.3.8-1.el7_1.i686.rpm libtdb-1.3.8-1.el7_1.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_1.i686.rpm libtdb-debuginfo-1.3.8-1.el7_1.x86_64.rpm libtevent-0.9.26-1.el7_1.i686.rpm libtevent-0.9.26-1.el7_1.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_1.i686.rpm libtevent-debuginfo-0.9.26-1.el7_1.x86_64.rpm libwbclient-4.2.10-5.el7_1.i686.rpm libwbclient-4.2.10-5.el7_1.x86_64.rpm pytalloc-2.1.5-1.el7_1.i686.rpm pytalloc-2.1.5-1.el7_1.x86_64.rpm samba-client-4.2.10-5.el7_1.x86_64.rpm samba-client-libs-4.2.10-5.el7_1.i686.rpm samba-client-libs-4.2.10-5.el7_1.x86_64.rpm samba-common-libs-4.2.10-5.el7_1.x86_64.rpm samba-common-tools-4.2.10-5.el7_1.x86_64.rpm samba-debuginfo-4.2.10-5.el7_1.i686.rpm samba-debuginfo-4.2.10-5.el7_1.x86_64.rpm samba-libs-4.2.10-5.el7_1.i686.rpm samba-libs-4.2.10-5.el7_1.x86_64.rpm samba-winbind-4.2.10-5.el7_1.x86_64.rpm samba-winbind-clients-4.2.10-5.el7_1.x86_64.rpm samba-winbind-modules-4.2.10-5.el7_1.i686.rpm samba-winbind-modules-4.2.10-5.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): noarch: samba-pidl-4.2.10-5.el7_1.noarch.rpm x86_64: ipa-admintools-4.1.0-18.el7_1.6.x86_64.rpm ipa-debuginfo-4.1.0-18.el7_1.6.x86_64.rpm ipa-server-4.1.0-18.el7_1.6.x86_64.rpm ipa-server-trust-ad-4.1.0-18.el7_1.6.x86_64.rpm ldb-tools-1.1.25-1.el7_1.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_1.i686.rpm libldb-debuginfo-1.1.25-1.el7_1.x86_64.rpm libldb-devel-1.1.25-1.el7_1.i686.rpm libldb-devel-1.1.25-1.el7_1.x86_64.rpm libsmbclient-devel-4.2.10-5.el7_1.i686.rpm libsmbclient-devel-4.2.10-5.el7_1.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_1.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_1.x86_64.rpm libtalloc-devel-2.1.5-1.el7_1.i686.rpm libtalloc-devel-2.1.5-1.el7_1.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_1.i686.rpm libtdb-debuginfo-1.3.8-1.el7_1.x86_64.rpm libtdb-devel-1.3.8-1.el7_1.i686.rpm libtdb-devel-1.3.8-1.el7_1.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_1.i686.rpm libtevent-debuginfo-0.9.26-1.el7_1.x86_64.rpm libtevent-devel-0.9.26-1.el7_1.i686.rpm libtevent-devel-0.9.26-1.el7_1.x86_64.rpm libwbclient-devel-4.2.10-5.el7_1.i686.rpm libwbclient-devel-4.2.10-5.el7_1.x86_64.rpm pyldb-1.1.25-1.el7_1.i686.rpm pyldb-1.1.25-1.el7_1.x86_64.rpm pyldb-devel-1.1.25-1.el7_1.i686.rpm pyldb-devel-1.1.25-1.el7_1.x86_64.rpm pytalloc-devel-2.1.5-1.el7_1.i686.rpm pytalloc-devel-2.1.5-1.el7_1.x86_64.rpm python-tdb-1.3.8-1.el7_1.i686.rpm python-tdb-1.3.8-1.el7_1.x86_64.rpm python-tevent-0.9.26-1.el7_1.x86_64.rpm samba-4.2.10-5.el7_1.x86_64.rpm samba-dc-4.2.10-5.el7_1.x86_64.rpm samba-dc-libs-4.2.10-5.el7_1.x86_64.rpm samba-debuginfo-4.2.10-5.el7_1.i686.rpm samba-debuginfo-4.2.10-5.el7_1.x86_64.rpm samba-devel-4.2.10-5.el7_1.i686.rpm samba-devel-4.2.10-5.el7_1.x86_64.rpm samba-python-4.2.10-5.el7_1.x86_64.rpm samba-test-4.2.10-5.el7_1.x86_64.rpm samba-test-devel-4.2.10-5.el7_1.x86_64.rpm samba-test-libs-4.2.10-5.el7_1.i686.rpm samba-test-libs-4.2.10-5.el7_1.x86_64.rpm samba-vfs-glusterfs-4.2.10-5.el7_1.x86_64.rpm samba-winbind-krb5-locator-4.2.10-5.el7_1.x86_64.rpm tdb-tools-1.3.8-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: ipa-4.1.0-18.el7_1.6.src.rpm libldb-1.1.25-1.el7_1.src.rpm libtalloc-2.1.5-1.el7_1.src.rpm libtdb-1.3.8-1.el7_1.src.rpm libtevent-0.9.26-1.el7_1.src.rpm samba-4.2.10-5.el7_1.src.rpm noarch: samba-common-4.2.10-5.el7_1.noarch.rpm ppc64: ipa-client-4.1.0-18.el7_1.6.ppc64.rpm ipa-debuginfo-4.1.0-18.el7_1.6.ppc64.rpm ipa-python-4.1.0-18.el7_1.6.ppc64.rpm libldb-1.1.25-1.el7_1.ppc.rpm libldb-1.1.25-1.el7_1.ppc64.rpm libldb-debuginfo-1.1.25-1.el7_1.ppc.rpm libldb-debuginfo-1.1.25-1.el7_1.ppc64.rpm libsmbclient-4.2.10-5.el7_1.ppc.rpm libsmbclient-4.2.10-5.el7_1.ppc64.rpm libtalloc-2.1.5-1.el7_1.ppc.rpm libtalloc-2.1.5-1.el7_1.ppc64.rpm libtalloc-debuginfo-2.1.5-1.el7_1.ppc.rpm libtalloc-debuginfo-2.1.5-1.el7_1.ppc64.rpm libtdb-1.3.8-1.el7_1.ppc.rpm libtdb-1.3.8-1.el7_1.ppc64.rpm libtdb-debuginfo-1.3.8-1.el7_1.ppc.rpm libtdb-debuginfo-1.3.8-1.el7_1.ppc64.rpm libtevent-0.9.26-1.el7_1.ppc.rpm libtevent-0.9.26-1.el7_1.ppc64.rpm libtevent-debuginfo-0.9.26-1.el7_1.ppc.rpm libtevent-debuginfo-0.9.26-1.el7_1.ppc64.rpm libwbclient-4.2.10-5.el7_1.ppc.rpm libwbclient-4.2.10-5.el7_1.ppc64.rpm pytalloc-2.1.5-1.el7_1.ppc.rpm pytalloc-2.1.5-1.el7_1.ppc64.rpm samba-4.2.10-5.el7_1.ppc64.rpm samba-client-4.2.10-5.el7_1.ppc64.rpm samba-client-libs-4.2.10-5.el7_1.ppc.rpm samba-client-libs-4.2.10-5.el7_1.ppc64.rpm samba-common-libs-4.2.10-5.el7_1.ppc64.rpm samba-common-tools-4.2.10-5.el7_1.ppc64.rpm samba-debuginfo-4.2.10-5.el7_1.ppc.rpm samba-debuginfo-4.2.10-5.el7_1.ppc64.rpm samba-libs-4.2.10-5.el7_1.ppc.rpm samba-libs-4.2.10-5.el7_1.ppc64.rpm samba-winbind-4.2.10-5.el7_1.ppc64.rpm samba-winbind-clients-4.2.10-5.el7_1.ppc64.rpm samba-winbind-modules-4.2.10-5.el7_1.ppc.rpm samba-winbind-modules-4.2.10-5.el7_1.ppc64.rpm s390x: ipa-client-4.1.0-18.el7_1.6.s390x.rpm ipa-debuginfo-4.1.0-18.el7_1.6.s390x.rpm ipa-python-4.1.0-18.el7_1.6.s390x.rpm libldb-1.1.25-1.el7_1.s390.rpm libldb-1.1.25-1.el7_1.s390x.rpm libldb-debuginfo-1.1.25-1.el7_1.s390.rpm libldb-debuginfo-1.1.25-1.el7_1.s390x.rpm libsmbclient-4.2.10-5.el7_1.s390.rpm libsmbclient-4.2.10-5.el7_1.s390x.rpm libtalloc-2.1.5-1.el7_1.s390.rpm libtalloc-2.1.5-1.el7_1.s390x.rpm libtalloc-debuginfo-2.1.5-1.el7_1.s390.rpm libtalloc-debuginfo-2.1.5-1.el7_1.s390x.rpm libtdb-1.3.8-1.el7_1.s390.rpm libtdb-1.3.8-1.el7_1.s390x.rpm libtdb-debuginfo-1.3.8-1.el7_1.s390.rpm libtdb-debuginfo-1.3.8-1.el7_1.s390x.rpm libtevent-0.9.26-1.el7_1.s390.rpm libtevent-0.9.26-1.el7_1.s390x.rpm libtevent-debuginfo-0.9.26-1.el7_1.s390.rpm libtevent-debuginfo-0.9.26-1.el7_1.s390x.rpm libwbclient-4.2.10-5.el7_1.s390.rpm libwbclient-4.2.10-5.el7_1.s390x.rpm pytalloc-2.1.5-1.el7_1.s390.rpm pytalloc-2.1.5-1.el7_1.s390x.rpm samba-4.2.10-5.el7_1.s390x.rpm samba-client-4.2.10-5.el7_1.s390x.rpm samba-client-libs-4.2.10-5.el7_1.s390.rpm samba-client-libs-4.2.10-5.el7_1.s390x.rpm samba-common-libs-4.2.10-5.el7_1.s390x.rpm samba-common-tools-4.2.10-5.el7_1.s390x.rpm samba-debuginfo-4.2.10-5.el7_1.s390.rpm samba-debuginfo-4.2.10-5.el7_1.s390x.rpm samba-libs-4.2.10-5.el7_1.s390.rpm samba-libs-4.2.10-5.el7_1.s390x.rpm samba-winbind-4.2.10-5.el7_1.s390x.rpm samba-winbind-clients-4.2.10-5.el7_1.s390x.rpm samba-winbind-modules-4.2.10-5.el7_1.s390.rpm samba-winbind-modules-4.2.10-5.el7_1.s390x.rpm x86_64: ipa-admintools-4.1.0-18.el7_1.6.x86_64.rpm ipa-client-4.1.0-18.el7_1.6.x86_64.rpm ipa-debuginfo-4.1.0-18.el7_1.6.x86_64.rpm ipa-python-4.1.0-18.el7_1.6.x86_64.rpm ipa-server-4.1.0-18.el7_1.6.x86_64.rpm ipa-server-trust-ad-4.1.0-18.el7_1.6.x86_64.rpm libldb-1.1.25-1.el7_1.i686.rpm libldb-1.1.25-1.el7_1.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_1.i686.rpm libldb-debuginfo-1.1.25-1.el7_1.x86_64.rpm libsmbclient-4.2.10-5.el7_1.i686.rpm libsmbclient-4.2.10-5.el7_1.x86_64.rpm libtalloc-2.1.5-1.el7_1.i686.rpm libtalloc-2.1.5-1.el7_1.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_1.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_1.x86_64.rpm libtdb-1.3.8-1.el7_1.i686.rpm libtdb-1.3.8-1.el7_1.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_1.i686.rpm libtdb-debuginfo-1.3.8-1.el7_1.x86_64.rpm libtevent-0.9.26-1.el7_1.i686.rpm libtevent-0.9.26-1.el7_1.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_1.i686.rpm libtevent-debuginfo-0.9.26-1.el7_1.x86_64.rpm libwbclient-4.2.10-5.el7_1.i686.rpm libwbclient-4.2.10-5.el7_1.x86_64.rpm pyldb-1.1.25-1.el7_1.i686.rpm pyldb-1.1.25-1.el7_1.x86_64.rpm pytalloc-2.1.5-1.el7_1.i686.rpm pytalloc-2.1.5-1.el7_1.x86_64.rpm python-tdb-1.3.8-1.el7_1.i686.rpm python-tdb-1.3.8-1.el7_1.x86_64.rpm python-tevent-0.9.26-1.el7_1.x86_64.rpm samba-4.2.10-5.el7_1.x86_64.rpm samba-client-4.2.10-5.el7_1.x86_64.rpm samba-client-libs-4.2.10-5.el7_1.i686.rpm samba-client-libs-4.2.10-5.el7_1.x86_64.rpm samba-common-libs-4.2.10-5.el7_1.x86_64.rpm samba-common-tools-4.2.10-5.el7_1.x86_64.rpm samba-debuginfo-4.2.10-5.el7_1.i686.rpm samba-debuginfo-4.2.10-5.el7_1.x86_64.rpm samba-libs-4.2.10-5.el7_1.i686.rpm samba-libs-4.2.10-5.el7_1.x86_64.rpm samba-python-4.2.10-5.el7_1.x86_64.rpm samba-winbind-4.2.10-5.el7_1.x86_64.rpm samba-winbind-clients-4.2.10-5.el7_1.x86_64.rpm samba-winbind-modules-4.2.10-5.el7_1.i686.rpm samba-winbind-modules-4.2.10-5.el7_1.x86_64.rpm tdb-tools-1.3.8-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: ipa-4.1.0-18.ael7b_1.6.src.rpm libldb-1.1.25-1.ael7b_1.src.rpm libtalloc-2.1.5-1.ael7b_1.src.rpm libtdb-1.3.8-1.ael7b_1.src.rpm libtevent-0.9.26-1.ael7b_1.src.rpm samba-4.2.10-5.ael7b_1.src.rpm noarch: samba-common-4.2.10-5.ael7b_1.noarch.rpm ppc64le: ipa-admintools-4.1.0-18.ael7b_1.6.ppc64le.rpm ipa-client-4.1.0-18.ael7b_1.6.ppc64le.rpm ipa-debuginfo-4.1.0-18.ael7b_1.6.ppc64le.rpm ipa-python-4.1.0-18.ael7b_1.6.ppc64le.rpm libldb-1.1.25-1.ael7b_1.ppc64le.rpm libldb-debuginfo-1.1.25-1.ael7b_1.ppc64le.rpm libsmbclient-4.2.10-5.ael7b_1.ppc64le.rpm libtalloc-2.1.5-1.ael7b_1.ppc64le.rpm libtalloc-debuginfo-2.1.5-1.ael7b_1.ppc64le.rpm libtdb-1.3.8-1.ael7b_1.ppc64le.rpm libtdb-debuginfo-1.3.8-1.ael7b_1.ppc64le.rpm libtevent-0.9.26-1.ael7b_1.ppc64le.rpm libtevent-debuginfo-0.9.26-1.ael7b_1.ppc64le.rpm libwbclient-4.2.10-5.ael7b_1.ppc64le.rpm pytalloc-2.1.5-1.ael7b_1.ppc64le.rpm samba-4.2.10-5.ael7b_1.ppc64le.rpm samba-client-4.2.10-5.ael7b_1.ppc64le.rpm samba-client-libs-4.2.10-5.ael7b_1.ppc64le.rpm samba-common-libs-4.2.10-5.ael7b_1.ppc64le.rpm samba-common-tools-4.2.10-5.ael7b_1.ppc64le.rpm samba-debuginfo-4.2.10-5.ael7b_1.ppc64le.rpm samba-libs-4.2.10-5.ael7b_1.ppc64le.rpm samba-winbind-4.2.10-5.ael7b_1.ppc64le.rpm samba-winbind-clients-4.2.10-5.ael7b_1.ppc64le.rpm samba-winbind-modules-4.2.10-5.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Resilient Storage EUS (v. 7.1): x86_64: ctdb-4.2.10-5.el7_1.x86_64.rpm ctdb-devel-4.2.10-5.el7_1.i686.rpm ctdb-devel-4.2.10-5.el7_1.x86_64.rpm ctdb-tests-4.2.10-5.el7_1.x86_64.rpm samba-debuginfo-4.2.10-5.el7_1.i686.rpm samba-debuginfo-4.2.10-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): Source: openchange-2.0-4.el7_1.1.src.rpm noarch: openchange-devel-docs-2.0-4.el7_1.1.noarch.rpm samba-pidl-4.2.10-5.el7_1.noarch.rpm ppc64: ipa-admintools-4.1.0-18.el7_1.6.ppc64.rpm ipa-debuginfo-4.1.0-18.el7_1.6.ppc64.rpm ldb-tools-1.1.25-1.el7_1.ppc64.rpm libldb-debuginfo-1.1.25-1.el7_1.ppc.rpm libldb-debuginfo-1.1.25-1.el7_1.ppc64.rpm libldb-devel-1.1.25-1.el7_1.ppc.rpm libldb-devel-1.1.25-1.el7_1.ppc64.rpm libsmbclient-devel-4.2.10-5.el7_1.ppc.rpm libsmbclient-devel-4.2.10-5.el7_1.ppc64.rpm libtalloc-debuginfo-2.1.5-1.el7_1.ppc.rpm libtalloc-debuginfo-2.1.5-1.el7_1.ppc64.rpm libtalloc-devel-2.1.5-1.el7_1.ppc.rpm libtalloc-devel-2.1.5-1.el7_1.ppc64.rpm libtdb-debuginfo-1.3.8-1.el7_1.ppc.rpm libtdb-debuginfo-1.3.8-1.el7_1.ppc64.rpm libtdb-devel-1.3.8-1.el7_1.ppc.rpm libtdb-devel-1.3.8-1.el7_1.ppc64.rpm libtevent-debuginfo-0.9.26-1.el7_1.ppc.rpm libtevent-debuginfo-0.9.26-1.el7_1.ppc64.rpm libtevent-devel-0.9.26-1.el7_1.ppc.rpm libtevent-devel-0.9.26-1.el7_1.ppc64.rpm libwbclient-devel-4.2.10-5.el7_1.ppc.rpm libwbclient-devel-4.2.10-5.el7_1.ppc64.rpm pyldb-1.1.25-1.el7_1.ppc.rpm pyldb-1.1.25-1.el7_1.ppc64.rpm pyldb-devel-1.1.25-1.el7_1.ppc.rpm pyldb-devel-1.1.25-1.el7_1.ppc64.rpm pytalloc-devel-2.1.5-1.el7_1.ppc.rpm pytalloc-devel-2.1.5-1.el7_1.ppc64.rpm python-tdb-1.3.8-1.el7_1.ppc.rpm python-tdb-1.3.8-1.el7_1.ppc64.rpm python-tevent-0.9.26-1.el7_1.ppc64.rpm samba-dc-4.2.10-5.el7_1.ppc64.rpm samba-dc-libs-4.2.10-5.el7_1.ppc64.rpm samba-debuginfo-4.2.10-5.el7_1.ppc.rpm samba-debuginfo-4.2.10-5.el7_1.ppc64.rpm samba-devel-4.2.10-5.el7_1.ppc.rpm samba-devel-4.2.10-5.el7_1.ppc64.rpm samba-python-4.2.10-5.el7_1.ppc64.rpm samba-test-4.2.10-5.el7_1.ppc64.rpm samba-test-devel-4.2.10-5.el7_1.ppc64.rpm samba-test-libs-4.2.10-5.el7_1.ppc.rpm samba-test-libs-4.2.10-5.el7_1.ppc64.rpm samba-winbind-krb5-locator-4.2.10-5.el7_1.ppc64.rpm tdb-tools-1.3.8-1.el7_1.ppc64.rpm s390x: ipa-admintools-4.1.0-18.el7_1.6.s390x.rpm ipa-debuginfo-4.1.0-18.el7_1.6.s390x.rpm ldb-tools-1.1.25-1.el7_1.s390x.rpm libldb-debuginfo-1.1.25-1.el7_1.s390.rpm libldb-debuginfo-1.1.25-1.el7_1.s390x.rpm libldb-devel-1.1.25-1.el7_1.s390.rpm libldb-devel-1.1.25-1.el7_1.s390x.rpm libsmbclient-devel-4.2.10-5.el7_1.s390.rpm libsmbclient-devel-4.2.10-5.el7_1.s390x.rpm libtalloc-debuginfo-2.1.5-1.el7_1.s390.rpm libtalloc-debuginfo-2.1.5-1.el7_1.s390x.rpm libtalloc-devel-2.1.5-1.el7_1.s390.rpm libtalloc-devel-2.1.5-1.el7_1.s390x.rpm libtdb-debuginfo-1.3.8-1.el7_1.s390.rpm libtdb-debuginfo-1.3.8-1.el7_1.s390x.rpm libtdb-devel-1.3.8-1.el7_1.s390.rpm libtdb-devel-1.3.8-1.el7_1.s390x.rpm libtevent-debuginfo-0.9.26-1.el7_1.s390.rpm libtevent-debuginfo-0.9.26-1.el7_1.s390x.rpm libtevent-devel-0.9.26-1.el7_1.s390.rpm libtevent-devel-0.9.26-1.el7_1.s390x.rpm libwbclient-devel-4.2.10-5.el7_1.s390.rpm libwbclient-devel-4.2.10-5.el7_1.s390x.rpm pyldb-1.1.25-1.el7_1.s390.rpm pyldb-1.1.25-1.el7_1.s390x.rpm pyldb-devel-1.1.25-1.el7_1.s390.rpm pyldb-devel-1.1.25-1.el7_1.s390x.rpm pytalloc-devel-2.1.5-1.el7_1.s390.rpm pytalloc-devel-2.1.5-1.el7_1.s390x.rpm python-tdb-1.3.8-1.el7_1.s390.rpm python-tdb-1.3.8-1.el7_1.s390x.rpm python-tevent-0.9.26-1.el7_1.s390x.rpm samba-dc-4.2.10-5.el7_1.s390x.rpm samba-dc-libs-4.2.10-5.el7_1.s390x.rpm samba-debuginfo-4.2.10-5.el7_1.s390.rpm samba-debuginfo-4.2.10-5.el7_1.s390x.rpm samba-devel-4.2.10-5.el7_1.s390.rpm samba-devel-4.2.10-5.el7_1.s390x.rpm samba-python-4.2.10-5.el7_1.s390x.rpm samba-test-4.2.10-5.el7_1.s390x.rpm samba-test-devel-4.2.10-5.el7_1.s390x.rpm samba-test-libs-4.2.10-5.el7_1.s390.rpm samba-test-libs-4.2.10-5.el7_1.s390x.rpm samba-winbind-krb5-locator-4.2.10-5.el7_1.s390x.rpm tdb-tools-1.3.8-1.el7_1.s390x.rpm x86_64: ldb-tools-1.1.25-1.el7_1.x86_64.rpm libldb-debuginfo-1.1.25-1.el7_1.i686.rpm libldb-debuginfo-1.1.25-1.el7_1.x86_64.rpm libldb-devel-1.1.25-1.el7_1.i686.rpm libldb-devel-1.1.25-1.el7_1.x86_64.rpm libsmbclient-devel-4.2.10-5.el7_1.i686.rpm libsmbclient-devel-4.2.10-5.el7_1.x86_64.rpm libtalloc-debuginfo-2.1.5-1.el7_1.i686.rpm libtalloc-debuginfo-2.1.5-1.el7_1.x86_64.rpm libtalloc-devel-2.1.5-1.el7_1.i686.rpm libtalloc-devel-2.1.5-1.el7_1.x86_64.rpm libtdb-debuginfo-1.3.8-1.el7_1.i686.rpm libtdb-debuginfo-1.3.8-1.el7_1.x86_64.rpm libtdb-devel-1.3.8-1.el7_1.i686.rpm libtdb-devel-1.3.8-1.el7_1.x86_64.rpm libtevent-debuginfo-0.9.26-1.el7_1.i686.rpm libtevent-debuginfo-0.9.26-1.el7_1.x86_64.rpm libtevent-devel-0.9.26-1.el7_1.i686.rpm libtevent-devel-0.9.26-1.el7_1.x86_64.rpm libwbclient-devel-4.2.10-5.el7_1.i686.rpm libwbclient-devel-4.2.10-5.el7_1.x86_64.rpm openchange-2.0-4.el7_1.1.i686.rpm openchange-2.0-4.el7_1.1.x86_64.rpm openchange-client-2.0-4.el7_1.1.x86_64.rpm openchange-debuginfo-2.0-4.el7_1.1.i686.rpm openchange-debuginfo-2.0-4.el7_1.1.x86_64.rpm openchange-devel-2.0-4.el7_1.1.i686.rpm openchange-devel-2.0-4.el7_1.1.x86_64.rpm pyldb-devel-1.1.25-1.el7_1.i686.rpm pyldb-devel-1.1.25-1.el7_1.x86_64.rpm pytalloc-devel-2.1.5-1.el7_1.i686.rpm pytalloc-devel-2.1.5-1.el7_1.x86_64.rpm samba-dc-4.2.10-5.el7_1.x86_64.rpm samba-dc-libs-4.2.10-5.el7_1.x86_64.rpm samba-debuginfo-4.2.10-5.el7_1.i686.rpm samba-debuginfo-4.2.10-5.el7_1.x86_64.rpm samba-devel-4.2.10-5.el7_1.i686.rpm samba-devel-4.2.10-5.el7_1.x86_64.rpm samba-test-4.2.10-5.el7_1.x86_64.rpm samba-test-devel-4.2.10-5.el7_1.x86_64.rpm samba-test-libs-4.2.10-5.el7_1.i686.rpm samba-test-libs-4.2.10-5.el7_1.x86_64.rpm samba-vfs-glusterfs-4.2.10-5.el7_1.x86_64.rpm samba-winbind-krb5-locator-4.2.10-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): Source: openchange-2.0-4.ael7b_1.1.src.rpm noarch: openchange-devel-docs-2.0-4.ael7b_1.1.noarch.rpm samba-pidl-4.2.10-5.ael7b_1.noarch.rpm ppc64le: ctdb-4.2.10-5.ael7b_1.ppc64le.rpm ctdb-devel-4.2.10-5.ael7b_1.ppc64le.rpm ctdb-tests-4.2.10-5.ael7b_1.ppc64le.rpm ldb-tools-1.1.25-1.ael7b_1.ppc64le.rpm libldb-debuginfo-1.1.25-1.ael7b_1.ppc64le.rpm libldb-devel-1.1.25-1.ael7b_1.ppc64le.rpm libsmbclient-devel-4.2.10-5.ael7b_1.ppc64le.rpm libtalloc-debuginfo-2.1.5-1.ael7b_1.ppc64le.rpm libtalloc-devel-2.1.5-1.ael7b_1.ppc64le.rpm libtdb-debuginfo-1.3.8-1.ael7b_1.ppc64le.rpm libtdb-devel-1.3.8-1.ael7b_1.ppc64le.rpm libtevent-debuginfo-0.9.26-1.ael7b_1.ppc64le.rpm libtevent-devel-0.9.26-1.ael7b_1.ppc64le.rpm libwbclient-devel-4.2.10-5.ael7b_1.ppc64le.rpm openchange-2.0-4.ael7b_1.1.ppc64le.rpm openchange-client-2.0-4.ael7b_1.1.ppc64le.rpm openchange-debuginfo-2.0-4.ael7b_1.1.ppc64le.rpm openchange-devel-2.0-4.ael7b_1.1.ppc64le.rpm pyldb-1.1.25-1.ael7b_1.ppc64le.rpm pyldb-devel-1.1.25-1.ael7b_1.ppc64le.rpm pytalloc-devel-2.1.5-1.ael7b_1.ppc64le.rpm python-tdb-1.3.8-1.ael7b_1.ppc64le.rpm python-tevent-0.9.26-1.ael7b_1.ppc64le.rpm samba-dc-4.2.10-5.ael7b_1.ppc64le.rpm samba-dc-libs-4.2.10-5.ael7b_1.ppc64le.rpm samba-debuginfo-4.2.10-5.ael7b_1.ppc64le.rpm samba-devel-4.2.10-5.ael7b_1.ppc64le.rpm samba-python-4.2.10-5.ael7b_1.ppc64le.rpm samba-test-4.2.10-5.ael7b_1.ppc64le.rpm samba-test-devel-4.2.10-5.ael7b_1.ppc64le.rpm samba-test-libs-4.2.10-5.ael7b_1.ppc64le.rpm samba-winbind-krb5-locator-4.2.10-5.ael7b_1.ppc64le.rpm tdb-tools-1.3.8-1.ael7b_1.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5370 https://access.redhat.com/security/cve/CVE-2016-2110 https://access.redhat.com/security/cve/CVE-2016-2111 https://access.redhat.com/security/cve/CVE-2016-2112 https://access.redhat.com/security/cve/CVE-2016-2113 https://access.redhat.com/security/cve/CVE-2016-2114 https://access.redhat.com/security/cve/CVE-2016-2115 https://access.redhat.com/security/cve/CVE-2016-2118 https://access.redhat.com/security/updates/classification/#critical https://www.samba.org/samba/history/samba-4.2.10.html https://access.redhat.com/security/vulnerabilities/badlock https://access.redhat.com/articles/2253041 http://badlock.org/ https://access.redhat.com/articles/2243351 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDaJMXlSAg2UNWIIRAr3KAJ9tqHHfeucggbmPZPfiOAc6n2ENSACgxYUr kQsA3DDmUXrLxoRYXUV6hX8= =GSXg -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 18 07:32:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Apr 2016 07:32:33 +0000 Subject: [RHSA-2016:0638-01] Important: chromium-browser security update Message-ID: <201604180732.u3I7WYMd004869@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:0638-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0638.html Issue date: 2016-04-18 CVE Names: CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1656 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 50.0.2661.75. Security Fix(es): Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1652, CVE-2016-1653, CVE-2016-1651, CVE-2016-1654, CVE-2016-1655, CVE-2016-1656, CVE-2016-1657, CVE-2016-1658, CVE-2016-1659) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1327109 - CVE-2016-1652 chromium-browser: universal XSS in extension bindings 1327110 - CVE-2016-1653 chromium-browser: out-of-bounds write in V8 1327111 - CVE-2016-1651 chromium-browser: out-of-bounds read in Pdfium JPEG2000 decoding 1327112 - CVE-2016-1654 chromium-browser: uninitialized memory read in media 1327113 - CVE-2016-1655 chromium-browser: use-after-free related to extensions 1327114 - CVE-2016-1656 chromium-browser: android downloaded file path restriction bypass 1327115 - CVE-2016-1657 chromium-browser: address bar spoofing 1327117 - CVE-2016-1658 chromium-browser: potential leak of sensitive information to malicious extensions 1327120 - CVE-2016-1659 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-50.0.2661.75-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.75-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-50.0.2661.75-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.75-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-50.0.2661.75-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.75-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1651 https://access.redhat.com/security/cve/CVE-2016-1652 https://access.redhat.com/security/cve/CVE-2016-1653 https://access.redhat.com/security/cve/CVE-2016-1654 https://access.redhat.com/security/cve/CVE-2016-1655 https://access.redhat.com/security/cve/CVE-2016-1656 https://access.redhat.com/security/cve/CVE-2016-1657 https://access.redhat.com/security/cve/CVE-2016-1658 https://access.redhat.com/security/cve/CVE-2016-1659 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXFI1fXlSAg2UNWIIRApnZAJ0eUY9GCxnHLbxj9uMwwIjc4cNK6ACgpf9N DyK/7gI7S160U4dH4WSkh/8= =i9SA -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 19 12:44:54 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Apr 2016 12:44:54 +0000 Subject: [RHSA-2016:0561-02] Low: Red Hat Enterprise Linux 5 One-Year Retirement Notice Message-ID: <201604191244.u3JCis7Y001815@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5 One-Year Retirement Notice Advisory ID: RHSA-2016:0561-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0561.html Issue date: 2016-03-31 Updated on: 2016-04-19 ===================================================================== 1. Summary: This is the One-Year notification for the retirement of Red Hat Enterprise Linux 5. This notification applies only to those customers subscribed to the channel for Red Hat Enterprise Linux 5. [Updated 19 April 2016] This advisory has been updated with a corrected list of architectures supported with the RHEL 5 Extended Life Cycle Support (ELS) Add-On. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released (RHEL 4, RHEL 5, etc.) content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (search for "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. Note that the RHEL 5 ELS Add-On is available for the x86 (32- and 64-bit) architecture only. The RHEL 5 ELS Add-On is not available for the Itanium architecture. To take advantage of a more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: redhat-release-5Client-5.11.0.4.src.rpm i386: redhat-release-5Client-5.11.0.4.i386.rpm x86_64: redhat-release-5Client-5.11.0.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: redhat-release-5Server-5.11.0.4.src.rpm i386: redhat-release-5Server-5.11.0.4.i386.rpm ia64: redhat-release-5Server-5.11.0.4.ia64.rpm ppc: redhat-release-5Server-5.11.0.4.ppc.rpm s390x: redhat-release-5Server-5.11.0.4.s390x.rpm x86_64: redhat-release-5Server-5.11.0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXFigtXlSAg2UNWIIRAiyJAJ9NE1N2nZfBKHYEwEIZiUiUs1Rq4wCgonJd n1dpdHhg6QzoeNQ4YkotxGk= =jvnf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 20 20:04:02 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Apr 2016 20:04:02 +0000 Subject: [RHSA-2016:0650-01] Critical: java-1.8.0-openjdk security update Message-ID: <201604202004.u3KK43IV003559@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: RHSA-2016:0650-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0650.html Issue date: 2016-04-20 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el7_2.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el7_2.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el7_2.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el7_2.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.91-0.b14.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el7_2.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.91-0.b14.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el7_2.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.91-0.b14.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el7_2.s390x.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXF+CiXlSAg2UNWIIRAsIJAJ9tSkQEVcHG/4ySB/h5iEvyfL7IZgCeKry2 b5jR44jfhzwNP4c3R5VWMYs= =mxvI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 20 20:04:59 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Apr 2016 20:04:59 +0000 Subject: [RHSA-2016:0651-01] Critical: java-1.8.0-openjdk security update Message-ID: <201604202005.u3KK50Tl001523@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: RHSA-2016:0651-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0651.html Issue date: 2016-04-20 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXF+DLXlSAg2UNWIIRAlaWAJ4mhLHRY3E0WlVYEbEexoM97I5YVACgjhU7 x2upLKMquVd+zPquG5JOxG4= =6T9e -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 21 18:03:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Apr 2016 18:03:07 +0000 Subject: [RHSA-2016:0675-01] Critical: java-1.7.0-openjdk security update Message-ID: <201604211803.u3LI38bd030341@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2016:0675-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0675.html Issue date: 2016-04-21 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 ===================================================================== 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXGRXFXlSAg2UNWIIRArH7AJ41S8Q5+FKGfk2kTDk9AqpySWZSxwCgklJ+ Xwjyd74SkOq5P2WSO4OerDw= =WDZr -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 21 18:04:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Apr 2016 18:04:16 +0000 Subject: [RHSA-2016:0676-01] Critical: java-1.7.0-openjdk security update Message-ID: <201604211804.u3LI4Lcf019187@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2016:0676-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0676.html Issue date: 2016-04-21 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 ===================================================================== 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm ppc64le: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm s390x: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2.ppc64.rpm ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2.ppc64le.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2.s390x.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXGRYOXlSAg2UNWIIRAvg8AJ4nE9rteZEPjQsBX3Jc1Set42X9sACfdEOP EzpSt+wdNUfYu4P5EqzxyLQ= =xWia -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 21 18:05:26 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Apr 2016 18:05:26 +0000 Subject: [RHSA-2016:0677-01] Critical: java-1.8.0-oracle security update Message-ID: <201604211805.u3LI5QAN000358@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2016:0677-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0677.html Issue date: 2016-04-21 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3422 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 91. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.8.0-oracle-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.8.0-oracle-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.91-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.91-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXGRZKXlSAg2UNWIIRAgjoAJ4/JRnKJRaCuH95ckx2cju4qefm/ACfR2gY MB02HDSs7C/jocWB+b0pDAA= =/qta -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 21 18:06:36 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Apr 2016 18:06:36 +0000 Subject: [RHSA-2016:0678-01] Critical: java-1.7.0-oracle security update Message-ID: <201604211806.u3LI6a3j002402@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2016:0678-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0678.html Issue date: 2016-04-21 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3422 CVE-2016-3425 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 101. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.7.0-oracle-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.101-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.101-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXGRaEXlSAg2UNWIIRAjxEAKCoUp81LqbBrsd7YAfHbKS1A+8TJACgtj2c A4xB3nuAh16aJaa/pAgOBsg= =xlBw -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 21 18:07:49 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Apr 2016 18:07:49 +0000 Subject: [RHSA-2016:0679-01] Critical: java-1.6.0-sun security update Message-ID: <201604211807.u3LI7nvS002027@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2016:0679-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0679.html Issue date: 2016-04-21 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3422 CVE-2016-3425 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 115. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.6.0-sun-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el6_7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.115-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.115-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXGRbIXlSAg2UNWIIRAvt0AJ4yPc7fF7twDIdjZoysrJvyrYEjnACglMgi PKdb2jZel5Ns5LyKOiIT/+4= =aZaB -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 25 12:23:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Apr 2016 12:23:51 +0000 Subject: [RHSA-2016:0684-01] Moderate: nss and nspr security, bug fix, and enhancement update Message-ID: <201604251223.u3PCNqbr000742@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2016:0684-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0684.html Issue date: 2016-04-25 CVE Names: CVE-2016-1978 CVE-2016-1979 ===================================================================== 1. Summary: An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es): * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSS or NSPR (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1297943 - Rebase RHEL 5.11.z to NSPR 4.11 in preparation for Firefox 45. 1297944 - Rebase RHEL 5.11.z to NSS 3.21 in preparation for Firefox 45. 1315202 - CVE-2016-1979 nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36) 1315565 - CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: nspr-4.11.0-1.el5_11.src.rpm nss-3.21.0-6.el5_11.src.rpm i386: nspr-4.11.0-1.el5_11.i386.rpm nspr-debuginfo-4.11.0-1.el5_11.i386.rpm nss-3.21.0-6.el5_11.i386.rpm nss-debuginfo-3.21.0-6.el5_11.i386.rpm nss-tools-3.21.0-6.el5_11.i386.rpm x86_64: nspr-4.11.0-1.el5_11.i386.rpm nspr-4.11.0-1.el5_11.x86_64.rpm nspr-debuginfo-4.11.0-1.el5_11.i386.rpm nspr-debuginfo-4.11.0-1.el5_11.x86_64.rpm nss-3.21.0-6.el5_11.i386.rpm nss-3.21.0-6.el5_11.x86_64.rpm nss-debuginfo-3.21.0-6.el5_11.i386.rpm nss-debuginfo-3.21.0-6.el5_11.x86_64.rpm nss-tools-3.21.0-6.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: nspr-4.11.0-1.el5_11.src.rpm nss-3.21.0-6.el5_11.src.rpm i386: nspr-debuginfo-4.11.0-1.el5_11.i386.rpm nspr-devel-4.11.0-1.el5_11.i386.rpm nss-debuginfo-3.21.0-6.el5_11.i386.rpm nss-devel-3.21.0-6.el5_11.i386.rpm nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm x86_64: nspr-debuginfo-4.11.0-1.el5_11.i386.rpm nspr-debuginfo-4.11.0-1.el5_11.x86_64.rpm nspr-devel-4.11.0-1.el5_11.i386.rpm nspr-devel-4.11.0-1.el5_11.x86_64.rpm nss-debuginfo-3.21.0-6.el5_11.i386.rpm nss-debuginfo-3.21.0-6.el5_11.x86_64.rpm nss-devel-3.21.0-6.el5_11.i386.rpm nss-devel-3.21.0-6.el5_11.x86_64.rpm nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm nss-pkcs11-devel-3.21.0-6.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: nspr-4.11.0-1.el5_11.src.rpm nss-3.21.0-6.el5_11.src.rpm i386: nspr-4.11.0-1.el5_11.i386.rpm nspr-debuginfo-4.11.0-1.el5_11.i386.rpm nspr-devel-4.11.0-1.el5_11.i386.rpm nss-3.21.0-6.el5_11.i386.rpm nss-debuginfo-3.21.0-6.el5_11.i386.rpm nss-devel-3.21.0-6.el5_11.i386.rpm nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm nss-tools-3.21.0-6.el5_11.i386.rpm ia64: nspr-4.11.0-1.el5_11.i386.rpm nspr-4.11.0-1.el5_11.ia64.rpm nspr-debuginfo-4.11.0-1.el5_11.i386.rpm nspr-debuginfo-4.11.0-1.el5_11.ia64.rpm nspr-devel-4.11.0-1.el5_11.ia64.rpm nss-3.21.0-6.el5_11.i386.rpm nss-3.21.0-6.el5_11.ia64.rpm nss-debuginfo-3.21.0-6.el5_11.i386.rpm nss-debuginfo-3.21.0-6.el5_11.ia64.rpm nss-devel-3.21.0-6.el5_11.ia64.rpm nss-pkcs11-devel-3.21.0-6.el5_11.ia64.rpm nss-tools-3.21.0-6.el5_11.ia64.rpm ppc: nspr-4.11.0-1.el5_11.ppc.rpm nspr-4.11.0-1.el5_11.ppc64.rpm nspr-debuginfo-4.11.0-1.el5_11.ppc.rpm nspr-debuginfo-4.11.0-1.el5_11.ppc64.rpm nspr-devel-4.11.0-1.el5_11.ppc.rpm nspr-devel-4.11.0-1.el5_11.ppc64.rpm nss-3.21.0-6.el5_11.ppc.rpm nss-3.21.0-6.el5_11.ppc64.rpm nss-debuginfo-3.21.0-6.el5_11.ppc.rpm nss-debuginfo-3.21.0-6.el5_11.ppc64.rpm nss-devel-3.21.0-6.el5_11.ppc.rpm nss-devel-3.21.0-6.el5_11.ppc64.rpm nss-pkcs11-devel-3.21.0-6.el5_11.ppc.rpm nss-pkcs11-devel-3.21.0-6.el5_11.ppc64.rpm nss-tools-3.21.0-6.el5_11.ppc.rpm s390x: nspr-4.11.0-1.el5_11.s390.rpm nspr-4.11.0-1.el5_11.s390x.rpm nspr-debuginfo-4.11.0-1.el5_11.s390.rpm nspr-debuginfo-4.11.0-1.el5_11.s390x.rpm nspr-devel-4.11.0-1.el5_11.s390.rpm nspr-devel-4.11.0-1.el5_11.s390x.rpm nss-3.21.0-6.el5_11.s390.rpm nss-3.21.0-6.el5_11.s390x.rpm nss-debuginfo-3.21.0-6.el5_11.s390.rpm nss-debuginfo-3.21.0-6.el5_11.s390x.rpm nss-devel-3.21.0-6.el5_11.s390.rpm nss-devel-3.21.0-6.el5_11.s390x.rpm nss-pkcs11-devel-3.21.0-6.el5_11.s390.rpm nss-pkcs11-devel-3.21.0-6.el5_11.s390x.rpm nss-tools-3.21.0-6.el5_11.s390x.rpm x86_64: nspr-4.11.0-1.el5_11.i386.rpm nspr-4.11.0-1.el5_11.x86_64.rpm nspr-debuginfo-4.11.0-1.el5_11.i386.rpm nspr-debuginfo-4.11.0-1.el5_11.x86_64.rpm nspr-devel-4.11.0-1.el5_11.i386.rpm nspr-devel-4.11.0-1.el5_11.x86_64.rpm nss-3.21.0-6.el5_11.i386.rpm nss-3.21.0-6.el5_11.x86_64.rpm nss-debuginfo-3.21.0-6.el5_11.i386.rpm nss-debuginfo-3.21.0-6.el5_11.x86_64.rpm nss-devel-3.21.0-6.el5_11.i386.rpm nss-devel-3.21.0-6.el5_11.x86_64.rpm nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm nss-pkcs11-devel-3.21.0-6.el5_11.x86_64.rpm nss-tools-3.21.0-6.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1978 https://access.redhat.com/security/cve/CVE-2016-1979 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXHgwfXlSAg2UNWIIRAhzgAKCDTRQGjfAFBfNMTjjpRsVuHLSVdACdGii2 OKzUXMIe/iJjSjvf9R01PHQ= =DL0F -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 25 12:27:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Apr 2016 12:27:33 +0000 Subject: [RHSA-2016:0685-01] Moderate: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update Message-ID: <201604251227.u3PCRXDi032335@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update Advisory ID: RHSA-2016:0685-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0685.html Issue date: 2016-04-25 CVE Names: CVE-2016-1978 CVE-2016-1979 ===================================================================== 1. Summary: An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ#1299872) Security Fix(es): * A use-after-free flaw was found in the way NSS handled DHE (Diffie?Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es): * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSPR (for example, Firefox) must be restarted for this update to take effect. After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1299872 - Rebase RHEL 7.2.z to NSPR 4.11 in preparation for Firefox 45. 1303021 - Rebase RHEL 7.2.z to NSS-util 3.21 in preparation for Firefox 45. 1310581 - Rebase RHEL 7.2.z to NSS 3.21 in preparation for Firefox 45. 1315202 - CVE-2016-1979 nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36) 1315565 - CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: nspr-4.11.0-1.el7_2.src.rpm nss-3.21.0-9.el7_2.src.rpm nss-softokn-3.16.2.3-14.2.el7_2.src.rpm nss-util-3.21.0-2.2.el7_2.src.rpm x86_64: nspr-4.11.0-1.el7_2.i686.rpm nspr-4.11.0-1.el7_2.x86_64.rpm nspr-debuginfo-4.11.0-1.el7_2.i686.rpm nspr-debuginfo-4.11.0-1.el7_2.x86_64.rpm nss-3.21.0-9.el7_2.i686.rpm nss-3.21.0-9.el7_2.x86_64.rpm nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-softokn-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.x86_64.rpm nss-sysinit-3.21.0-9.el7_2.x86_64.rpm nss-tools-3.21.0-9.el7_2.x86_64.rpm nss-util-3.21.0-2.2.el7_2.i686.rpm nss-util-3.21.0-2.2.el7_2.x86_64.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.i686.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nspr-debuginfo-4.11.0-1.el7_2.i686.rpm nspr-debuginfo-4.11.0-1.el7_2.x86_64.rpm nspr-devel-4.11.0-1.el7_2.i686.rpm nspr-devel-4.11.0-1.el7_2.x86_64.rpm nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-devel-3.21.0-9.el7_2.i686.rpm nss-devel-3.21.0-9.el7_2.x86_64.rpm nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.i686.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.x86_64.rpm nss-util-devel-3.21.0-2.2.el7_2.i686.rpm nss-util-devel-3.21.0-2.2.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nspr-4.11.0-1.el7_2.src.rpm nss-3.21.0-9.el7_2.src.rpm nss-softokn-3.16.2.3-14.2.el7_2.src.rpm nss-util-3.21.0-2.2.el7_2.src.rpm x86_64: nspr-4.11.0-1.el7_2.i686.rpm nspr-4.11.0-1.el7_2.x86_64.rpm nspr-debuginfo-4.11.0-1.el7_2.i686.rpm nspr-debuginfo-4.11.0-1.el7_2.x86_64.rpm nss-3.21.0-9.el7_2.i686.rpm nss-3.21.0-9.el7_2.x86_64.rpm nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-softokn-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.x86_64.rpm nss-sysinit-3.21.0-9.el7_2.x86_64.rpm nss-tools-3.21.0-9.el7_2.x86_64.rpm nss-util-3.21.0-2.2.el7_2.i686.rpm nss-util-3.21.0-2.2.el7_2.x86_64.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.i686.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nspr-debuginfo-4.11.0-1.el7_2.i686.rpm nspr-debuginfo-4.11.0-1.el7_2.x86_64.rpm nspr-devel-4.11.0-1.el7_2.i686.rpm nspr-devel-4.11.0-1.el7_2.x86_64.rpm nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-devel-3.21.0-9.el7_2.i686.rpm nss-devel-3.21.0-9.el7_2.x86_64.rpm nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.i686.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.x86_64.rpm nss-util-devel-3.21.0-2.2.el7_2.i686.rpm nss-util-devel-3.21.0-2.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nspr-4.11.0-1.el7_2.src.rpm nss-3.21.0-9.el7_2.src.rpm nss-softokn-3.16.2.3-14.2.el7_2.src.rpm nss-util-3.21.0-2.2.el7_2.src.rpm ppc64: nspr-4.11.0-1.el7_2.ppc.rpm nspr-4.11.0-1.el7_2.ppc64.rpm nspr-debuginfo-4.11.0-1.el7_2.ppc.rpm nspr-debuginfo-4.11.0-1.el7_2.ppc64.rpm nspr-devel-4.11.0-1.el7_2.ppc.rpm nspr-devel-4.11.0-1.el7_2.ppc64.rpm nss-3.21.0-9.el7_2.ppc.rpm nss-3.21.0-9.el7_2.ppc64.rpm nss-debuginfo-3.21.0-9.el7_2.ppc.rpm nss-debuginfo-3.21.0-9.el7_2.ppc64.rpm nss-devel-3.21.0-9.el7_2.ppc.rpm nss-devel-3.21.0-9.el7_2.ppc64.rpm nss-softokn-3.16.2.3-14.2.el7_2.ppc.rpm nss-softokn-3.16.2.3-14.2.el7_2.ppc64.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.ppc.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.ppc64.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.ppc.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.ppc64.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.ppc.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.ppc64.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.ppc.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.ppc64.rpm nss-sysinit-3.21.0-9.el7_2.ppc64.rpm nss-tools-3.21.0-9.el7_2.ppc64.rpm nss-util-3.21.0-2.2.el7_2.ppc.rpm nss-util-3.21.0-2.2.el7_2.ppc64.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.ppc.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.ppc64.rpm nss-util-devel-3.21.0-2.2.el7_2.ppc.rpm nss-util-devel-3.21.0-2.2.el7_2.ppc64.rpm ppc64le: nspr-4.11.0-1.el7_2.ppc64le.rpm nspr-debuginfo-4.11.0-1.el7_2.ppc64le.rpm nspr-devel-4.11.0-1.el7_2.ppc64le.rpm nss-3.21.0-9.el7_2.ppc64le.rpm nss-debuginfo-3.21.0-9.el7_2.ppc64le.rpm nss-devel-3.21.0-9.el7_2.ppc64le.rpm nss-softokn-3.16.2.3-14.2.el7_2.ppc64le.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.ppc64le.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.ppc64le.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.ppc64le.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.ppc64le.rpm nss-sysinit-3.21.0-9.el7_2.ppc64le.rpm nss-tools-3.21.0-9.el7_2.ppc64le.rpm nss-util-3.21.0-2.2.el7_2.ppc64le.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.ppc64le.rpm nss-util-devel-3.21.0-2.2.el7_2.ppc64le.rpm s390x: nspr-4.11.0-1.el7_2.s390.rpm nspr-4.11.0-1.el7_2.s390x.rpm nspr-debuginfo-4.11.0-1.el7_2.s390.rpm nspr-debuginfo-4.11.0-1.el7_2.s390x.rpm nspr-devel-4.11.0-1.el7_2.s390.rpm nspr-devel-4.11.0-1.el7_2.s390x.rpm nss-3.21.0-9.el7_2.s390.rpm nss-3.21.0-9.el7_2.s390x.rpm nss-debuginfo-3.21.0-9.el7_2.s390.rpm nss-debuginfo-3.21.0-9.el7_2.s390x.rpm nss-devel-3.21.0-9.el7_2.s390.rpm nss-devel-3.21.0-9.el7_2.s390x.rpm nss-softokn-3.16.2.3-14.2.el7_2.s390.rpm nss-softokn-3.16.2.3-14.2.el7_2.s390x.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.s390.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.s390x.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.s390.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.s390x.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.s390.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.s390x.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.s390.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.s390x.rpm nss-sysinit-3.21.0-9.el7_2.s390x.rpm nss-tools-3.21.0-9.el7_2.s390x.rpm nss-util-3.21.0-2.2.el7_2.s390.rpm nss-util-3.21.0-2.2.el7_2.s390x.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.s390.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.s390x.rpm nss-util-devel-3.21.0-2.2.el7_2.s390.rpm nss-util-devel-3.21.0-2.2.el7_2.s390x.rpm x86_64: nspr-4.11.0-1.el7_2.i686.rpm nspr-4.11.0-1.el7_2.x86_64.rpm nspr-debuginfo-4.11.0-1.el7_2.i686.rpm nspr-debuginfo-4.11.0-1.el7_2.x86_64.rpm nspr-devel-4.11.0-1.el7_2.i686.rpm nspr-devel-4.11.0-1.el7_2.x86_64.rpm nss-3.21.0-9.el7_2.i686.rpm nss-3.21.0-9.el7_2.x86_64.rpm nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-devel-3.21.0-9.el7_2.i686.rpm nss-devel-3.21.0-9.el7_2.x86_64.rpm nss-softokn-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-sysinit-3.21.0-9.el7_2.x86_64.rpm nss-tools-3.21.0-9.el7_2.x86_64.rpm nss-util-3.21.0-2.2.el7_2.i686.rpm nss-util-3.21.0-2.2.el7_2.x86_64.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.i686.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.x86_64.rpm nss-util-devel-3.21.0-2.2.el7_2.i686.rpm nss-util-devel-3.21.0-2.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.21.0-9.el7_2.ppc.rpm nss-debuginfo-3.21.0-9.el7_2.ppc64.rpm nss-pkcs11-devel-3.21.0-9.el7_2.ppc.rpm nss-pkcs11-devel-3.21.0-9.el7_2.ppc64.rpm ppc64le: nss-debuginfo-3.21.0-9.el7_2.ppc64le.rpm nss-pkcs11-devel-3.21.0-9.el7_2.ppc64le.rpm s390x: nss-debuginfo-3.21.0-9.el7_2.s390.rpm nss-debuginfo-3.21.0-9.el7_2.s390x.rpm nss-pkcs11-devel-3.21.0-9.el7_2.s390.rpm nss-pkcs11-devel-3.21.0-9.el7_2.s390x.rpm x86_64: nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nspr-4.11.0-1.el7_2.src.rpm nss-3.21.0-9.el7_2.src.rpm nss-softokn-3.16.2.3-14.2.el7_2.src.rpm nss-util-3.21.0-2.2.el7_2.src.rpm x86_64: nspr-4.11.0-1.el7_2.i686.rpm nspr-4.11.0-1.el7_2.x86_64.rpm nspr-debuginfo-4.11.0-1.el7_2.i686.rpm nspr-debuginfo-4.11.0-1.el7_2.x86_64.rpm nspr-devel-4.11.0-1.el7_2.i686.rpm nspr-devel-4.11.0-1.el7_2.x86_64.rpm nss-3.21.0-9.el7_2.i686.rpm nss-3.21.0-9.el7_2.x86_64.rpm nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-devel-3.21.0-9.el7_2.i686.rpm nss-devel-3.21.0-9.el7_2.x86_64.rpm nss-softokn-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-debuginfo-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-3.16.2.3-14.2.el7_2.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.i686.rpm nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.x86_64.rpm nss-sysinit-3.21.0-9.el7_2.x86_64.rpm nss-tools-3.21.0-9.el7_2.x86_64.rpm nss-util-3.21.0-2.2.el7_2.i686.rpm nss-util-3.21.0-2.2.el7_2.x86_64.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.i686.rpm nss-util-debuginfo-3.21.0-2.2.el7_2.x86_64.rpm nss-util-devel-3.21.0-2.2.el7_2.i686.rpm nss-util-devel-3.21.0-2.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.21.0-9.el7_2.i686.rpm nss-debuginfo-3.21.0-9.el7_2.x86_64.rpm nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1978 https://access.redhat.com/security/cve/CVE-2016-1979 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXHgzpXlSAg2UNWIIRAj+qAJ0UX7cz+Z/IMB9FAYtjLk7dYVE/oQCfYl0t 3r9UGvNSVjelJzamM6/ch/4= =iwis -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 26 20:30:23 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Apr 2016 20:30:23 +0000 Subject: [RHSA-2016:0695-01] Critical: firefox security update Message-ID: <201604262030.u3QKUNWS020156@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:0695-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0695.html Issue date: 2016-04-26 CVE Names: CVE-2016-2805 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1330266 - CVE-2016-2805 Mozilla: Miscellaneous memory safety hazards (rv:38.8) (MFSA 2016-39) 1330270 - CVE-2016-2806 Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1) (MFSA 2016-39) 1330271 - CVE-2016-2807 Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) (MFSA 2016-39) 1330280 - CVE-2016-2814 Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44) 1330286 - CVE-2016-2808 Mozilla: Write to invalid HashMap entry through JavaScript.watch() (MFSA 2016-47) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-45.1.0-1.el5_11.src.rpm i386: firefox-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm x86_64: firefox-45.1.0-1.el5_11.i386.rpm firefox-45.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-45.1.0-1.el5_11.src.rpm i386: firefox-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm ppc: firefox-45.1.0-1.el5_11.ppc64.rpm firefox-debuginfo-45.1.0-1.el5_11.ppc64.rpm s390x: firefox-45.1.0-1.el5_11.s390.rpm firefox-45.1.0-1.el5_11.s390x.rpm firefox-debuginfo-45.1.0-1.el5_11.s390.rpm firefox-debuginfo-45.1.0-1.el5_11.s390x.rpm x86_64: firefox-45.1.0-1.el5_11.i386.rpm firefox-45.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm ppc64: firefox-45.1.0-1.el6_7.ppc64.rpm firefox-debuginfo-45.1.0-1.el6_7.ppc64.rpm s390x: firefox-45.1.0-1.el6_7.s390x.rpm firefox-debuginfo-45.1.0-1.el6_7.s390x.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-45.1.0-1.el6_7.ppc.rpm firefox-debuginfo-45.1.0-1.el6_7.ppc.rpm s390x: firefox-45.1.0-1.el6_7.s390.rpm firefox-debuginfo-45.1.0-1.el6_7.s390.rpm x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm ppc64: firefox-45.1.0-1.el7_2.ppc64.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc64.rpm ppc64le: firefox-45.1.0-1.el7_2.ppc64le.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc64le.rpm s390x: firefox-45.1.0-1.el7_2.s390x.rpm firefox-debuginfo-45.1.0-1.el7_2.s390x.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-45.1.0-1.el7_2.ppc.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc.rpm s390x: firefox-45.1.0-1.el7_2.s390.rpm firefox-debuginfo-45.1.0-1.el7_2.s390.rpm x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2805 https://access.redhat.com/security/cve/CVE-2016-2806 https://access.redhat.com/security/cve/CVE-2016-2807 https://access.redhat.com/security/cve/CVE-2016-2808 https://access.redhat.com/security/cve/CVE-2016-2814 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.1 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXH8/EXlSAg2UNWIIRAj5ZAJ93d7Su/OfHkvkL014ZpCUSQSEB0wCfdAuD LPsv5fO9FBEQweSvgB3gbg8= =6q/V -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 28 12:13:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Apr 2016 12:13:51 +0000 Subject: [RHSA-2016:0699-01] Low: Red Hat Enterprise Developer Toolset Version 3.x Six-Month Retirement Notice Message-ID: <201604281213.u3SCDprb001084@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Developer Toolset Version 3.x Six-Month Retirement Notice Advisory ID: RHSA-2016:0699-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0699.html Issue date: 2016-04-28 ===================================================================== 1. Summary: This is the Six-Month notification for the retirement of Red Hat Developer Toolset Version 3.x. This notification applies only to those customers subscribed to the channel for Red Hat Developer Toolset Version 3.x. 2. Description: In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering will be retired as of October 31, 2016, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 3.x after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 3.x to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product. Details of the Red Hat Enterprise Developer Toolset life cycle can be found here: https://access.redhat.com/support/policy/updates/dts/ 3. Solution: Red Hat Enterprise Developer Toolset Version 3.x will be retired on October 31, 2016. Customers using Red Hat Enterprise Developer Toolset Version 3.x are encouraged to migrate to a newer release of Red Hat Enterprise Developer Toolset, and can find additional details on the Red Hat Enterprise Developer Toolset life cycle page here https://access.redhat.com/site/support/policy/updates/dts/ 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/dts/ 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXIf5xXlSAg2UNWIIRAmfjAJ9ADXqCcKE/M40V8IezZtRKToxbHwCfbQYP yX0rGQL2hACKeM9qM6Rlxhk= =V/N9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 29 18:04:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 29 Apr 2016 18:04:22 +0000 Subject: [RHSA-2016:0701-01] Critical: java-1.7.1-ibm security update Message-ID: <201604291804.u3TI4MRw008713@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2016:0701-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0701.html Issue date: 2016-04-29 CVE Names: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP40. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1324044 - CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1330986 - CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix 1331359 - CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.ppc64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el7.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el7.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.s390.rpm java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.40-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.40-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0264 https://access.redhat.com/security/cve/CVE-2016-0363 https://access.redhat.com/security/cve/CVE-2016-0376 https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXI6H/XlSAg2UNWIIRArpnAJsEfzJ2PAaGtOrSBj6MWV0QHxQTpgCfe460 pZZTQ+E64FKfvsOMC/StOLY= =qJLm -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 29 18:05:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 29 Apr 2016 18:05:40 +0000 Subject: [RHSA-2016:0702-01] Critical: java-1.7.0-ibm security update Message-ID: <201604291805.u3TI5eNI016328@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2016:0702-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0702.html Issue date: 2016-04-29 CVE Names: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP40. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1324044 - CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1330986 - CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix 1331359 - CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.i386.rpm ppc: java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.9.40-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.s390.rpm java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.s390.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.s390.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.s390.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.40-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.40-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0264 https://access.redhat.com/security/cve/CVE-2016-0363 https://access.redhat.com/security/cve/CVE-2016-0376 https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXI6I2XlSAg2UNWIIRAhxfAKCqr1zdBx3wpURKhEUsPpy6BnwBBwCfYzPk J3dpZ8F1nwdFdLzBiZRQ4nM= =yi3m -----END PGP SIGNATURE-----