From bugzilla at redhat.com Tue Aug 2 17:04:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Aug 2016 13:04:10 -0400 Subject: [RHSA-2016:1546-01] Important: libtiff security update Message-ID: <201608021704.u72H4ASa030225@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 2 17:04:31 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Aug 2016 13:04:31 -0400 Subject: [RHSA-2016:1547-01] Important: libtiff security update Message-ID: <201608021704.u72H4V15030423@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1547-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1547.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm ppc64: libtiff-3.9.4-18.el6_8.ppc.rpm libtiff-3.9.4-18.el6_8.ppc64.rpm libtiff-debuginfo-3.9.4-18.el6_8.ppc.rpm libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm libtiff-devel-3.9.4-18.el6_8.ppc.rpm libtiff-devel-3.9.4-18.el6_8.ppc64.rpm s390x: libtiff-3.9.4-18.el6_8.s390.rpm libtiff-3.9.4-18.el6_8.s390x.rpm libtiff-debuginfo-3.9.4-18.el6_8.s390.rpm libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm libtiff-devel-3.9.4-18.el6_8.s390.rpm libtiff-devel-3.9.4-18.el6_8.s390x.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm ppc64: libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm libtiff-static-3.9.4-18.el6_8.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm libtiff-static-3.9.4-18.el6_8.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoNKeXlSAg2UNWIIRAsVZAJ940rmw6jTuzv+WQ7T1G+tfn9S1GQCgnVTY Fsfa3CmoWEoMPE+ZNQBpeTQ= =vyQ/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 2 22:20:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Aug 2016 22:20:32 +0000 Subject: [RHSA-2016:1532-02] Important: kernel-rt security and bug fix update Message-ID: <201608022220.u72MKXjX028509@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2016:1532-02 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1532.html Issue date: 2016-08-02 CVE Names: CVE-2015-8660 CVE-2016-4470 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate) Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). The kernel-rt packages have been upgraded to upstream version 3.10.0-327.rt56.194.el6rt, which provides a number of bug fixes over the previous version. (BZ#1343658) This update also fixes the following bugs: * Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a "scheduling while atomic" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1348710) * Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348711) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 1343658 - update the MRG 2.5.z 3.10 kernel-rt sources 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-327.rt56.194.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-327.rt56.194.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-327.rt56.194.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8660 https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoRx6XlSAg2UNWIIRAtcZAKCRDzqcIQ0jzuW15qMqskr2lSRILACguGCA Bhidqzg0j1hkf1NZjhlERSY= =hfmH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 2 22:21:41 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Aug 2016 22:21:41 +0000 Subject: [RHSA-2016:1538-01] Moderate: golang security, bug fix, and enhancement update Message-ID: <201608022221.u72MLfiI015455@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: RHSA-2016:1538-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1538.html Issue date: 2016-08-02 CVE Names: CVE-2016-5386 ===================================================================== 1. Summary: An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server Optional (v. 7) - noarch, x86_64 3. Description: The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331) Security Fix(es): * An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1346331 - REBASE to golang 1.6 1353798 - CVE-2016-5386 Go: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Enterprise Linux Server Optional (v. 7): Source: golang-1.6.3-1.el7_2.1.src.rpm noarch: golang-docs-1.6.3-1.el7_2.1.noarch.rpm golang-misc-1.6.3-1.el7_2.1.noarch.rpm golang-src-1.6.3-1.el7_2.1.noarch.rpm golang-tests-1.6.3-1.el7_2.1.noarch.rpm x86_64: golang-1.6.3-1.el7_2.1.x86_64.rpm golang-bin-1.6.3-1.el7_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5386 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoRzhXlSAg2UNWIIRApixAKCMAuZK86IigGI6xma0zpDy/0sQRwCgkeda Hk4/rr0WJ77ZzBLkEBO5tQI= =Ksfa -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 2 22:22:54 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Aug 2016 22:22:54 +0000 Subject: [RHSA-2016:1539-01] Important: kernel security and bug fix update Message-ID: <201608022222.u72MMtMv013972@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:1539-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1539.html Issue date: 2016-08-02 CVE Names: CVE-2015-8660 CVE-2016-2143 CVE-2016-4470 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2460971. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate) * It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process. (CVE-2016-2143, Moderate) Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es): * The glibc headers and the Linux headers share certain definitions of key structures that are required to be defined in kernel and in userspace. In some instances both userspace and sanitized kernel headers have to be included in order to get the structure definitions required by the user program. Unfortunately because the glibc and Linux headers don't coordinate this can result in compilation errors. The glibc headers have therefore been fixed to coordinate with Linux UAPI-based headers. With the header coordination compilation errors no longer occur. (BZ#1331285) * When running the TCP/IPv6 traffic over the mlx4_en networking interface on the big endian architectures, call traces reporting about a "hw csum failure" could occur. With this update, the mlx4_en driver has been fixed by correction of the checksum calculation for the big endian architectures. As a result, the call trace error no longer appears in the log messages. (BZ#1337431) * Under significant load, some applications such as logshifter could generate bursts of log messages too large for the system logger to spool. Due to a race condition, log messages from that application could then be lost even after the log volume dropped to manageable levels. This update fixes the kernel mechanism used to notify the transmitter end of the socket used by the system logger that more space is available on the receiver side, removing a race condition which previously caused the sender to stop transmitting new messages and allowing all log messages to be processed correctly. (BZ#1337513) * Previously, after heavy open or close of the Accelerator Function Unit (AFU) contexts, the interrupt packet went out and the AFU context did not see any interrupts. Consequently, a kernel panic could occur. The provided patch set fixes handling of the interrupt requests, and kernel panic no longer occurs in the described situation. (BZ#1338886) * net: recvfrom would fail on short buffer. (BZ#1339115) * Backport rhashtable changes from upstream. (BZ#1343639) * Server Crashing after starting Glusterd & creating volumes. (BZ#1344234) * RAID5 reshape deadlock fix. (BZ#1344313) * BDX perf uncore support fix. (BZ#1347374) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up 1308908 - CVE-2016-2143 kernel: Fork of large process causes memory corruption 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-327.28.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm kernel-doc-3.10.0-327.28.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm perf-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-327.28.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm kernel-doc-3.10.0-327.28.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm perf-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-327.28.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm kernel-doc-3.10.0-327.28.2.el7.noarch.rpm ppc64: kernel-3.10.0-327.28.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-327.28.2.el7.ppc64.rpm kernel-debug-3.10.0-327.28.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-327.28.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.28.2.el7.ppc64.rpm kernel-devel-3.10.0-327.28.2.el7.ppc64.rpm kernel-headers-3.10.0-327.28.2.el7.ppc64.rpm kernel-tools-3.10.0-327.28.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-327.28.2.el7.ppc64.rpm perf-3.10.0-327.28.2.el7.ppc64.rpm perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm python-perf-3.10.0-327.28.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-327.28.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.28.2.el7.ppc64le.rpm kernel-debug-3.10.0-327.28.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.28.2.el7.ppc64le.rpm kernel-devel-3.10.0-327.28.2.el7.ppc64le.rpm kernel-headers-3.10.0-327.28.2.el7.ppc64le.rpm kernel-tools-3.10.0-327.28.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.28.2.el7.ppc64le.rpm perf-3.10.0-327.28.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm python-perf-3.10.0-327.28.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm s390x: kernel-3.10.0-327.28.2.el7.s390x.rpm kernel-debug-3.10.0-327.28.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-327.28.2.el7.s390x.rpm kernel-debug-devel-3.10.0-327.28.2.el7.s390x.rpm kernel-debuginfo-3.10.0-327.28.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-327.28.2.el7.s390x.rpm kernel-devel-3.10.0-327.28.2.el7.s390x.rpm kernel-headers-3.10.0-327.28.2.el7.s390x.rpm kernel-kdump-3.10.0-327.28.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-327.28.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-327.28.2.el7.s390x.rpm perf-3.10.0-327.28.2.el7.s390x.rpm perf-debuginfo-3.10.0-327.28.2.el7.s390x.rpm python-perf-3.10.0-327.28.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.s390x.rpm x86_64: kernel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm perf-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.28.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-327.28.2.el7.ppc64.rpm perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.28.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.28.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.28.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-327.28.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm kernel-doc-3.10.0-327.28.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm perf-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8660 https://access.redhat.com/security/cve/CVE-2016-2143 https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2460971 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoR0TXlSAg2UNWIIRAvjnAJsHgdzb+uIGBU2qFbo1WViyZ3Q+mgCeMSct rYt7kZ6fTSk+GeFuP7S+jrM= =A2Lp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 2 22:23:59 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Aug 2016 22:23:59 +0000 Subject: [RHSA-2016:1541-03] Important: kernel-rt security and bug fix update Message-ID: <201608022223.u72MNxZw011965@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2016:1541-03 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1541.html Issue date: 2016-08-02 CVE Names: CVE-2015-8660 CVE-2016-4470 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate) Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). The kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug fixes over the previous version. (BZ#1350307) This update also fixes the following bugs: * Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a "scheduling while atomic" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1347171) * Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 1350307 - kernel-rt: update to the RHEL7.2.z batch#6 source tree 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm noarch: kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm x86_64: kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm noarch: kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm x86_64: kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8660 https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoR1NXlSAg2UNWIIRAv2rAJ99Z36Rv+mlJM1WHCh3JqGj+CVlGQCfdSWu +/cXUfSAuXQH5IYYM68A7K8= =L9Ma -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 3 08:14:20 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Aug 2016 08:14:20 +0000 Subject: [RHSA-2016:1551-01] Critical: firefox security update Message-ID: <201608030814.u738ELAN014131@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:1551-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1551.html Issue date: 2016-08-03 CVE Names: CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252, CVE-2016-5263, CVE-2016-2830, CVE-2016-2838, CVE-2016-5254, CVE-2016-5262, CVE-2016-5264, CVE-2016-5265, CVE-2016-2837) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Looben Yang, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda, Philipp, Toni Huttunen, Georg Koppen, Abhishek Arya, Atte Kettunen, Nils, Nikita Arykov, and Abdulrahman Alqabandi as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1342897 - CVE-2016-2830 Mozilla: Favicon network connection persists when page is closed (MFSA 2016-62) 1361974 - CVE-2016-2836 Mozilla: Miscellaneous memory safety hazards (rv:45.3) (MFSA 2016-62) 1361976 - CVE-2016-2838 Mozilla: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64) 1361979 - CVE-2016-5252 Mozilla: Stack underflow during 2D graphics rendering (MFSA 2016-67) 1361980 - CVE-2016-5254 Mozilla: Use-after-free when using alt key and toplevel menus (MFSA 2016-70) 1361982 - CVE-2016-5258 Mozilla: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72) 1361984 - CVE-2016-5259 Mozilla: Use-after-free in service workers with nested sync events (MFSA 2016-73) 1361987 - CVE-2016-5262 Mozilla: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76) 1361989 - CVE-2016-2837 Mozilla: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77) 1361991 - CVE-2016-5263 Mozilla: Type confusion in display transformation (MFSA 2016-78) 1361992 - CVE-2016-5264 Mozilla: Use-after-free when applying SVG effects (MFSA 2016-79) 1361994 - CVE-2016-5265 Mozilla: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-45.3.0-1.el5_11.src.rpm i386: firefox-45.3.0-1.el5_11.i386.rpm firefox-debuginfo-45.3.0-1.el5_11.i386.rpm x86_64: firefox-45.3.0-1.el5_11.i386.rpm firefox-45.3.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.3.0-1.el5_11.i386.rpm firefox-debuginfo-45.3.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-45.3.0-1.el5_11.src.rpm i386: firefox-45.3.0-1.el5_11.i386.rpm firefox-debuginfo-45.3.0-1.el5_11.i386.rpm ppc: firefox-45.3.0-1.el5_11.ppc64.rpm firefox-debuginfo-45.3.0-1.el5_11.ppc64.rpm s390x: firefox-45.3.0-1.el5_11.s390.rpm firefox-45.3.0-1.el5_11.s390x.rpm firefox-debuginfo-45.3.0-1.el5_11.s390.rpm firefox-debuginfo-45.3.0-1.el5_11.s390x.rpm x86_64: firefox-45.3.0-1.el5_11.i386.rpm firefox-45.3.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.3.0-1.el5_11.i386.rpm firefox-debuginfo-45.3.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-45.3.0-1.el6_8.src.rpm i386: firefox-45.3.0-1.el6_8.i686.rpm firefox-debuginfo-45.3.0-1.el6_8.i686.rpm x86_64: firefox-45.3.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.3.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-45.3.0-1.el6_8.i686.rpm firefox-debuginfo-45.3.0-1.el6_8.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-45.3.0-1.el6_8.src.rpm x86_64: firefox-45.3.0-1.el6_8.i686.rpm firefox-45.3.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.3.0-1.el6_8.i686.rpm firefox-debuginfo-45.3.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-45.3.0-1.el6_8.src.rpm i386: firefox-45.3.0-1.el6_8.i686.rpm firefox-debuginfo-45.3.0-1.el6_8.i686.rpm ppc64: firefox-45.3.0-1.el6_8.ppc64.rpm firefox-debuginfo-45.3.0-1.el6_8.ppc64.rpm s390x: firefox-45.3.0-1.el6_8.s390x.rpm firefox-debuginfo-45.3.0-1.el6_8.s390x.rpm x86_64: firefox-45.3.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.3.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-45.3.0-1.el6_8.ppc.rpm firefox-debuginfo-45.3.0-1.el6_8.ppc.rpm s390x: firefox-45.3.0-1.el6_8.s390.rpm firefox-debuginfo-45.3.0-1.el6_8.s390.rpm x86_64: firefox-45.3.0-1.el6_8.i686.rpm firefox-debuginfo-45.3.0-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-45.3.0-1.el6_8.src.rpm i386: firefox-45.3.0-1.el6_8.i686.rpm firefox-debuginfo-45.3.0-1.el6_8.i686.rpm x86_64: firefox-45.3.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.3.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-45.3.0-1.el6_8.i686.rpm firefox-debuginfo-45.3.0-1.el6_8.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-45.3.0-1.el7_2.src.rpm x86_64: firefox-45.3.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.3.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-45.3.0-1.el7_2.i686.rpm firefox-debuginfo-45.3.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-45.3.0-1.el7_2.src.rpm ppc64: firefox-45.3.0-1.el7_2.ppc64.rpm firefox-debuginfo-45.3.0-1.el7_2.ppc64.rpm ppc64le: firefox-45.3.0-1.el7_2.ppc64le.rpm firefox-debuginfo-45.3.0-1.el7_2.ppc64le.rpm s390x: firefox-45.3.0-1.el7_2.s390x.rpm firefox-debuginfo-45.3.0-1.el7_2.s390x.rpm x86_64: firefox-45.3.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.3.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-45.3.0-1.el7_2.ppc.rpm firefox-debuginfo-45.3.0-1.el7_2.ppc.rpm s390x: firefox-45.3.0-1.el7_2.s390.rpm firefox-debuginfo-45.3.0-1.el7_2.s390.rpm x86_64: firefox-45.3.0-1.el7_2.i686.rpm firefox-debuginfo-45.3.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-45.3.0-1.el7_2.src.rpm x86_64: firefox-45.3.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.3.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-45.3.0-1.el7_2.i686.rpm firefox-debuginfo-45.3.0-1.el7_2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2830 https://access.redhat.com/security/cve/CVE-2016-2836 https://access.redhat.com/security/cve/CVE-2016-2837 https://access.redhat.com/security/cve/CVE-2016-2838 https://access.redhat.com/security/cve/CVE-2016-5252 https://access.redhat.com/security/cve/CVE-2016-5254 https://access.redhat.com/security/cve/CVE-2016-5258 https://access.redhat.com/security/cve/CVE-2016-5259 https://access.redhat.com/security/cve/CVE-2016-5262 https://access.redhat.com/security/cve/CVE-2016-5263 https://access.redhat.com/security/cve/CVE-2016-5264 https://access.redhat.com/security/cve/CVE-2016-5265 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoafWXlSAg2UNWIIRAq+zAKC202d7mW8cxaGZGaVCl/JIzgonIACdHNQJ xq763iFAD8z/5QNF3S/D+Is= =Gwhg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 3 08:15:15 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Aug 2016 08:15:15 +0000 Subject: [RHSA-2016:1552-01] Moderate: ntp security update Message-ID: <201608030815.u738FFSJ032317@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1552-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1552.html Issue date: 2016-08-03 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 ===================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the ntpd daemon will restart automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: ntp-4.2.6p5-5.el6_7.5.src.rpm x86_64: ntp-4.2.6p5-5.el6_7.5.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.5.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): noarch: ntp-doc-4.2.6p5-5.el6_7.5.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.5.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: ntp-4.2.6p5-5.el6_7.5.src.rpm i386: ntp-4.2.6p5-5.el6_7.5.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.5.i686.rpm ntpdate-4.2.6p5-5.el6_7.5.i686.rpm ppc64: ntp-4.2.6p5-5.el6_7.5.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.5.ppc64.rpm ntpdate-4.2.6p5-5.el6_7.5.ppc64.rpm s390x: ntp-4.2.6p5-5.el6_7.5.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6_7.5.s390x.rpm ntpdate-4.2.6p5-5.el6_7.5.s390x.rpm x86_64: ntp-4.2.6p5-5.el6_7.5.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.5.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: ntp-debuginfo-4.2.6p5-5.el6_7.5.i686.rpm ntp-perl-4.2.6p5-5.el6_7.5.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.5.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-5.el6_7.5.ppc64.rpm ntp-perl-4.2.6p5-5.el6_7.5.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-5.el6_7.5.s390x.rpm ntp-perl-4.2.6p5-5.el6_7.5.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.5.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoagBXlSAg2UNWIIRAuj5AJ4qI2+4N2Bua0RwxcpDE/Zx7P8fpwCfcn1e /NU6DU/YqufDMSl9d8fRzOg= =cVmo -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 4 12:43:42 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 4 Aug 2016 08:43:42 -0400 Subject: [RHSA-2016:1573-01] Moderate: squid security update Message-ID: <201608041243.u74ChgBj012402@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2016:1573-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1573.html Issue date: 2016-08-04 CVE Names: CVE-2016-5408 ===================================================================== 1. Summary: An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code. (CVE-2016-5408) Red Hat would like to thank Amos Jeffries (Squid) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the squid service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1359203 - CVE-2016-5408 squid: Buffer overflow vulnerability in cachemgr.cgi tool 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: squid-3.1.23-16.el6_8.6.src.rpm i386: squid-3.1.23-16.el6_8.6.i686.rpm squid-debuginfo-3.1.23-16.el6_8.6.i686.rpm ppc64: squid-3.1.23-16.el6_8.6.ppc64.rpm squid-debuginfo-3.1.23-16.el6_8.6.ppc64.rpm s390x: squid-3.1.23-16.el6_8.6.s390x.rpm squid-debuginfo-3.1.23-16.el6_8.6.s390x.rpm x86_64: squid-3.1.23-16.el6_8.6.x86_64.rpm squid-debuginfo-3.1.23-16.el6_8.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: squid-3.1.23-16.el6_8.6.src.rpm i386: squid-3.1.23-16.el6_8.6.i686.rpm squid-debuginfo-3.1.23-16.el6_8.6.i686.rpm x86_64: squid-3.1.23-16.el6_8.6.x86_64.rpm squid-debuginfo-3.1.23-16.el6_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5408 https://rhn.redhat.com/errata/RHSA-2016-1138.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXozh7XlSAg2UNWIIRAg4AAJ96Rmvua/+TWRbTd8HFlBzrxA94WQCfSnQe +Dl6neUrLXaGxmhcN0UzKFU= =a3Od -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 05:12:11 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2016 05:12:11 +0000 Subject: [RHSA-2016:1580-01] Important: chromium-browser security update Message-ID: <201608090512.u795CCmW010905@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:1580-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1580.html Issue date: 2016-08-09 CVE Names: CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 52.0.2743.116. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5146, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1363980 - CVE-2016-5141 chromium-browser: Address bar spoofing 1363981 - CVE-2016-5142 chromium-browser: Use-after-free in Blink 1363982 - CVE-2016-5139 chromium-browser: Heap overflow in pdfium 1363983 - CVE-2016-5140 chromium-browser: Heap overflow in pdfium 1363984 - CVE-2016-5145 chromium-browser: Same origin bypass for images in Blink 1363985 - CVE-2016-5143 chromium-browser: Parameter sanitization failure in DevTools 1363986 - CVE-2016-5144 chromium-browser: Parameter sanitization failure in DevTools 1363987 - CVE-2016-5146 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-52.0.2743.116-1.el6.i686.rpm chromium-browser-debuginfo-52.0.2743.116-1.el6.i686.rpm x86_64: chromium-browser-52.0.2743.116-1.el6.x86_64.rpm chromium-browser-debuginfo-52.0.2743.116-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-52.0.2743.116-1.el6.i686.rpm chromium-browser-debuginfo-52.0.2743.116-1.el6.i686.rpm x86_64: chromium-browser-52.0.2743.116-1.el6.x86_64.rpm chromium-browser-debuginfo-52.0.2743.116-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-52.0.2743.116-1.el6.i686.rpm chromium-browser-debuginfo-52.0.2743.116-1.el6.i686.rpm x86_64: chromium-browser-52.0.2743.116-1.el6.x86_64.rpm chromium-browser-debuginfo-52.0.2743.116-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5139 https://access.redhat.com/security/cve/CVE-2016-5140 https://access.redhat.com/security/cve/CVE-2016-5141 https://access.redhat.com/security/cve/CVE-2016-5142 https://access.redhat.com/security/cve/CVE-2016-5143 https://access.redhat.com/security/cve/CVE-2016-5144 https://access.redhat.com/security/cve/CVE-2016-5145 https://access.redhat.com/security/cve/CVE-2016-5146 https://access.redhat.com/security/updates/classification/#important https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXqWXsXlSAg2UNWIIRAvxtAKC9WHkgGOlm9kfKDWayi6g9mdaOQgCgoHFZ AXlf/M24clfAonb2RKn02Kk= =S9Ne -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 09:23:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2016 09:23:53 +0000 Subject: [RHSA-2016:1581-01] Important: kernel security update Message-ID: <201608090923.u799N6ml018158@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:1581-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1581.html Issue date: 2016-08-09 CVE Names: CVE-2016-4565 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565) Red Hat would like to thank Jann Horn for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.72.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.72.1.el6.noarch.rpm kernel-firmware-2.6.32-358.72.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.72.1.el6.x86_64.rpm kernel-debug-2.6.32-358.72.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.72.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.72.1.el6.x86_64.rpm kernel-devel-2.6.32-358.72.1.el6.x86_64.rpm kernel-headers-2.6.32-358.72.1.el6.x86_64.rpm perf-2.6.32-358.72.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.72.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.72.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm python-perf-2.6.32-358.72.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.72.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4565 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXqaDrXlSAg2UNWIIRAk34AJ48VALb9w2qYvViUlbhrw5Tb6wPGQCgvqjD tUkCzuoS/VF/cUiryTLDzoc= =l5Px -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 10:10:14 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2016 10:10:14 +0000 Subject: [RHSA-2016:1582-01] Moderate: nodejs010-nodejs-minimatch security update Message-ID: <201608091010.u79AAEoW023597@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs010-nodejs-minimatch security update Advisory ID: RHSA-2016:1582-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1582.html Issue date: 2016-08-09 CVE Names: CVE-2016-1000023 ===================================================================== 1. Summary: An update for nodejs010-nodejs-minimatch is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix(es): * A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU. (CVE-2016-1000023) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1348509 - CVE-2016-1000023 nodejs-minimatch: Regular expression denial-of-service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: nodejs010-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: nodejs010-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: nodejs010-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: nodejs010-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: nodejs010-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: nodejs010-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: nodejs010-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: nodejs010-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: nodejs010-nodejs-minimatch-3.0.2-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1000023 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXqavZXlSAg2UNWIIRAovuAJwNxbXMGtGBE2WMuuPTYjd4arkZKQCfU/8z yMCdvyYfbEY3KXJUYgIYKac= =CiXe -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 10:11:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2016 10:11:07 +0000 Subject: [RHSA-2016:1583-01] Moderate: rh-nodejs4-nodejs-minimatch security update Message-ID: <201608091011.u79AB75C006240@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-nodejs4-nodejs-minimatch security update Advisory ID: RHSA-2016:1583-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1583.html Issue date: 2016-08-09 CVE Names: CVE-2016-1000023 ===================================================================== 1. Summary: An update for rh-nodejs4-nodejs-minimatch is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix(es): * A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU. (CVE-2016-1000023) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1348509 - CVE-2016-1000023 nodejs-minimatch: Regular expression denial-of-service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm noarch: rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1000023 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXqawYXlSAg2UNWIIRAtdmAJ9lGkj95j/T7JXR91BochGvRa5YRwCdGd3+ 9yWZvLJXl5zpPR2DcwNATns= =bVWG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 17:55:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2016 13:55:32 -0400 Subject: [RHSA-2016:1585-01] Moderate: qemu-kvm security update Message-ID: <201608091755.u79HtWKv014203@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security update Advisory ID: RHSA-2016:1585-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1585.html Issue date: 2016-08-09 CVE Names: CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.3.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.3.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.3.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.i686.rpm ppc64: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.ppc64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.ppc64.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.3.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXqhkSXlSAg2UNWIIRAqOkAJ0YtSnV0C8aD2OEUaAHi66xy1TcrwCeIzw9 Dvqq6D0lSIDbZVJGtceYH7Q= =HBe+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 18:57:25 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Aug 2016 18:57:25 +0000 Subject: [RHSA-2016:1587-01] Critical: java-1.8.0-ibm security update Message-ID: <201608101857.u7AIvP4a003594@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2016:1587-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1587.html Issue date: 2016-08-10 CVE Names: CVE-2016-3511 CVE-2016-3598 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP10. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356971 - CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) 1358168 - CVE-2016-3511 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.i686.rpm ppc64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.ppc64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.ppc64.rpm s390x: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.s390x.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.s390x.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.s390x.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.ppc.rpm java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el7_2.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.ppc.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el7_2.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el7_2.ppc64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el7_2.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el7_2.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el7_2.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el7_2.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.s390.rpm java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.s390x.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el7_2.s390x.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.s390.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el7_2.s390x.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el7_2.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.10-1jpp.2.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3511 https://access.redhat.com/security/cve/CVE-2016-3598 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXq3kCXlSAg2UNWIIRApicAJwItkr5opRRnZNPDpybSFlihIufvACaAtwU yJiynbOTBc2nVMVs1xOf6Iw= =ZmiG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 18:58:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Aug 2016 18:58:22 +0000 Subject: [RHSA-2016:1588-01] Critical: java-1.7.1-ibm security update Message-ID: <201608101858.u7AIwN7b019570@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2016:1588-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1588.html Issue date: 2016-08-10 CVE Names: CVE-2016-3511 CVE-2016-3598 ===================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP50. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356971 - CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) 1358168 - CVE-2016-3511 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.ppc.rpm java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el7_2.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el7_2.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el7_2.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.s390.rpm java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el7_2.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.50-1jpp.1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3511 https://access.redhat.com/security/cve/CVE-2016-3598 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXq3k4XlSAg2UNWIIRAsp/AKCMOVhbAUgkMhp0YDxsf2K1lzIisQCeNBgS Fua8zYNySCdyhOA9octU8pg= =UOSp -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 18:59:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Aug 2016 18:59:07 +0000 Subject: [RHSA-2016:1589-01] Critical: java-1.7.0-ibm security update Message-ID: <201608101859.u7AIx7BV004476@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2016:1589-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1589.html Issue date: 2016-08-10 CVE Names: CVE-2016-3511 CVE-2016-3598 ===================================================================== 1. Summary: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP50. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356971 - CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) 1358168 - CVE-2016-3511 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.i386.rpm ppc: java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.9.50-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.50-1jpp.1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3511 https://access.redhat.com/security/cve/CVE-2016-3598 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXq3loXlSAg2UNWIIRAmd7AKCkxWEEVB5pd58MkfCKx+MK6RGxDgCdG7yi z1FFflp9/VpBAI/lTwiIc+k= =eeis -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 00:40:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 00:40:17 +0000 Subject: [RHSA-2016:1594-01] Moderate: python-django security update Message-ID: <201608110040.u7B0eHeu028002@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:1594-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1594.html Issue date: 2016-08-10 CVE Names: CVE-2016-6186 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat OpenStack Platform 8.0 Operational Tools for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 8.0 Operational Tools for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * A cross-site scripting (XSS) flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution. (CVE-2016-6186) Red Hat would like to thank the upstream Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355663 - CVE-2016-6186 django: XSS in admin's add/change related popup 6. Package List: Red Hat Enterprise Linux OpenStack Platform 8.0 Operational Tools for RHEL 7: Source: python-django-1.8.14-1.el7ost.src.rpm noarch: python-django-1.8.14-1.el7ost.noarch.rpm python-django-bash-completion-1.8.14-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6186 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXq8lcXlSAg2UNWIIRAoNZAKCEadDe183/Hfd04xu0rj6UZprbBwCcC6VJ qfchG6AZeBeJtP3o7smd7Bo= =LAxz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 00:40:30 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 00:40:30 +0000 Subject: [RHSA-2016:1595-01] Moderate: python-django security update Message-ID: <201608110040.u7B0eUu0028061@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:1595-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1595.html Issue date: 2016-08-10 CVE Names: CVE-2016-6186 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * A cross-site scripting (XSS) flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution. (CVE-2016-6186) Red Hat would like to thank the upstream Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355663 - CVE-2016-6186 django: XSS in admin's add/change related popup 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: python-django-1.8.14-1.el7ost.src.rpm noarch: python-django-1.8.14-1.el7ost.noarch.rpm python-django-bash-completion-1.8.14-1.el7ost.noarch.rpm python-django-doc-1.8.14-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6186 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXq8fKXlSAg2UNWIIRAs4xAJ0SGVYhdCfTmJLQpeKKit5ibpF8nwCaAzEn +z7ULANg0Qn/BOsC3ficZow= =I5z5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 01:33:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 01:33:13 +0000 Subject: [RHSA-2016:1596-01] Moderate: python-django security update Message-ID: <201608110133.u7B1XDkw006114@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:1596-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1596.html Issue date: 2016-08-11 CVE Names: CVE-2016-6186 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * A cross-site scripting (XSS) flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution. (CVE-2016-6186) Red Hat would like to thank the upstream Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355663 - CVE-2016-6186 django: XSS in admin's add/change related popup 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: python-django-1.8.14-1.el7ost.src.rpm noarch: python-django-1.8.14-1.el7ost.noarch.rpm python-django-bash-completion-1.8.14-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6186 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXq9WwXlSAg2UNWIIRAmdNAJ4sSHbwFTK56ujNx483Q1kx+mRqXwCfcS8D 2ljzf9WhWMVXuKYxPp0r06I= =/iko -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 14:40:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 14:40:10 +0000 Subject: [RHSA-2016:1601-01] Important: rh-mysql56-mysql security update Message-ID: <201608111440.u7BEeBcv027992@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mysql56-mysql security update Advisory ID: RHSA-2016:1601-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1601.html Issue date: 2016-08-11 CVE Names: CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3501 CVE-2016-3521 CVE-2016-3614 CVE-2016-3615 CVE-2016-5439 CVE-2016-5440 ===================================================================== 1. Summary: An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql (5.6.32). Security Fix(es): * This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3459, CVE-2016-3477, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3614, CVE-2016-3615, CVE-2016-5439, CVE-2016-5440) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1358202 - CVE-2016-3459 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU July 2016) 1358205 - CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) 1358206 - CVE-2016-3486 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU July 2016) 1358207 - CVE-2016-3501 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU July 2016) 1358209 - CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) 1358211 - CVE-2016-3614 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016) 1358212 - CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) 1358216 - CVE-2016-5439 mysql: unspecified vulnerability in subcomponent: Server: Privileges (CPU July 2016) 1358218 - CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mysql56-mysql-5.6.32-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mysql56-mysql-5.6.32-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mysql56-mysql-5.6.32-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mysql56-mysql-5.6.32-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mysql56-mysql-5.6.32-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mysql56-mysql-5.6.32-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-mysql56-mysql-5.6.32-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mysql56-mysql-5.6.32-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.32-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.32-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3459 https://access.redhat.com/security/cve/CVE-2016-3477 https://access.redhat.com/security/cve/CVE-2016-3486 https://access.redhat.com/security/cve/CVE-2016-3501 https://access.redhat.com/security/cve/CVE-2016-3521 https://access.redhat.com/security/cve/CVE-2016-3614 https://access.redhat.com/security/cve/CVE-2016-3615 https://access.redhat.com/security/cve/CVE-2016-5439 https://access.redhat.com/security/cve/CVE-2016-5440 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrI4xXlSAg2UNWIIRAoUcAJ9/1CbuBAUulo4awyGSncXHJLkbYQCfaRQx 2TFWuluSLoYZbUOX6WXmd1Y= =ZZhJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 14:41:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 14:41:13 +0000 Subject: [RHSA-2016:1602-01] Important: mariadb security update Message-ID: <201608111441.u7BEfESt029779@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb security update Advisory ID: RHSA-2016:1602-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1602.html Issue date: 2016-08-11 CVE Names: CVE-2016-0640 CVE-2016-0641 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-3452 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5444 ===================================================================== 1. Summary: An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es): * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1329239 - CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329241 - CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016) 1329245 - CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329247 - CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016) 1329248 - CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329249 - CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016) 1329251 - CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329252 - CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329253 - CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016) 1329270 - CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016) 1358201 - CVE-2016-3452 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016) 1358205 - CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) 1358209 - CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) 1358212 - CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) 1358218 - CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) 1358223 - CVE-2016-5444 mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm ppc64: mariadb-5.5.50-1.el7_2.ppc64.rpm mariadb-bench-5.5.50-1.el7_2.ppc64.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc64.rpm mariadb-devel-5.5.50-1.el7_2.ppc.rpm mariadb-devel-5.5.50-1.el7_2.ppc64.rpm mariadb-libs-5.5.50-1.el7_2.ppc.rpm mariadb-libs-5.5.50-1.el7_2.ppc64.rpm mariadb-server-5.5.50-1.el7_2.ppc64.rpm mariadb-test-5.5.50-1.el7_2.ppc64.rpm ppc64le: mariadb-5.5.50-1.el7_2.ppc64le.rpm mariadb-bench-5.5.50-1.el7_2.ppc64le.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc64le.rpm mariadb-devel-5.5.50-1.el7_2.ppc64le.rpm mariadb-libs-5.5.50-1.el7_2.ppc64le.rpm mariadb-server-5.5.50-1.el7_2.ppc64le.rpm mariadb-test-5.5.50-1.el7_2.ppc64le.rpm s390x: mariadb-5.5.50-1.el7_2.s390x.rpm mariadb-bench-5.5.50-1.el7_2.s390x.rpm mariadb-debuginfo-5.5.50-1.el7_2.s390.rpm mariadb-debuginfo-5.5.50-1.el7_2.s390x.rpm mariadb-devel-5.5.50-1.el7_2.s390.rpm mariadb-devel-5.5.50-1.el7_2.s390x.rpm mariadb-libs-5.5.50-1.el7_2.s390.rpm mariadb-libs-5.5.50-1.el7_2.s390x.rpm mariadb-server-5.5.50-1.el7_2.s390x.rpm mariadb-test-5.5.50-1.el7_2.s390x.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.50-1.el7_2.ppc.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc64.rpm mariadb-embedded-5.5.50-1.el7_2.ppc.rpm mariadb-embedded-5.5.50-1.el7_2.ppc64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.ppc.rpm mariadb-embedded-devel-5.5.50-1.el7_2.ppc64.rpm ppc64le: mariadb-debuginfo-5.5.50-1.el7_2.ppc64le.rpm mariadb-embedded-5.5.50-1.el7_2.ppc64le.rpm mariadb-embedded-devel-5.5.50-1.el7_2.ppc64le.rpm s390x: mariadb-debuginfo-5.5.50-1.el7_2.s390.rpm mariadb-debuginfo-5.5.50-1.el7_2.s390x.rpm mariadb-embedded-5.5.50-1.el7_2.s390.rpm mariadb-embedded-5.5.50-1.el7_2.s390x.rpm mariadb-embedded-devel-5.5.50-1.el7_2.s390.rpm mariadb-embedded-devel-5.5.50-1.el7_2.s390x.rpm x86_64: mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0640 https://access.redhat.com/security/cve/CVE-2016-0641 https://access.redhat.com/security/cve/CVE-2016-0643 https://access.redhat.com/security/cve/CVE-2016-0644 https://access.redhat.com/security/cve/CVE-2016-0646 https://access.redhat.com/security/cve/CVE-2016-0647 https://access.redhat.com/security/cve/CVE-2016-0648 https://access.redhat.com/security/cve/CVE-2016-0649 https://access.redhat.com/security/cve/CVE-2016-0650 https://access.redhat.com/security/cve/CVE-2016-0666 https://access.redhat.com/security/cve/CVE-2016-3452 https://access.redhat.com/security/cve/CVE-2016-3477 https://access.redhat.com/security/cve/CVE-2016-3521 https://access.redhat.com/security/cve/CVE-2016-3615 https://access.redhat.com/security/cve/CVE-2016-5440 https://access.redhat.com/security/cve/CVE-2016-5444 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrI5tXlSAg2UNWIIRAoMKAKCk82023z4v+aYdgpwKwjirfoOVTwCgtUwp 9y8bd6YZ2ioVv7ENX6rspoc= =nTD6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 14:42:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 14:42:27 +0000 Subject: [RHSA-2016:1603-01] Important: mariadb55-mariadb security update Message-ID: <201608111442.u7BEgRBp000901@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb55-mariadb security update Advisory ID: RHSA-2016:1603-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1603.html Issue date: 2016-08-11 CVE Names: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 ===================================================================== 1. Summary: An update for mariadb55-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb (5.5.50). Security Fix(es): * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1358205 - CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) 1358209 - CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) 1358212 - CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) 1358218 - CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: mariadb55-mariadb-5.5.50-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mariadb55-mariadb-5.5.50-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: mariadb55-mariadb-5.5.50-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: mariadb55-mariadb-5.5.50-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: mariadb55-mariadb-5.5.50-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: mariadb55-mariadb-5.5.50-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: mariadb55-mariadb-5.5.50-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb55-mariadb-5.5.50-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.50-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.50-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3477 https://access.redhat.com/security/cve/CVE-2016-3521 https://access.redhat.com/security/cve/CVE-2016-3615 https://access.redhat.com/security/cve/CVE-2016-5440 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrI6qXlSAg2UNWIIRAuAMAJ9/lUwv+Tsj7708/DZu7BMu9oITsQCeMbhO BaGf+317EgchrutG1C0R4LY= =C4GV -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 14:43:25 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 14:43:25 +0000 Subject: [RHSA-2016:1604-01] Important: rh-mariadb100-mariadb security update Message-ID: <201608111443.u7BEhP0V032352@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mariadb100-mariadb security update Advisory ID: RHSA-2016:1604-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1604.html Issue date: 2016-08-11 CVE Names: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 ===================================================================== 1. Summary: An update for rh-mariadb100-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb (10.0.26). Security Fix(es): * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1358205 - CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) 1358209 - CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) 1358212 - CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) 1358218 - CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mariadb100-mariadb-10.0.26-2.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mariadb100-mariadb-10.0.26-2.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mariadb100-mariadb-10.0.26-2.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mariadb100-mariadb-10.0.26-2.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mariadb100-mariadb-10.0.26-2.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mariadb100-mariadb-10.0.26-2.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-mariadb100-mariadb-10.0.26-2.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mariadb100-mariadb-10.0.26-2.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.26-2.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.26-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3477 https://access.redhat.com/security/cve/CVE-2016-3521 https://access.redhat.com/security/cve/CVE-2016-3615 https://access.redhat.com/security/cve/CVE-2016-5440 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrI7pXlSAg2UNWIIRAhALAJoCTZGPe9HptNW5FZgymvBc3g50kgCfbdOS mfaADT08wiPtKFc+vJIwlEY= =eic/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 17:28:47 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 17:28:47 +0000 Subject: [RHSA-2016:1605-01] Moderate: Red Hat OpenShift Enterprise security update Message-ID: <201608111728.u7BHSljD018549@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise security update Advisory ID: RHSA-2016:1605-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1605 Issue date: 2016-08-11 CVE Names: CVE-2016-1000022 CVE-2016-1000023 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Enterprise 3.1 and Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - noarch Red Hat OpenShift Enterprise 3.2 - noarch 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. The logging auth proxy is a reverse proxy that authenticates requests against OpenShift, retrieving user information and setting the configured header with the appropriate details. Security Fix(es): * A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU. (CVE-2016-1000022) * A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU. (CVE-2016-1000023) Refer to the changelog listed in the References section for a list of changes. This update includes the following images: openshift3/logging-auth-proxy:3.1.1-13 openshift3/logging-auth-proxy:3.2.1-5 All OpenShift Enterprise 3 users are advised to upgrade to the updated images. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1347677 - CVE-2016-1000022 nodejs-negotiator: Regular expression denial-of-service 1348509 - CVE-2016-1000023 nodejs-minimatch: Regular expression denial-of-service 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: nodejs-accepts-1.3.3-1.el7.src.rpm nodejs-express-4.13.3-4.el7.src.rpm nodejs-mime-db-1.23.0-1.el7.src.rpm nodejs-mime-types-2.1.11-1.el7.src.rpm nodejs-minimatch-3.0.2-1.el7.src.rpm nodejs-negotiator-0.6.1-1.el7.src.rpm noarch: nodejs-accepts-1.3.3-1.el7.noarch.rpm nodejs-express-4.13.3-4.el7.noarch.rpm nodejs-mime-db-1.23.0-1.el7.noarch.rpm nodejs-mime-types-2.1.11-1.el7.noarch.rpm nodejs-minimatch-3.0.2-1.el7.noarch.rpm nodejs-negotiator-0.6.1-1.el7.noarch.rpm Red Hat OpenShift Enterprise 3.2: Source: nodejs-accepts-1.3.3-1.el7.src.rpm nodejs-express-4.13.3-4.el7.src.rpm nodejs-mime-db-1.23.0-1.el7.src.rpm nodejs-mime-types-2.1.11-1.el7.src.rpm nodejs-minimatch-3.0.2-1.el7.src.rpm nodejs-negotiator-0.6.1-1.el7.src.rpm noarch: nodejs-accepts-1.3.3-1.el7.noarch.rpm nodejs-express-4.13.3-4.el7.noarch.rpm nodejs-mime-db-1.23.0-1.el7.noarch.rpm nodejs-mime-types-2.1.11-1.el7.noarch.rpm nodejs-minimatch-3.0.2-1.el7.noarch.rpm nodejs-negotiator-0.6.1-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1000022 https://access.redhat.com/security/cve/CVE-2016-1000023 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrLXGXlSAg2UNWIIRArocAJ9+WgzNssjwe83oaonRElAC53IdhACgxRui HZIq2cFtWbY2vNuXqE4rnNo= =8+17 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 19:26:48 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 15:26:48 -0400 Subject: [RHSA-2016:1606-01] Moderate: qemu-kvm security update Message-ID: <201608111926.u7BJQmEc013999@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security update Advisory ID: RHSA-2016:1606-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1606.html Issue date: 2016-08-11 CVE Names: CVE-2016-5126 CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick Emulator(Qemu) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host. (CVE-2016-5126) * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting CVE-2016-5403. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1340924 - CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.7.src.rpm x86_64: libcacard-1.5.3-105.el7_2.7.i686.rpm libcacard-1.5.3-105.el7_2.7.x86_64.rpm qemu-img-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-105.el7_2.7.i686.rpm libcacard-devel-1.5.3-105.el7_2.7.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.7.src.rpm x86_64: libcacard-1.5.3-105.el7_2.7.i686.rpm libcacard-1.5.3-105.el7_2.7.x86_64.rpm libcacard-devel-1.5.3-105.el7_2.7.i686.rpm libcacard-devel-1.5.3-105.el7_2.7.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.7.x86_64.rpm qemu-img-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.7.src.rpm ppc64: qemu-img-1.5.3-105.el7_2.7.ppc64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.ppc64.rpm ppc64le: qemu-img-1.5.3-105.el7_2.7.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.ppc64le.rpm x86_64: libcacard-1.5.3-105.el7_2.7.i686.rpm libcacard-1.5.3-105.el7_2.7.x86_64.rpm qemu-img-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcacard-1.5.3-105.el7_2.7.ppc.rpm libcacard-1.5.3-105.el7_2.7.ppc64.rpm libcacard-devel-1.5.3-105.el7_2.7.ppc.rpm libcacard-devel-1.5.3-105.el7_2.7.ppc64.rpm libcacard-tools-1.5.3-105.el7_2.7.ppc64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.ppc.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.ppc64.rpm ppc64le: libcacard-1.5.3-105.el7_2.7.ppc64le.rpm libcacard-devel-1.5.3-105.el7_2.7.ppc64le.rpm libcacard-tools-1.5.3-105.el7_2.7.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.ppc64le.rpm x86_64: libcacard-devel-1.5.3-105.el7_2.7.i686.rpm libcacard-devel-1.5.3-105.el7_2.7.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.7.src.rpm x86_64: libcacard-1.5.3-105.el7_2.7.i686.rpm libcacard-1.5.3-105.el7_2.7.x86_64.rpm qemu-img-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-105.el7_2.7.i686.rpm libcacard-devel-1.5.3-105.el7_2.7.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5126 https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrNF2XlSAg2UNWIIRAgRvAJ0e6TgscGucAAkwGTvgxuKgZJU/aACfdDJW GiYkCcoaHP1vg5zFTtXede4= =UDUO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 21:56:05 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 17:56:05 -0400 Subject: [RHSA-2016:1609-01] Moderate: php security update Message-ID: <201608112156.u7BLu5lK009089@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2016:1609-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1609.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 ===================================================================== 1. Summary: An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: php-5.3.3-48.el6_8.src.rpm i386: php-5.3.3-48.el6_8.i686.rpm php-bcmath-5.3.3-48.el6_8.i686.rpm php-cli-5.3.3-48.el6_8.i686.rpm php-common-5.3.3-48.el6_8.i686.rpm php-dba-5.3.3-48.el6_8.i686.rpm php-debuginfo-5.3.3-48.el6_8.i686.rpm php-devel-5.3.3-48.el6_8.i686.rpm php-embedded-5.3.3-48.el6_8.i686.rpm php-enchant-5.3.3-48.el6_8.i686.rpm php-fpm-5.3.3-48.el6_8.i686.rpm php-gd-5.3.3-48.el6_8.i686.rpm php-imap-5.3.3-48.el6_8.i686.rpm php-intl-5.3.3-48.el6_8.i686.rpm php-ldap-5.3.3-48.el6_8.i686.rpm php-mbstring-5.3.3-48.el6_8.i686.rpm php-mysql-5.3.3-48.el6_8.i686.rpm php-odbc-5.3.3-48.el6_8.i686.rpm php-pdo-5.3.3-48.el6_8.i686.rpm php-pgsql-5.3.3-48.el6_8.i686.rpm php-process-5.3.3-48.el6_8.i686.rpm php-pspell-5.3.3-48.el6_8.i686.rpm php-recode-5.3.3-48.el6_8.i686.rpm php-snmp-5.3.3-48.el6_8.i686.rpm php-soap-5.3.3-48.el6_8.i686.rpm php-tidy-5.3.3-48.el6_8.i686.rpm php-xml-5.3.3-48.el6_8.i686.rpm php-xmlrpc-5.3.3-48.el6_8.i686.rpm php-zts-5.3.3-48.el6_8.i686.rpm x86_64: php-5.3.3-48.el6_8.x86_64.rpm php-bcmath-5.3.3-48.el6_8.x86_64.rpm php-cli-5.3.3-48.el6_8.x86_64.rpm php-common-5.3.3-48.el6_8.x86_64.rpm php-dba-5.3.3-48.el6_8.x86_64.rpm php-debuginfo-5.3.3-48.el6_8.x86_64.rpm php-devel-5.3.3-48.el6_8.x86_64.rpm php-embedded-5.3.3-48.el6_8.x86_64.rpm php-enchant-5.3.3-48.el6_8.x86_64.rpm php-fpm-5.3.3-48.el6_8.x86_64.rpm php-gd-5.3.3-48.el6_8.x86_64.rpm php-imap-5.3.3-48.el6_8.x86_64.rpm php-intl-5.3.3-48.el6_8.x86_64.rpm php-ldap-5.3.3-48.el6_8.x86_64.rpm php-mbstring-5.3.3-48.el6_8.x86_64.rpm php-mysql-5.3.3-48.el6_8.x86_64.rpm php-odbc-5.3.3-48.el6_8.x86_64.rpm php-pdo-5.3.3-48.el6_8.x86_64.rpm php-pgsql-5.3.3-48.el6_8.x86_64.rpm php-process-5.3.3-48.el6_8.x86_64.rpm php-pspell-5.3.3-48.el6_8.x86_64.rpm php-recode-5.3.3-48.el6_8.x86_64.rpm php-snmp-5.3.3-48.el6_8.x86_64.rpm php-soap-5.3.3-48.el6_8.x86_64.rpm php-tidy-5.3.3-48.el6_8.x86_64.rpm php-xml-5.3.3-48.el6_8.x86_64.rpm php-xmlrpc-5.3.3-48.el6_8.x86_64.rpm php-zts-5.3.3-48.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: php-5.3.3-48.el6_8.src.rpm x86_64: php-cli-5.3.3-48.el6_8.x86_64.rpm php-common-5.3.3-48.el6_8.x86_64.rpm php-debuginfo-5.3.3-48.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: php-5.3.3-48.el6_8.x86_64.rpm php-bcmath-5.3.3-48.el6_8.x86_64.rpm php-dba-5.3.3-48.el6_8.x86_64.rpm php-debuginfo-5.3.3-48.el6_8.x86_64.rpm php-devel-5.3.3-48.el6_8.x86_64.rpm php-embedded-5.3.3-48.el6_8.x86_64.rpm php-enchant-5.3.3-48.el6_8.x86_64.rpm php-fpm-5.3.3-48.el6_8.x86_64.rpm php-gd-5.3.3-48.el6_8.x86_64.rpm php-imap-5.3.3-48.el6_8.x86_64.rpm php-intl-5.3.3-48.el6_8.x86_64.rpm php-ldap-5.3.3-48.el6_8.x86_64.rpm php-mbstring-5.3.3-48.el6_8.x86_64.rpm php-mysql-5.3.3-48.el6_8.x86_64.rpm php-odbc-5.3.3-48.el6_8.x86_64.rpm php-pdo-5.3.3-48.el6_8.x86_64.rpm php-pgsql-5.3.3-48.el6_8.x86_64.rpm php-process-5.3.3-48.el6_8.x86_64.rpm php-pspell-5.3.3-48.el6_8.x86_64.rpm php-recode-5.3.3-48.el6_8.x86_64.rpm php-snmp-5.3.3-48.el6_8.x86_64.rpm php-soap-5.3.3-48.el6_8.x86_64.rpm php-tidy-5.3.3-48.el6_8.x86_64.rpm php-xml-5.3.3-48.el6_8.x86_64.rpm php-xmlrpc-5.3.3-48.el6_8.x86_64.rpm php-zts-5.3.3-48.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: php-5.3.3-48.el6_8.src.rpm i386: php-5.3.3-48.el6_8.i686.rpm php-cli-5.3.3-48.el6_8.i686.rpm php-common-5.3.3-48.el6_8.i686.rpm php-debuginfo-5.3.3-48.el6_8.i686.rpm php-gd-5.3.3-48.el6_8.i686.rpm php-ldap-5.3.3-48.el6_8.i686.rpm php-mysql-5.3.3-48.el6_8.i686.rpm php-odbc-5.3.3-48.el6_8.i686.rpm php-pdo-5.3.3-48.el6_8.i686.rpm php-pgsql-5.3.3-48.el6_8.i686.rpm php-soap-5.3.3-48.el6_8.i686.rpm php-xml-5.3.3-48.el6_8.i686.rpm php-xmlrpc-5.3.3-48.el6_8.i686.rpm ppc64: php-5.3.3-48.el6_8.ppc64.rpm php-cli-5.3.3-48.el6_8.ppc64.rpm php-common-5.3.3-48.el6_8.ppc64.rpm php-debuginfo-5.3.3-48.el6_8.ppc64.rpm php-gd-5.3.3-48.el6_8.ppc64.rpm php-ldap-5.3.3-48.el6_8.ppc64.rpm php-mysql-5.3.3-48.el6_8.ppc64.rpm php-odbc-5.3.3-48.el6_8.ppc64.rpm php-pdo-5.3.3-48.el6_8.ppc64.rpm php-pgsql-5.3.3-48.el6_8.ppc64.rpm php-soap-5.3.3-48.el6_8.ppc64.rpm php-xml-5.3.3-48.el6_8.ppc64.rpm php-xmlrpc-5.3.3-48.el6_8.ppc64.rpm s390x: php-5.3.3-48.el6_8.s390x.rpm php-cli-5.3.3-48.el6_8.s390x.rpm php-common-5.3.3-48.el6_8.s390x.rpm php-debuginfo-5.3.3-48.el6_8.s390x.rpm php-gd-5.3.3-48.el6_8.s390x.rpm php-ldap-5.3.3-48.el6_8.s390x.rpm php-mysql-5.3.3-48.el6_8.s390x.rpm php-odbc-5.3.3-48.el6_8.s390x.rpm php-pdo-5.3.3-48.el6_8.s390x.rpm php-pgsql-5.3.3-48.el6_8.s390x.rpm php-soap-5.3.3-48.el6_8.s390x.rpm php-xml-5.3.3-48.el6_8.s390x.rpm php-xmlrpc-5.3.3-48.el6_8.s390x.rpm x86_64: php-5.3.3-48.el6_8.x86_64.rpm php-cli-5.3.3-48.el6_8.x86_64.rpm php-common-5.3.3-48.el6_8.x86_64.rpm php-debuginfo-5.3.3-48.el6_8.x86_64.rpm php-gd-5.3.3-48.el6_8.x86_64.rpm php-ldap-5.3.3-48.el6_8.x86_64.rpm php-mysql-5.3.3-48.el6_8.x86_64.rpm php-odbc-5.3.3-48.el6_8.x86_64.rpm php-pdo-5.3.3-48.el6_8.x86_64.rpm php-pgsql-5.3.3-48.el6_8.x86_64.rpm php-soap-5.3.3-48.el6_8.x86_64.rpm php-xml-5.3.3-48.el6_8.x86_64.rpm php-xmlrpc-5.3.3-48.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: php-bcmath-5.3.3-48.el6_8.i686.rpm php-dba-5.3.3-48.el6_8.i686.rpm php-debuginfo-5.3.3-48.el6_8.i686.rpm php-devel-5.3.3-48.el6_8.i686.rpm php-embedded-5.3.3-48.el6_8.i686.rpm php-enchant-5.3.3-48.el6_8.i686.rpm php-fpm-5.3.3-48.el6_8.i686.rpm php-imap-5.3.3-48.el6_8.i686.rpm php-intl-5.3.3-48.el6_8.i686.rpm php-mbstring-5.3.3-48.el6_8.i686.rpm php-process-5.3.3-48.el6_8.i686.rpm php-pspell-5.3.3-48.el6_8.i686.rpm php-recode-5.3.3-48.el6_8.i686.rpm php-snmp-5.3.3-48.el6_8.i686.rpm php-tidy-5.3.3-48.el6_8.i686.rpm php-zts-5.3.3-48.el6_8.i686.rpm ppc64: php-bcmath-5.3.3-48.el6_8.ppc64.rpm php-dba-5.3.3-48.el6_8.ppc64.rpm php-debuginfo-5.3.3-48.el6_8.ppc64.rpm php-devel-5.3.3-48.el6_8.ppc64.rpm php-embedded-5.3.3-48.el6_8.ppc64.rpm php-enchant-5.3.3-48.el6_8.ppc64.rpm php-fpm-5.3.3-48.el6_8.ppc64.rpm php-imap-5.3.3-48.el6_8.ppc64.rpm php-intl-5.3.3-48.el6_8.ppc64.rpm php-mbstring-5.3.3-48.el6_8.ppc64.rpm php-process-5.3.3-48.el6_8.ppc64.rpm php-pspell-5.3.3-48.el6_8.ppc64.rpm php-recode-5.3.3-48.el6_8.ppc64.rpm php-snmp-5.3.3-48.el6_8.ppc64.rpm php-tidy-5.3.3-48.el6_8.ppc64.rpm php-zts-5.3.3-48.el6_8.ppc64.rpm s390x: php-bcmath-5.3.3-48.el6_8.s390x.rpm php-dba-5.3.3-48.el6_8.s390x.rpm php-debuginfo-5.3.3-48.el6_8.s390x.rpm php-devel-5.3.3-48.el6_8.s390x.rpm php-embedded-5.3.3-48.el6_8.s390x.rpm php-enchant-5.3.3-48.el6_8.s390x.rpm php-fpm-5.3.3-48.el6_8.s390x.rpm php-imap-5.3.3-48.el6_8.s390x.rpm php-intl-5.3.3-48.el6_8.s390x.rpm php-mbstring-5.3.3-48.el6_8.s390x.rpm php-process-5.3.3-48.el6_8.s390x.rpm php-pspell-5.3.3-48.el6_8.s390x.rpm php-recode-5.3.3-48.el6_8.s390x.rpm php-snmp-5.3.3-48.el6_8.s390x.rpm php-tidy-5.3.3-48.el6_8.s390x.rpm php-zts-5.3.3-48.el6_8.s390x.rpm x86_64: php-bcmath-5.3.3-48.el6_8.x86_64.rpm php-dba-5.3.3-48.el6_8.x86_64.rpm php-debuginfo-5.3.3-48.el6_8.x86_64.rpm php-devel-5.3.3-48.el6_8.x86_64.rpm php-embedded-5.3.3-48.el6_8.x86_64.rpm php-enchant-5.3.3-48.el6_8.x86_64.rpm php-fpm-5.3.3-48.el6_8.x86_64.rpm php-imap-5.3.3-48.el6_8.x86_64.rpm php-intl-5.3.3-48.el6_8.x86_64.rpm php-mbstring-5.3.3-48.el6_8.x86_64.rpm php-process-5.3.3-48.el6_8.x86_64.rpm php-pspell-5.3.3-48.el6_8.x86_64.rpm php-recode-5.3.3-48.el6_8.x86_64.rpm php-snmp-5.3.3-48.el6_8.x86_64.rpm php-tidy-5.3.3-48.el6_8.x86_64.rpm php-zts-5.3.3-48.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: php-5.3.3-48.el6_8.src.rpm i386: php-5.3.3-48.el6_8.i686.rpm php-cli-5.3.3-48.el6_8.i686.rpm php-common-5.3.3-48.el6_8.i686.rpm php-debuginfo-5.3.3-48.el6_8.i686.rpm php-gd-5.3.3-48.el6_8.i686.rpm php-ldap-5.3.3-48.el6_8.i686.rpm php-mysql-5.3.3-48.el6_8.i686.rpm php-odbc-5.3.3-48.el6_8.i686.rpm php-pdo-5.3.3-48.el6_8.i686.rpm php-pgsql-5.3.3-48.el6_8.i686.rpm php-soap-5.3.3-48.el6_8.i686.rpm php-xml-5.3.3-48.el6_8.i686.rpm php-xmlrpc-5.3.3-48.el6_8.i686.rpm x86_64: php-5.3.3-48.el6_8.x86_64.rpm php-cli-5.3.3-48.el6_8.x86_64.rpm php-common-5.3.3-48.el6_8.x86_64.rpm php-debuginfo-5.3.3-48.el6_8.x86_64.rpm php-gd-5.3.3-48.el6_8.x86_64.rpm php-ldap-5.3.3-48.el6_8.x86_64.rpm php-mysql-5.3.3-48.el6_8.x86_64.rpm php-odbc-5.3.3-48.el6_8.x86_64.rpm php-pdo-5.3.3-48.el6_8.x86_64.rpm php-pgsql-5.3.3-48.el6_8.x86_64.rpm php-soap-5.3.3-48.el6_8.x86_64.rpm php-xml-5.3.3-48.el6_8.x86_64.rpm php-xmlrpc-5.3.3-48.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: php-bcmath-5.3.3-48.el6_8.i686.rpm php-dba-5.3.3-48.el6_8.i686.rpm php-debuginfo-5.3.3-48.el6_8.i686.rpm php-devel-5.3.3-48.el6_8.i686.rpm php-embedded-5.3.3-48.el6_8.i686.rpm php-enchant-5.3.3-48.el6_8.i686.rpm php-fpm-5.3.3-48.el6_8.i686.rpm php-imap-5.3.3-48.el6_8.i686.rpm php-intl-5.3.3-48.el6_8.i686.rpm php-mbstring-5.3.3-48.el6_8.i686.rpm php-process-5.3.3-48.el6_8.i686.rpm php-pspell-5.3.3-48.el6_8.i686.rpm php-recode-5.3.3-48.el6_8.i686.rpm php-snmp-5.3.3-48.el6_8.i686.rpm php-tidy-5.3.3-48.el6_8.i686.rpm php-zts-5.3.3-48.el6_8.i686.rpm x86_64: php-bcmath-5.3.3-48.el6_8.x86_64.rpm php-dba-5.3.3-48.el6_8.x86_64.rpm php-debuginfo-5.3.3-48.el6_8.x86_64.rpm php-devel-5.3.3-48.el6_8.x86_64.rpm php-embedded-5.3.3-48.el6_8.x86_64.rpm php-enchant-5.3.3-48.el6_8.x86_64.rpm php-fpm-5.3.3-48.el6_8.x86_64.rpm php-imap-5.3.3-48.el6_8.x86_64.rpm php-intl-5.3.3-48.el6_8.x86_64.rpm php-mbstring-5.3.3-48.el6_8.x86_64.rpm php-process-5.3.3-48.el6_8.x86_64.rpm php-pspell-5.3.3-48.el6_8.x86_64.rpm php-recode-5.3.3-48.el6_8.x86_64.rpm php-snmp-5.3.3-48.el6_8.x86_64.rpm php-tidy-5.3.3-48.el6_8.x86_64.rpm php-zts-5.3.3-48.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5385 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrPRyXlSAg2UNWIIRAjXqAJ40lhwwWqwONbSjwEE1eqXPyzEX2ACfZYmC nUz/3znErAMpqmKYHdeumVw= =X0gC -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 21:56:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 17:56:35 -0400 Subject: [RHSA-2016:1610-01] Moderate: php54-php security update Message-ID: <201608112156.u7BLuZUo009251@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php54-php security update Advisory ID: RHSA-2016:1610-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1610.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 ===================================================================== 1. Summary: An update for php54-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5385 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrPSRXlSAg2UNWIIRAm7eAJ46bwD5dNGjO2qoFKsoL92xftbbTgCgkeMg 3r5SaIOUCU9fw1VuBLjTlPI= =fzN3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 21:57:05 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 17:57:05 -0400 Subject: [RHSA-2016:1611-01] Moderate: php55-php security update Message-ID: <201608112157.u7BLv5Pv004935@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php55-php security update Advisory ID: RHSA-2016:1611-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1611.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 ===================================================================== 1. Summary: An update for php55-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: php55-php-5.5.21-5.el6.src.rpm x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php55-php-5.5.21-5.el6.src.rpm x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: php55-php-5.5.21-5.el6.src.rpm x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: php55-php-5.5.21-5.el6.src.rpm x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: php55-php-5.5.21-5.el7.src.rpm x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: php55-php-5.5.21-5.el7.src.rpm x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: php55-php-5.5.21-5.el7.src.rpm x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: php55-php-5.5.21-5.el7.src.rpm x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5385 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrPSuXlSAg2UNWIIRAmLnAKCBRe4E5DnZotwDu0Tb+ITqqiZ2nQCeI6jD V28z7ctkF+xOsCoI2ug8jtY= =n134 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 21:57:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 17:57:35 -0400 Subject: [RHSA-2016:1612-01] Moderate: rh-php56-php security update Message-ID: <201608112157.u7BLvZp2003531@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:1612-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1612.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 ===================================================================== 1. Summary: An update for rh-php56-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-php56-php-5.6.5-9.el6.src.rpm x86_64: rh-php56-php-5.6.5-9.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el6.x86_64.rpm rh-php56-php-cli-5.6.5-9.el6.x86_64.rpm rh-php56-php-common-5.6.5-9.el6.x86_64.rpm rh-php56-php-dba-5.6.5-9.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el6.x86_64.rpm rh-php56-php-devel-5.6.5-9.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el6.x86_64.rpm rh-php56-php-gd-5.6.5-9.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-imap-5.6.5-9.el6.x86_64.rpm rh-php56-php-intl-5.6.5-9.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el6.x86_64.rpm rh-php56-php-process-5.6.5-9.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el6.x86_64.rpm rh-php56-php-recode-5.6.5-9.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-soap-5.6.5-9.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-9.el6.x86_64.rpm rh-php56-php-xml-5.6.5-9.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-php56-php-5.6.5-9.el6.src.rpm x86_64: rh-php56-php-5.6.5-9.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el6.x86_64.rpm rh-php56-php-cli-5.6.5-9.el6.x86_64.rpm rh-php56-php-common-5.6.5-9.el6.x86_64.rpm rh-php56-php-dba-5.6.5-9.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el6.x86_64.rpm rh-php56-php-devel-5.6.5-9.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el6.x86_64.rpm rh-php56-php-gd-5.6.5-9.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-imap-5.6.5-9.el6.x86_64.rpm rh-php56-php-intl-5.6.5-9.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el6.x86_64.rpm rh-php56-php-process-5.6.5-9.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el6.x86_64.rpm rh-php56-php-recode-5.6.5-9.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-soap-5.6.5-9.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-9.el6.x86_64.rpm rh-php56-php-xml-5.6.5-9.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-php56-php-5.6.5-9.el6.src.rpm x86_64: rh-php56-php-5.6.5-9.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el6.x86_64.rpm rh-php56-php-cli-5.6.5-9.el6.x86_64.rpm rh-php56-php-common-5.6.5-9.el6.x86_64.rpm rh-php56-php-dba-5.6.5-9.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el6.x86_64.rpm rh-php56-php-devel-5.6.5-9.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el6.x86_64.rpm rh-php56-php-gd-5.6.5-9.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-imap-5.6.5-9.el6.x86_64.rpm rh-php56-php-intl-5.6.5-9.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el6.x86_64.rpm rh-php56-php-process-5.6.5-9.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el6.x86_64.rpm rh-php56-php-recode-5.6.5-9.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-soap-5.6.5-9.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-9.el6.x86_64.rpm rh-php56-php-xml-5.6.5-9.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-php56-php-5.6.5-9.el6.src.rpm x86_64: rh-php56-php-5.6.5-9.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el6.x86_64.rpm rh-php56-php-cli-5.6.5-9.el6.x86_64.rpm rh-php56-php-common-5.6.5-9.el6.x86_64.rpm rh-php56-php-dba-5.6.5-9.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el6.x86_64.rpm rh-php56-php-devel-5.6.5-9.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el6.x86_64.rpm rh-php56-php-gd-5.6.5-9.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-imap-5.6.5-9.el6.x86_64.rpm rh-php56-php-intl-5.6.5-9.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el6.x86_64.rpm rh-php56-php-process-5.6.5-9.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el6.x86_64.rpm rh-php56-php-recode-5.6.5-9.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el6.x86_64.rpm rh-php56-php-soap-5.6.5-9.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-9.el6.x86_64.rpm rh-php56-php-xml-5.6.5-9.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php56-php-5.6.5-9.el7.src.rpm x86_64: rh-php56-php-5.6.5-9.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el7.x86_64.rpm rh-php56-php-cli-5.6.5-9.el7.x86_64.rpm rh-php56-php-common-5.6.5-9.el7.x86_64.rpm rh-php56-php-dba-5.6.5-9.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el7.x86_64.rpm rh-php56-php-devel-5.6.5-9.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el7.x86_64.rpm rh-php56-php-gd-5.6.5-9.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-intl-5.6.5-9.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el7.x86_64.rpm rh-php56-php-process-5.6.5-9.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el7.x86_64.rpm rh-php56-php-recode-5.6.5-9.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-soap-5.6.5-9.el7.x86_64.rpm rh-php56-php-xml-5.6.5-9.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-php56-php-5.6.5-9.el7.src.rpm x86_64: rh-php56-php-5.6.5-9.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el7.x86_64.rpm rh-php56-php-cli-5.6.5-9.el7.x86_64.rpm rh-php56-php-common-5.6.5-9.el7.x86_64.rpm rh-php56-php-dba-5.6.5-9.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el7.x86_64.rpm rh-php56-php-devel-5.6.5-9.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el7.x86_64.rpm rh-php56-php-gd-5.6.5-9.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-intl-5.6.5-9.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el7.x86_64.rpm rh-php56-php-process-5.6.5-9.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el7.x86_64.rpm rh-php56-php-recode-5.6.5-9.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-soap-5.6.5-9.el7.x86_64.rpm rh-php56-php-xml-5.6.5-9.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-php56-php-5.6.5-9.el7.src.rpm x86_64: rh-php56-php-5.6.5-9.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el7.x86_64.rpm rh-php56-php-cli-5.6.5-9.el7.x86_64.rpm rh-php56-php-common-5.6.5-9.el7.x86_64.rpm rh-php56-php-dba-5.6.5-9.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el7.x86_64.rpm rh-php56-php-devel-5.6.5-9.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el7.x86_64.rpm rh-php56-php-gd-5.6.5-9.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-intl-5.6.5-9.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el7.x86_64.rpm rh-php56-php-process-5.6.5-9.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el7.x86_64.rpm rh-php56-php-recode-5.6.5-9.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-soap-5.6.5-9.el7.x86_64.rpm rh-php56-php-xml-5.6.5-9.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php56-php-5.6.5-9.el7.src.rpm x86_64: rh-php56-php-5.6.5-9.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-9.el7.x86_64.rpm rh-php56-php-cli-5.6.5-9.el7.x86_64.rpm rh-php56-php-common-5.6.5-9.el7.x86_64.rpm rh-php56-php-dba-5.6.5-9.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-9.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-9.el7.x86_64.rpm rh-php56-php-devel-5.6.5-9.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-9.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-9.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-9.el7.x86_64.rpm rh-php56-php-gd-5.6.5-9.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-intl-5.6.5-9.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-9.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-9.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-9.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-9.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-9.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-9.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-9.el7.x86_64.rpm rh-php56-php-process-5.6.5-9.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-9.el7.x86_64.rpm rh-php56-php-recode-5.6.5-9.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-9.el7.x86_64.rpm rh-php56-php-soap-5.6.5-9.el7.x86_64.rpm rh-php56-php-xml-5.6.5-9.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5385 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrPTMXlSAg2UNWIIRAiQCAJ0dfYfBJiwAbTVStw+pFUwIMP5jhwCgi+MO fr/VPvwdPqG/A0DnoFIO9PE= =7VKA -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 22:11:41 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2016 18:11:41 -0400 Subject: [RHSA-2016:1613-01] Moderate: php security and bug fix update Message-ID: <201608112211.u7BMBf8Q017627@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security and bug fix update Advisory ID: RHSA-2016:1613-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1613.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 ===================================================================== 1. Summary: An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es): * Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1346758 - Segmentation fault while header_register_callback 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: php-5.4.16-36.3.el7_2.src.rpm x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: php-5.4.16-36.3.el7_2.src.rpm x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: php-5.4.16-36.3.el7_2.src.rpm ppc64: php-5.4.16-36.3.el7_2.ppc64.rpm php-cli-5.4.16-36.3.el7_2.ppc64.rpm php-common-5.4.16-36.3.el7_2.ppc64.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm php-gd-5.4.16-36.3.el7_2.ppc64.rpm php-ldap-5.4.16-36.3.el7_2.ppc64.rpm php-mysql-5.4.16-36.3.el7_2.ppc64.rpm php-odbc-5.4.16-36.3.el7_2.ppc64.rpm php-pdo-5.4.16-36.3.el7_2.ppc64.rpm php-pgsql-5.4.16-36.3.el7_2.ppc64.rpm php-process-5.4.16-36.3.el7_2.ppc64.rpm php-recode-5.4.16-36.3.el7_2.ppc64.rpm php-soap-5.4.16-36.3.el7_2.ppc64.rpm php-xml-5.4.16-36.3.el7_2.ppc64.rpm php-xmlrpc-5.4.16-36.3.el7_2.ppc64.rpm ppc64le: php-5.4.16-36.3.el7_2.ppc64le.rpm php-cli-5.4.16-36.3.el7_2.ppc64le.rpm php-common-5.4.16-36.3.el7_2.ppc64le.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm php-gd-5.4.16-36.3.el7_2.ppc64le.rpm php-ldap-5.4.16-36.3.el7_2.ppc64le.rpm php-mysql-5.4.16-36.3.el7_2.ppc64le.rpm php-odbc-5.4.16-36.3.el7_2.ppc64le.rpm php-pdo-5.4.16-36.3.el7_2.ppc64le.rpm php-pgsql-5.4.16-36.3.el7_2.ppc64le.rpm php-process-5.4.16-36.3.el7_2.ppc64le.rpm php-recode-5.4.16-36.3.el7_2.ppc64le.rpm php-soap-5.4.16-36.3.el7_2.ppc64le.rpm php-xml-5.4.16-36.3.el7_2.ppc64le.rpm php-xmlrpc-5.4.16-36.3.el7_2.ppc64le.rpm s390x: php-5.4.16-36.3.el7_2.s390x.rpm php-cli-5.4.16-36.3.el7_2.s390x.rpm php-common-5.4.16-36.3.el7_2.s390x.rpm php-debuginfo-5.4.16-36.3.el7_2.s390x.rpm php-gd-5.4.16-36.3.el7_2.s390x.rpm php-ldap-5.4.16-36.3.el7_2.s390x.rpm php-mysql-5.4.16-36.3.el7_2.s390x.rpm php-odbc-5.4.16-36.3.el7_2.s390x.rpm php-pdo-5.4.16-36.3.el7_2.s390x.rpm php-pgsql-5.4.16-36.3.el7_2.s390x.rpm php-process-5.4.16-36.3.el7_2.s390x.rpm php-recode-5.4.16-36.3.el7_2.s390x.rpm php-soap-5.4.16-36.3.el7_2.s390x.rpm php-xml-5.4.16-36.3.el7_2.s390x.rpm php-xmlrpc-5.4.16-36.3.el7_2.s390x.rpm x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: php-bcmath-5.4.16-36.3.el7_2.ppc64.rpm php-dba-5.4.16-36.3.el7_2.ppc64.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm php-devel-5.4.16-36.3.el7_2.ppc64.rpm php-embedded-5.4.16-36.3.el7_2.ppc64.rpm php-enchant-5.4.16-36.3.el7_2.ppc64.rpm php-fpm-5.4.16-36.3.el7_2.ppc64.rpm php-intl-5.4.16-36.3.el7_2.ppc64.rpm php-mbstring-5.4.16-36.3.el7_2.ppc64.rpm php-mysqlnd-5.4.16-36.3.el7_2.ppc64.rpm php-pspell-5.4.16-36.3.el7_2.ppc64.rpm php-snmp-5.4.16-36.3.el7_2.ppc64.rpm ppc64le: php-bcmath-5.4.16-36.3.el7_2.ppc64le.rpm php-dba-5.4.16-36.3.el7_2.ppc64le.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm php-devel-5.4.16-36.3.el7_2.ppc64le.rpm php-embedded-5.4.16-36.3.el7_2.ppc64le.rpm php-enchant-5.4.16-36.3.el7_2.ppc64le.rpm php-fpm-5.4.16-36.3.el7_2.ppc64le.rpm php-intl-5.4.16-36.3.el7_2.ppc64le.rpm php-mbstring-5.4.16-36.3.el7_2.ppc64le.rpm php-mysqlnd-5.4.16-36.3.el7_2.ppc64le.rpm php-pspell-5.4.16-36.3.el7_2.ppc64le.rpm php-snmp-5.4.16-36.3.el7_2.ppc64le.rpm s390x: php-bcmath-5.4.16-36.3.el7_2.s390x.rpm php-dba-5.4.16-36.3.el7_2.s390x.rpm php-debuginfo-5.4.16-36.3.el7_2.s390x.rpm php-devel-5.4.16-36.3.el7_2.s390x.rpm php-embedded-5.4.16-36.3.el7_2.s390x.rpm php-enchant-5.4.16-36.3.el7_2.s390x.rpm php-fpm-5.4.16-36.3.el7_2.s390x.rpm php-intl-5.4.16-36.3.el7_2.s390x.rpm php-mbstring-5.4.16-36.3.el7_2.s390x.rpm php-mysqlnd-5.4.16-36.3.el7_2.s390x.rpm php-pspell-5.4.16-36.3.el7_2.s390x.rpm php-snmp-5.4.16-36.3.el7_2.s390x.rpm x86_64: php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: php-5.4.16-36.3.el7_2.src.rpm x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5385 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrPgaXlSAg2UNWIIRAjn0AJ9+uobkj268+7awLhgQLyNGujzgkgCgp8+D ggdX4EUo7inKwJDZgGYrNok= =Zn6M -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 16 11:35:25 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Aug 2016 11:35:25 +0000 Subject: [RHSA-2016:1617-01] Important: kernel security update Message-ID: <201608161134.u7GBYWUV014685@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:1617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1617.html Issue date: 2016-08-16 CVE Names: CVE-2016-4565 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) Red Hat would like to thank Jann Horn for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: kernel-2.6.32-220.67.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.67.1.el6.noarch.rpm kernel-firmware-2.6.32-220.67.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.67.1.el6.x86_64.rpm kernel-debug-2.6.32-220.67.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.67.1.el6.x86_64.rpm kernel-devel-2.6.32-220.67.1.el6.x86_64.rpm kernel-headers-2.6.32-220.67.1.el6.x86_64.rpm perf-2.6.32-220.67.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.67.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.67.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm python-perf-2.6.32-220.67.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4565 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXsvZfXlSAg2UNWIIRAp0BAJ4p0Kf+t7DwkMn/Tn1CLfedos0nWgCfRhKU X0nvzO4iImbN7v9J4IMfYto= =fclQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 18:40:44 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 14:40:44 -0400 Subject: [RHSA-2016:1626-01] Moderate: python security update Message-ID: <201608181840.u7IIeidr025439@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2016:1626-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1626.html Issue date: 2016-08-18 CVE Names: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 ===================================================================== 1. Summary: An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack 1303699 - CVE-2016-5699 python: http protocol steam injection attack 1351584 - Python brew builds fail for RHEL 7.2 1357334 - CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header 1365200 - Upstream tests cause building python package on brew stall and leave orphan processes that need manually kill 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: python-2.6.6-66.el6_8.src.rpm i386: python-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.i686.rpm python-libs-2.6.6-66.el6_8.i686.rpm tkinter-2.6.6-66.el6_8.i686.rpm x86_64: python-2.6.6-66.el6_8.x86_64.rpm python-debuginfo-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-libs-2.6.6-66.el6_8.i686.rpm python-libs-2.6.6-66.el6_8.x86_64.rpm tkinter-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: python-debuginfo-2.6.6-66.el6_8.i686.rpm python-devel-2.6.6-66.el6_8.i686.rpm python-test-2.6.6-66.el6_8.i686.rpm python-tools-2.6.6-66.el6_8.i686.rpm x86_64: python-debuginfo-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-devel-2.6.6-66.el6_8.i686.rpm python-devel-2.6.6-66.el6_8.x86_64.rpm python-test-2.6.6-66.el6_8.x86_64.rpm python-tools-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: python-2.6.6-66.el6_8.src.rpm x86_64: python-2.6.6-66.el6_8.x86_64.rpm python-debuginfo-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-devel-2.6.6-66.el6_8.i686.rpm python-devel-2.6.6-66.el6_8.x86_64.rpm python-libs-2.6.6-66.el6_8.i686.rpm python-libs-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-test-2.6.6-66.el6_8.x86_64.rpm python-tools-2.6.6-66.el6_8.x86_64.rpm tkinter-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: python-2.6.6-66.el6_8.src.rpm i386: python-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.i686.rpm python-devel-2.6.6-66.el6_8.i686.rpm python-libs-2.6.6-66.el6_8.i686.rpm tkinter-2.6.6-66.el6_8.i686.rpm ppc64: python-2.6.6-66.el6_8.ppc64.rpm python-debuginfo-2.6.6-66.el6_8.ppc.rpm python-debuginfo-2.6.6-66.el6_8.ppc64.rpm python-devel-2.6.6-66.el6_8.ppc.rpm python-devel-2.6.6-66.el6_8.ppc64.rpm python-libs-2.6.6-66.el6_8.ppc.rpm python-libs-2.6.6-66.el6_8.ppc64.rpm tkinter-2.6.6-66.el6_8.ppc64.rpm s390x: python-2.6.6-66.el6_8.s390x.rpm python-debuginfo-2.6.6-66.el6_8.s390.rpm python-debuginfo-2.6.6-66.el6_8.s390x.rpm python-devel-2.6.6-66.el6_8.s390.rpm python-devel-2.6.6-66.el6_8.s390x.rpm python-libs-2.6.6-66.el6_8.s390.rpm python-libs-2.6.6-66.el6_8.s390x.rpm x86_64: python-2.6.6-66.el6_8.x86_64.rpm python-debuginfo-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-devel-2.6.6-66.el6_8.i686.rpm python-devel-2.6.6-66.el6_8.x86_64.rpm python-libs-2.6.6-66.el6_8.i686.rpm python-libs-2.6.6-66.el6_8.x86_64.rpm tkinter-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: python-debuginfo-2.6.6-66.el6_8.i686.rpm python-test-2.6.6-66.el6_8.i686.rpm python-tools-2.6.6-66.el6_8.i686.rpm ppc64: python-debuginfo-2.6.6-66.el6_8.ppc64.rpm python-test-2.6.6-66.el6_8.ppc64.rpm python-tools-2.6.6-66.el6_8.ppc64.rpm s390x: python-debuginfo-2.6.6-66.el6_8.s390x.rpm python-test-2.6.6-66.el6_8.s390x.rpm python-tools-2.6.6-66.el6_8.s390x.rpm tkinter-2.6.6-66.el6_8.s390x.rpm x86_64: python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-test-2.6.6-66.el6_8.x86_64.rpm python-tools-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: python-2.6.6-66.el6_8.src.rpm i386: python-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.i686.rpm python-devel-2.6.6-66.el6_8.i686.rpm python-libs-2.6.6-66.el6_8.i686.rpm tkinter-2.6.6-66.el6_8.i686.rpm x86_64: python-2.6.6-66.el6_8.x86_64.rpm python-debuginfo-2.6.6-66.el6_8.i686.rpm python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-devel-2.6.6-66.el6_8.i686.rpm python-devel-2.6.6-66.el6_8.x86_64.rpm python-libs-2.6.6-66.el6_8.i686.rpm python-libs-2.6.6-66.el6_8.x86_64.rpm tkinter-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: python-debuginfo-2.6.6-66.el6_8.i686.rpm python-test-2.6.6-66.el6_8.i686.rpm python-tools-2.6.6-66.el6_8.i686.rpm x86_64: python-debuginfo-2.6.6-66.el6_8.x86_64.rpm python-test-2.6.6-66.el6_8.x86_64.rpm python-tools-2.6.6-66.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: python-2.7.5-38.el7_2.src.rpm x86_64: python-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.i686.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-libs-2.7.5-38.el7_2.i686.rpm python-libs-2.7.5-38.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: python-debug-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-devel-2.7.5-38.el7_2.x86_64.rpm python-test-2.7.5-38.el7_2.x86_64.rpm python-tools-2.7.5-38.el7_2.x86_64.rpm tkinter-2.7.5-38.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: python-2.7.5-38.el7_2.src.rpm x86_64: python-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.i686.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-devel-2.7.5-38.el7_2.x86_64.rpm python-libs-2.7.5-38.el7_2.i686.rpm python-libs-2.7.5-38.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: python-debug-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-test-2.7.5-38.el7_2.x86_64.rpm python-tools-2.7.5-38.el7_2.x86_64.rpm tkinter-2.7.5-38.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: python-2.7.5-38.el7_2.src.rpm ppc64: python-2.7.5-38.el7_2.ppc64.rpm python-debuginfo-2.7.5-38.el7_2.ppc.rpm python-debuginfo-2.7.5-38.el7_2.ppc64.rpm python-devel-2.7.5-38.el7_2.ppc64.rpm python-libs-2.7.5-38.el7_2.ppc.rpm python-libs-2.7.5-38.el7_2.ppc64.rpm ppc64le: python-2.7.5-38.el7_2.ppc64le.rpm python-debuginfo-2.7.5-38.el7_2.ppc64le.rpm python-devel-2.7.5-38.el7_2.ppc64le.rpm python-libs-2.7.5-38.el7_2.ppc64le.rpm s390x: python-2.7.5-38.el7_2.s390x.rpm python-debuginfo-2.7.5-38.el7_2.s390.rpm python-debuginfo-2.7.5-38.el7_2.s390x.rpm python-devel-2.7.5-38.el7_2.s390x.rpm python-libs-2.7.5-38.el7_2.s390.rpm python-libs-2.7.5-38.el7_2.s390x.rpm x86_64: python-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.i686.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-devel-2.7.5-38.el7_2.x86_64.rpm python-libs-2.7.5-38.el7_2.i686.rpm python-libs-2.7.5-38.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: python-debug-2.7.5-38.el7_2.ppc64.rpm python-debuginfo-2.7.5-38.el7_2.ppc64.rpm python-test-2.7.5-38.el7_2.ppc64.rpm python-tools-2.7.5-38.el7_2.ppc64.rpm tkinter-2.7.5-38.el7_2.ppc64.rpm ppc64le: python-debug-2.7.5-38.el7_2.ppc64le.rpm python-debuginfo-2.7.5-38.el7_2.ppc64le.rpm python-test-2.7.5-38.el7_2.ppc64le.rpm python-tools-2.7.5-38.el7_2.ppc64le.rpm tkinter-2.7.5-38.el7_2.ppc64le.rpm s390x: python-debug-2.7.5-38.el7_2.s390x.rpm python-debuginfo-2.7.5-38.el7_2.s390x.rpm python-test-2.7.5-38.el7_2.s390x.rpm python-tools-2.7.5-38.el7_2.s390x.rpm tkinter-2.7.5-38.el7_2.s390x.rpm x86_64: python-debug-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-test-2.7.5-38.el7_2.x86_64.rpm python-tools-2.7.5-38.el7_2.x86_64.rpm tkinter-2.7.5-38.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: python-2.7.5-38.el7_2.src.rpm x86_64: python-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.i686.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-devel-2.7.5-38.el7_2.x86_64.rpm python-libs-2.7.5-38.el7_2.i686.rpm python-libs-2.7.5-38.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: python-debug-2.7.5-38.el7_2.x86_64.rpm python-debuginfo-2.7.5-38.el7_2.x86_64.rpm python-test-2.7.5-38.el7_2.x86_64.rpm python-tools-2.7.5-38.el7_2.x86_64.rpm tkinter-2.7.5-38.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0772 https://access.redhat.com/security/cve/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-5699 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXtgEqXlSAg2UNWIIRArU1AKCh7ybQCEoHxoRaWChguxAl8evppwCgg9IU 1ROFTH2riR+KFs3/1QIelf8= =nOP1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 19:34:52 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 19:34:52 +0000 Subject: [RHSA-2016:1631-01] Important: realtime-kernel security and bug fix update Message-ID: <201608181933.u7IJXvoU024244@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: realtime-kernel security and bug fix update Advisory ID: RHSA-2016:1631-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1631.html Issue date: 2016-08-18 CVE Names: CVE-2016-5696 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure. 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-327.rt56.195.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-327.rt56.195.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-327.rt56.195.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.195.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-327.rt56.195.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXtg2WXlSAg2UNWIIRAu65AJ49A21slYo5hp2oGeQAUstaYmQXcgCgljou uKfHBdQi2/Rt+oYjn3Z4NeQ= =2meU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 19:35:36 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 19:35:36 +0000 Subject: [RHSA-2016:1632-01] Important: kernel-rt security and bug fix update Message-ID: <201608181934.u7IJYfCF024776@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2016:1632-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1632.html Issue date: 2016-08-18 CVE Names: CVE-2016-5696 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure. 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-327.28.3.rt56.235.el7.src.rpm noarch: kernel-rt-doc-3.10.0-327.28.3.rt56.235.el7.noarch.rpm x86_64: kernel-rt-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-kvm-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-327.28.3.rt56.235.el7.src.rpm noarch: kernel-rt-doc-3.10.0-327.28.3.rt56.235.el7.noarch.rpm x86_64: kernel-rt-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXtg3BXlSAg2UNWIIRAkBlAJ9D5ERo284Bo3KAWoQNotxtrIboGgCffd+g GIrwFXRxN8wH7M/7nxgOjKA= =1nR9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 20:19:55 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 20:19:55 +0000 Subject: [RHSA-2016:1633-01] Important: kernel security and bug fix update Message-ID: <201608182019.u7IKJ06G002213@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:1633-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1633.html Issue date: 2016-08-18 CVE Names: CVE-2016-5696 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure. 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-327.28.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm kernel-doc-3.10.0-327.28.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm perf-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-327.28.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm kernel-doc-3.10.0-327.28.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm perf-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-327.28.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm kernel-doc-3.10.0-327.28.3.el7.noarch.rpm ppc64: kernel-3.10.0-327.28.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-327.28.3.el7.ppc64.rpm kernel-debug-3.10.0-327.28.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-327.28.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.28.3.el7.ppc64.rpm kernel-devel-3.10.0-327.28.3.el7.ppc64.rpm kernel-headers-3.10.0-327.28.3.el7.ppc64.rpm kernel-tools-3.10.0-327.28.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-327.28.3.el7.ppc64.rpm perf-3.10.0-327.28.3.el7.ppc64.rpm perf-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm python-perf-3.10.0-327.28.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-327.28.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.28.3.el7.ppc64le.rpm kernel-debug-3.10.0-327.28.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.28.3.el7.ppc64le.rpm kernel-devel-3.10.0-327.28.3.el7.ppc64le.rpm kernel-headers-3.10.0-327.28.3.el7.ppc64le.rpm kernel-tools-3.10.0-327.28.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.28.3.el7.ppc64le.rpm perf-3.10.0-327.28.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm python-perf-3.10.0-327.28.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm s390x: kernel-3.10.0-327.28.3.el7.s390x.rpm kernel-debug-3.10.0-327.28.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-327.28.3.el7.s390x.rpm kernel-debug-devel-3.10.0-327.28.3.el7.s390x.rpm kernel-debuginfo-3.10.0-327.28.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-327.28.3.el7.s390x.rpm kernel-devel-3.10.0-327.28.3.el7.s390x.rpm kernel-headers-3.10.0-327.28.3.el7.s390x.rpm kernel-kdump-3.10.0-327.28.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-327.28.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-327.28.3.el7.s390x.rpm perf-3.10.0-327.28.3.el7.s390x.rpm perf-debuginfo-3.10.0-327.28.3.el7.s390x.rpm python-perf-3.10.0-327.28.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.s390x.rpm x86_64: kernel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm perf-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.28.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-327.28.3.el7.ppc64.rpm perf-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.28.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.28.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.28.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-327.28.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm kernel-doc-3.10.0-327.28.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm perf-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.28.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXthgsXlSAg2UNWIIRAhKMAJ9GPbW+jNV3N09BYCWInkNfBoAF2ACgwLpw dFOrsYcvsMVdWiKz0/6aiO0= =b9rf -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 20:26:58 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 16:26:58 -0400 Subject: [RHSA-2016:1627-01] Moderate: rh-python35-python security update Message-ID: <201608182026.u7IKQwIa008859@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-python35-python security update Advisory ID: RHSA-2016:1627-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1627.html Issue date: 2016-08-18 CVE Names: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 ===================================================================== 1. Summary: An update for rh-python35-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack 1303699 - CVE-2016-5699 python: http protocol steam injection attack 1357334 - CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-python35-python-3.5.1-9.el7.src.rpm x86_64: rh-python35-python-3.5.1-9.el7.x86_64.rpm rh-python35-python-debug-3.5.1-9.el7.x86_64.rpm rh-python35-python-debuginfo-3.5.1-9.el7.x86_64.rpm rh-python35-python-devel-3.5.1-9.el7.x86_64.rpm rh-python35-python-libs-3.5.1-9.el7.x86_64.rpm rh-python35-python-test-3.5.1-9.el7.x86_64.rpm rh-python35-python-tkinter-3.5.1-9.el7.x86_64.rpm rh-python35-python-tools-3.5.1-9.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-python35-python-3.5.1-9.el7.src.rpm x86_64: rh-python35-python-3.5.1-9.el7.x86_64.rpm rh-python35-python-debug-3.5.1-9.el7.x86_64.rpm rh-python35-python-debuginfo-3.5.1-9.el7.x86_64.rpm rh-python35-python-devel-3.5.1-9.el7.x86_64.rpm rh-python35-python-libs-3.5.1-9.el7.x86_64.rpm rh-python35-python-test-3.5.1-9.el7.x86_64.rpm rh-python35-python-tkinter-3.5.1-9.el7.x86_64.rpm rh-python35-python-tools-3.5.1-9.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-python35-python-3.5.1-9.el7.src.rpm x86_64: rh-python35-python-3.5.1-9.el7.x86_64.rpm rh-python35-python-debug-3.5.1-9.el7.x86_64.rpm rh-python35-python-debuginfo-3.5.1-9.el7.x86_64.rpm rh-python35-python-devel-3.5.1-9.el7.x86_64.rpm rh-python35-python-libs-3.5.1-9.el7.x86_64.rpm rh-python35-python-test-3.5.1-9.el7.x86_64.rpm rh-python35-python-tkinter-3.5.1-9.el7.x86_64.rpm rh-python35-python-tools-3.5.1-9.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-python35-python-3.5.1-9.el7.src.rpm x86_64: rh-python35-python-3.5.1-9.el7.x86_64.rpm rh-python35-python-debug-3.5.1-9.el7.x86_64.rpm rh-python35-python-debuginfo-3.5.1-9.el7.x86_64.rpm rh-python35-python-devel-3.5.1-9.el7.x86_64.rpm rh-python35-python-libs-3.5.1-9.el7.x86_64.rpm rh-python35-python-test-3.5.1-9.el7.x86_64.rpm rh-python35-python-tkinter-3.5.1-9.el7.x86_64.rpm rh-python35-python-tools-3.5.1-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0772 https://access.redhat.com/security/cve/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-5699 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXthoPXlSAg2UNWIIRApj8AJ9EaiQ4xn1xTITe7/fLuwWsfPZ6KACggpf6 DOvki4JJ8hQ9BPIOa9NCpNM= =DVSf -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 20:27:14 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 16:27:14 -0400 Subject: [RHSA-2016:1628-01] Moderate: python27-python security update Message-ID: <201608182027.u7IKREm4019006@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python27-python security update Advisory ID: RHSA-2016:1628-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1628.html Issue date: 2016-08-18 CVE Names: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 ===================================================================== 1. Summary: An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack 1303699 - CVE-2016-5699 python: http protocol steam injection attack 1357334 - CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: python27-python-2.7.8-18.el6.src.rpm x86_64: python27-python-2.7.8-18.el6.x86_64.rpm python27-python-debug-2.7.8-18.el6.x86_64.rpm python27-python-debuginfo-2.7.8-18.el6.x86_64.rpm python27-python-devel-2.7.8-18.el6.x86_64.rpm python27-python-libs-2.7.8-18.el6.x86_64.rpm python27-python-test-2.7.8-18.el6.x86_64.rpm python27-python-tools-2.7.8-18.el6.x86_64.rpm python27-tkinter-2.7.8-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: python27-python-2.7.8-18.el6.src.rpm x86_64: python27-python-2.7.8-18.el6.x86_64.rpm python27-python-debug-2.7.8-18.el6.x86_64.rpm python27-python-debuginfo-2.7.8-18.el6.x86_64.rpm python27-python-devel-2.7.8-18.el6.x86_64.rpm python27-python-libs-2.7.8-18.el6.x86_64.rpm python27-python-test-2.7.8-18.el6.x86_64.rpm python27-python-tools-2.7.8-18.el6.x86_64.rpm python27-tkinter-2.7.8-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: python27-python-2.7.8-18.el6.src.rpm x86_64: python27-python-2.7.8-18.el6.x86_64.rpm python27-python-debug-2.7.8-18.el6.x86_64.rpm python27-python-debuginfo-2.7.8-18.el6.x86_64.rpm python27-python-devel-2.7.8-18.el6.x86_64.rpm python27-python-libs-2.7.8-18.el6.x86_64.rpm python27-python-test-2.7.8-18.el6.x86_64.rpm python27-python-tools-2.7.8-18.el6.x86_64.rpm python27-tkinter-2.7.8-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: python27-python-2.7.8-18.el6.src.rpm x86_64: python27-python-2.7.8-18.el6.x86_64.rpm python27-python-debug-2.7.8-18.el6.x86_64.rpm python27-python-debuginfo-2.7.8-18.el6.x86_64.rpm python27-python-devel-2.7.8-18.el6.x86_64.rpm python27-python-libs-2.7.8-18.el6.x86_64.rpm python27-python-test-2.7.8-18.el6.x86_64.rpm python27-python-tools-2.7.8-18.el6.x86_64.rpm python27-tkinter-2.7.8-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: python27-python-2.7.8-16.el7.src.rpm x86_64: python27-python-2.7.8-16.el7.x86_64.rpm python27-python-debug-2.7.8-16.el7.x86_64.rpm python27-python-debuginfo-2.7.8-16.el7.x86_64.rpm python27-python-devel-2.7.8-16.el7.x86_64.rpm python27-python-libs-2.7.8-16.el7.x86_64.rpm python27-python-test-2.7.8-16.el7.x86_64.rpm python27-python-tools-2.7.8-16.el7.x86_64.rpm python27-tkinter-2.7.8-16.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: python27-python-2.7.8-16.el7.src.rpm x86_64: python27-python-2.7.8-16.el7.x86_64.rpm python27-python-debug-2.7.8-16.el7.x86_64.rpm python27-python-debuginfo-2.7.8-16.el7.x86_64.rpm python27-python-devel-2.7.8-16.el7.x86_64.rpm python27-python-libs-2.7.8-16.el7.x86_64.rpm python27-python-test-2.7.8-16.el7.x86_64.rpm python27-python-tools-2.7.8-16.el7.x86_64.rpm python27-tkinter-2.7.8-16.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: python27-python-2.7.8-16.el7.src.rpm x86_64: python27-python-2.7.8-16.el7.x86_64.rpm python27-python-debug-2.7.8-16.el7.x86_64.rpm python27-python-debuginfo-2.7.8-16.el7.x86_64.rpm python27-python-devel-2.7.8-16.el7.x86_64.rpm python27-python-libs-2.7.8-16.el7.x86_64.rpm python27-python-test-2.7.8-16.el7.x86_64.rpm python27-python-tools-2.7.8-16.el7.x86_64.rpm python27-tkinter-2.7.8-16.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: python27-python-2.7.8-16.el7.src.rpm x86_64: python27-python-2.7.8-16.el7.x86_64.rpm python27-python-debug-2.7.8-16.el7.x86_64.rpm python27-python-debuginfo-2.7.8-16.el7.x86_64.rpm python27-python-devel-2.7.8-16.el7.x86_64.rpm python27-python-libs-2.7.8-16.el7.x86_64.rpm python27-python-test-2.7.8-16.el7.x86_64.rpm python27-python-tools-2.7.8-16.el7.x86_64.rpm python27-tkinter-2.7.8-16.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0772 https://access.redhat.com/security/cve/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-5699 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXthogXlSAg2UNWIIRAuS5AJ9C1RxHJbMBNSj/RRGL5umiFbK2MQCfXR2F ol+blRkWPW1zgApPht4wMqM= =q31u -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 20:27:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 16:27:27 -0400 Subject: [RHSA-2016:1629-01] Moderate: python33-python security update Message-ID: <201608182027.u7IKRRtY009577@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python33-python security update Advisory ID: RHSA-2016:1629-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1629.html Issue date: 2016-08-18 CVE Names: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 ===================================================================== 1. Summary: An update for python33-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack 1303699 - CVE-2016-5699 python: http protocol steam injection attack 1357334 - CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: python33-python-3.3.2-18.el6.src.rpm x86_64: python33-python-3.3.2-18.el6.x86_64.rpm python33-python-debug-3.3.2-18.el6.x86_64.rpm python33-python-debuginfo-3.3.2-18.el6.x86_64.rpm python33-python-devel-3.3.2-18.el6.x86_64.rpm python33-python-libs-3.3.2-18.el6.x86_64.rpm python33-python-test-3.3.2-18.el6.x86_64.rpm python33-python-tkinter-3.3.2-18.el6.x86_64.rpm python33-python-tools-3.3.2-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: python33-python-3.3.2-18.el6.src.rpm x86_64: python33-python-3.3.2-18.el6.x86_64.rpm python33-python-debug-3.3.2-18.el6.x86_64.rpm python33-python-debuginfo-3.3.2-18.el6.x86_64.rpm python33-python-devel-3.3.2-18.el6.x86_64.rpm python33-python-libs-3.3.2-18.el6.x86_64.rpm python33-python-test-3.3.2-18.el6.x86_64.rpm python33-python-tkinter-3.3.2-18.el6.x86_64.rpm python33-python-tools-3.3.2-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: python33-python-3.3.2-18.el6.src.rpm x86_64: python33-python-3.3.2-18.el6.x86_64.rpm python33-python-debug-3.3.2-18.el6.x86_64.rpm python33-python-debuginfo-3.3.2-18.el6.x86_64.rpm python33-python-devel-3.3.2-18.el6.x86_64.rpm python33-python-libs-3.3.2-18.el6.x86_64.rpm python33-python-test-3.3.2-18.el6.x86_64.rpm python33-python-tkinter-3.3.2-18.el6.x86_64.rpm python33-python-tools-3.3.2-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: python33-python-3.3.2-18.el6.src.rpm x86_64: python33-python-3.3.2-18.el6.x86_64.rpm python33-python-debug-3.3.2-18.el6.x86_64.rpm python33-python-debuginfo-3.3.2-18.el6.x86_64.rpm python33-python-devel-3.3.2-18.el6.x86_64.rpm python33-python-libs-3.3.2-18.el6.x86_64.rpm python33-python-test-3.3.2-18.el6.x86_64.rpm python33-python-tkinter-3.3.2-18.el6.x86_64.rpm python33-python-tools-3.3.2-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: python33-python-3.3.2-16.el7.src.rpm x86_64: python33-python-3.3.2-16.el7.x86_64.rpm python33-python-debug-3.3.2-16.el7.x86_64.rpm python33-python-debuginfo-3.3.2-16.el7.x86_64.rpm python33-python-devel-3.3.2-16.el7.x86_64.rpm python33-python-libs-3.3.2-16.el7.x86_64.rpm python33-python-test-3.3.2-16.el7.x86_64.rpm python33-python-tkinter-3.3.2-16.el7.x86_64.rpm python33-python-tools-3.3.2-16.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: python33-python-3.3.2-16.el7.src.rpm x86_64: python33-python-3.3.2-16.el7.x86_64.rpm python33-python-debug-3.3.2-16.el7.x86_64.rpm python33-python-debuginfo-3.3.2-16.el7.x86_64.rpm python33-python-devel-3.3.2-16.el7.x86_64.rpm python33-python-libs-3.3.2-16.el7.x86_64.rpm python33-python-test-3.3.2-16.el7.x86_64.rpm python33-python-tkinter-3.3.2-16.el7.x86_64.rpm python33-python-tools-3.3.2-16.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: python33-python-3.3.2-16.el7.src.rpm x86_64: python33-python-3.3.2-16.el7.x86_64.rpm python33-python-debug-3.3.2-16.el7.x86_64.rpm python33-python-debuginfo-3.3.2-16.el7.x86_64.rpm python33-python-devel-3.3.2-16.el7.x86_64.rpm python33-python-libs-3.3.2-16.el7.x86_64.rpm python33-python-test-3.3.2-16.el7.x86_64.rpm python33-python-tkinter-3.3.2-16.el7.x86_64.rpm python33-python-tools-3.3.2-16.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: python33-python-3.3.2-16.el7.src.rpm x86_64: python33-python-3.3.2-16.el7.x86_64.rpm python33-python-debug-3.3.2-16.el7.x86_64.rpm python33-python-debuginfo-3.3.2-16.el7.x86_64.rpm python33-python-devel-3.3.2-16.el7.x86_64.rpm python33-python-libs-3.3.2-16.el7.x86_64.rpm python33-python-test-3.3.2-16.el7.x86_64.rpm python33-python-tkinter-3.3.2-16.el7.x86_64.rpm python33-python-tools-3.3.2-16.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0772 https://access.redhat.com/security/cve/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-5699 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXthouXlSAg2UNWIIRAp4VAJ0fnTyJAk5GHNkSvh3QcK+rPT1wFQCgot9s PahfAo3KwyJSgkaDETQb0yI= =kdrb -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 20:29:20 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 16:29:20 -0400 Subject: [RHSA-2016:1630-01] Moderate: rh-python34-python security update Message-ID: <201608182029.u7IKTKXl020397@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-python34-python security update Advisory ID: RHSA-2016:1630-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1630.html Issue date: 2016-08-18 CVE Names: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 ===================================================================== 1. Summary: An update for rh-python34-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack 1303699 - CVE-2016-5699 python: http protocol steam injection attack 1357334 - CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0772 https://access.redhat.com/security/cve/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-5699 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXthqeXlSAg2UNWIIRAhb7AJ4gvzcaD2gEtNrihN/76uRNcyxx3wCgnJOd BBlG/xStvAR4OD6dXOJ4XCc= =YZy2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 20:56:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2016 20:56:04 +0000 Subject: [RHSA-2016:1637-01] Important: rh-mariadb101-mariadb security update Message-ID: <201608182056.u7IKu4Ra008811@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mariadb101-mariadb security update Advisory ID: RHSA-2016:1637-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1637.html Issue date: 2016-08-18 CVE Names: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 ===================================================================== 1. Summary: An update for rh-mariadb101-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb (10.1.16). Security Fix(es): * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1358205 - CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) 1358209 - CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) 1358212 - CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) 1358218 - CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mariadb101-mariadb-10.1.16-1.el6.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mariadb101-mariadb-10.1.16-1.el6.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mariadb101-mariadb-10.1.16-1.el6.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mariadb101-mariadb-10.1.16-1.el6.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mariadb101-mariadb-10.1.16-1.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mariadb101-mariadb-10.1.16-1.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-mariadb101-mariadb-10.1.16-1.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mariadb101-mariadb-10.1.16-1.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.16-1.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.16-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3477 https://access.redhat.com/security/cve/CVE-2016-3521 https://access.redhat.com/security/cve/CVE-2016-3615 https://access.redhat.com/security/cve/CVE-2016-5440 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10116-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXtiCHXlSAg2UNWIIRAiHaAJ4gRdiwxJ56CHXVIk9nx1jl+xMXXgCgnKc1 FhMD4gzP7+8bFa9/yD4Qd3s= =KNOM -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 19 12:05:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 19 Aug 2016 12:05:07 +0000 Subject: [RHSA-2016:1640-01] Important: kernel security and bug fix update Message-ID: <201608191204.u7JC4BQW024466@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:1640-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1640.html Issue date: 2016-08-19 CVE Names: CVE-2016-4565 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) Red Hat would like to thank Jann Horn for reporting this issue. Bug Fix(es): * After upgrading the kernel, the CPU load average was higher compared to the prior kernel version due to the modification of the scheduler. The provided patchset rolls back the calculation algorithm of the load average to the status of the previous system version, thus resulting in lower values in the same system load. (BZ#1343013) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: kernel-2.6.32-504.51.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.51.1.el6.noarch.rpm kernel-doc-2.6.32-504.51.1.el6.noarch.rpm kernel-firmware-2.6.32-504.51.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.51.1.el6.x86_64.rpm kernel-debug-2.6.32-504.51.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.51.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.51.1.el6.x86_64.rpm kernel-devel-2.6.32-504.51.1.el6.x86_64.rpm kernel-headers-2.6.32-504.51.1.el6.x86_64.rpm perf-2.6.32-504.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm python-perf-2.6.32-504.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: kernel-2.6.32-504.51.1.el6.src.rpm i386: kernel-2.6.32-504.51.1.el6.i686.rpm kernel-debug-2.6.32-504.51.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.51.1.el6.i686.rpm kernel-devel-2.6.32-504.51.1.el6.i686.rpm kernel-headers-2.6.32-504.51.1.el6.i686.rpm perf-2.6.32-504.51.1.el6.i686.rpm perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.51.1.el6.noarch.rpm kernel-doc-2.6.32-504.51.1.el6.noarch.rpm kernel-firmware-2.6.32-504.51.1.el6.noarch.rpm ppc64: kernel-2.6.32-504.51.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.51.1.el6.ppc64.rpm kernel-debug-2.6.32-504.51.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.51.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.51.1.el6.ppc64.rpm kernel-devel-2.6.32-504.51.1.el6.ppc64.rpm kernel-headers-2.6.32-504.51.1.el6.ppc64.rpm perf-2.6.32-504.51.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm s390x: kernel-2.6.32-504.51.1.el6.s390x.rpm kernel-debug-2.6.32-504.51.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.51.1.el6.s390x.rpm kernel-debug-devel-2.6.32-504.51.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.51.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.51.1.el6.s390x.rpm kernel-devel-2.6.32-504.51.1.el6.s390x.rpm kernel-headers-2.6.32-504.51.1.el6.s390x.rpm kernel-kdump-2.6.32-504.51.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.51.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.51.1.el6.s390x.rpm perf-2.6.32-504.51.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.51.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.s390x.rpm x86_64: kernel-2.6.32-504.51.1.el6.x86_64.rpm kernel-debug-2.6.32-504.51.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.51.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.51.1.el6.x86_64.rpm kernel-devel-2.6.32-504.51.1.el6.x86_64.rpm kernel-headers-2.6.32-504.51.1.el6.x86_64.rpm perf-2.6.32-504.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: kernel-debug-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.51.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.51.1.el6.i686.rpm perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm python-perf-2.6.32-504.51.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.51.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm python-perf-2.6.32-504.51.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.51.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.51.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.51.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.51.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.51.1.el6.s390x.rpm python-perf-2.6.32-504.51.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm python-perf-2.6.32-504.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.51.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4565 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXtvWxXlSAg2UNWIIRAm7fAJ4/j9Lpe1XAri8rfZ5iWBHHyHWcsQCeKLN1 wJ2ScZ+rZQI32zbEMKCmMr4= =WMne -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 06:19:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2016 06:19:07 +0000 Subject: [RHSA-2016:1652-01] Moderate: qemu-kvm-rhev security update Message-ID: <201608230619.u7N6J7jZ004289@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1652-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1652.html Issue date: 2016-08-23 CVE Names: CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.491.el6_8.3.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.3.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXu+rJXlSAg2UNWIIRAszUAJ490APZnEnB0dEzmrbopvU2j0EiOACeKW2f RmtB0M9yr4d9sH+ppXyyz60= =P1Nh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 06:19:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2016 06:19:51 +0000 Subject: [RHSA-2016:1653-01] Moderate: qemu-kvm-rhev security update Message-ID: <201608230619.u7N6Jp4O026102@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1653-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1653.html Issue date: 2016-08-23 CVE Names: CVE-2016-5126 CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * Quick Emulator(Qemu) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host. (CVE-2016-5126) * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting CVE-2016-5403. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1340924 - CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: qemu-kvm-rhev-2.3.0-31.el7_2.21.src.rpm x86_64: libcacard-rhev-2.3.0-31.el7_2.21.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5126 https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXu+r9XlSAg2UNWIIRAm7PAKCX2rCEd7UXXYiGFsm6+OUH1ZWV3ACeK660 M/h5RvKJ88Z8xHNNiQZLRHg= =tztX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 06:20:46 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2016 06:20:46 +0000 Subject: [RHSA-2016:1654-01] Moderate: qemu-kvm-rhev security update Message-ID: <201608230620.u7N6KkGJ016127@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1654-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1654.html Issue date: 2016-08-23 CVE Names: CVE-2016-5126 CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * Quick Emulator(Qemu) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host. (CVE-2016-5126) * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting CVE-2016-5403. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1340924 - CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: qemu-kvm-rhev-2.3.0-31.el7_2.21.src.rpm x86_64: libcacard-devel-rhev-2.3.0-31.el7_2.21.x86_64.rpm libcacard-rhev-2.3.0-31.el7_2.21.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5126 https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXu+szXlSAg2UNWIIRAifhAJwK5CK67J+uzhxfCMihor5WJj2IlQCfc9tn ruGos5qHuyCr1J81l7NjB8M= =X2xW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 06:21:28 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2016 06:21:28 +0000 Subject: [RHSA-2016:1655-01] Moderate: qemu-kvm-rhev security update Message-ID: <201608230621.u7N6LSZR016519@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1655-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1655.html Issue date: 2016-08-23 CVE Names: CVE-2016-5126 CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * Quick Emulator(Qemu) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host. (CVE-2016-5126) * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting CVE-2016-5403. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1340924 - CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: qemu-kvm-rhev-2.3.0-31.el7_2.21.src.rpm x86_64: libcacard-devel-rhev-2.3.0-31.el7_2.21.x86_64.rpm libcacard-rhev-2.3.0-31.el7_2.21.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5126 https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXu+tPXlSAg2UNWIIRAmHbAJ9zUx5kp+Mhp1Ka0AH2F2E7A4wAywCfZ/Bq Wb1IvWU3tXE9oGi40eb6H8E= =d2jP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 16:18:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2016 16:18:40 +0000 Subject: [RHSA-2016:1657-01] Important: kernel security update Message-ID: <201608231617.u7NGHd5A019537@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:1657-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1657.html Issue date: 2016-08-23 CVE Names: CVE-2016-4470 CVE-2016-4565 CVE-2016-5696 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) * A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack where an attacker is able to determine the shared counter which could be used to determine sequence numbers for TCP stream injection. (CVE-2016-5696, Important) Red Hat would like to thank Jann Horn for reporting CVE-2016-4565 and Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting CVE-2016-5696. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure. 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.40.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.40.1.el7.noarch.rpm kernel-doc-3.10.0-229.40.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.40.1.el7.x86_64.rpm kernel-debug-3.10.0-229.40.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.40.1.el7.x86_64.rpm kernel-devel-3.10.0-229.40.1.el7.x86_64.rpm kernel-headers-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.40.1.el7.x86_64.rpm perf-3.10.0-229.40.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.40.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm python-perf-3.10.0-229.40.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.40.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.40.1.el7.noarch.rpm kernel-doc-3.10.0-229.40.1.el7.noarch.rpm ppc64: kernel-3.10.0-229.40.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.40.1.el7.ppc64.rpm kernel-debug-3.10.0-229.40.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.40.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.40.1.el7.ppc64.rpm kernel-devel-3.10.0-229.40.1.el7.ppc64.rpm kernel-headers-3.10.0-229.40.1.el7.ppc64.rpm kernel-tools-3.10.0-229.40.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.40.1.el7.ppc64.rpm perf-3.10.0-229.40.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm s390x: kernel-3.10.0-229.40.1.el7.s390x.rpm kernel-debug-3.10.0-229.40.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.40.1.el7.s390x.rpm kernel-debug-devel-3.10.0-229.40.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.40.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.40.1.el7.s390x.rpm kernel-devel-3.10.0-229.40.1.el7.s390x.rpm kernel-headers-3.10.0-229.40.1.el7.s390x.rpm kernel-kdump-3.10.0-229.40.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.40.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.40.1.el7.s390x.rpm perf-3.10.0-229.40.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.40.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.s390x.rpm x86_64: kernel-3.10.0-229.40.1.el7.x86_64.rpm kernel-debug-3.10.0-229.40.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.40.1.el7.x86_64.rpm kernel-devel-3.10.0-229.40.1.el7.x86_64.rpm kernel-headers-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.40.1.el7.x86_64.rpm perf-3.10.0-229.40.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.40.1.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.40.1.ael7b.noarch.rpm kernel-doc-3.10.0-229.40.1.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.40.1.ael7b.ppc64le.rpm perf-3.10.0-229.40.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.40.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.40.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm python-perf-3.10.0-229.40.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.40.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.40.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.40.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.40.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.40.1.el7.s390x.rpm python-perf-3.10.0-229.40.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.40.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm python-perf-3.10.0-229.40.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.40.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.40.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm python-perf-3.10.0-229.40.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.40.1.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/cve/CVE-2016-4565 https://access.redhat.com/security/cve/CVE-2016-5696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXvHb0XlSAg2UNWIIRAjQCAJwL/6O1STRM5ctSuThZwU8Nb6mcDACdE5gh ENdtmy7rWAntcOoDcJJXHKc= =2mv7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 20:29:37 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2016 20:29:37 +0000 Subject: [RHSA-2016:1664-01] Important: kernel security and bug fix update Message-ID: <201608232029.u7NKTbpf014457@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:1664-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1664.html Issue date: 2016-08-23 CVE Names: CVE-2016-5696 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting this issue. Bug Fix(es): * When loading the Direct Rendering Manager (DRM) kernel module, the kernel panicked if DRM was previously unloaded. The kernel panic was caused by a memory leak of the ID Resolver (IDR2). With this update, IDR2 is loaded during kernel boot, and the kernel panic no longer occurs in the described scenario. (BZ#1353827) * When more than one process attempted to use the "configfs" directory entry at the same time, a kernel panic in some cases occurred. With this update, a race condition between a directory entry and a lookup operation has been fixed. As a result, the kernel no longer panics in the described scenario. (BZ#1353828) * When shutting down the system by running the halt -p command, a kernel panic occurred due to a conflict between the kernel offlining CPUs and the sched command, which used the sched group and the sched domain data without first checking the data. The underlying source code has been fixed by adding a check to avoid the conflict. As a result, the described scenario no longer results in a kernel panic. (BZ#1343894) * In some cases, running the ipmitool command caused a kernel panic due to a race condition in the ipmi message handler. This update fixes the race condition, and the kernel panic no longer occurs in the described scenario. (BZ#1355980) * Previously, multiple Very Secure FTP daemon (vsftpd) processes on a directory with a large number of files led to a high contention rate on each inode's spinlock, which caused excessive CPU usage. With this update, a spinlock to protect a single memory-to-memory copy has been removed from the ext4_getattr() function. As a result, system CPU usage has been reduced and is no longer excessive in the described situation. (BZ#1355981) * When the gfs2_grow utility is used to extend Global File System 2 (GFS2), the next block allocation causes the GFS2 kernel module to re-read its resource group index. If multiple processes in the GFS2 module raced to do the same thing, one process sometimes overwrote a valid object pointer with an invalid pointer, which caused either a kernel panic or a file system corruption. This update ensures that the resource group object pointer is not overwritten. As a result, neither kernel panic nor file system corruption occur in the described scenario. (BZ#1347539) * Previously, the SCSI Remote Protocol over InfiniBand (IB-SRP) was disabled due to a bug in the srp_queue() function. As a consequence, an attempt to enable the Remote Direct Memory Access (RDMA) at boot caused the kernel to crash. With this update, srp_queue() has been fixed, and the system now boots as expected when RDMA is enabled. (BZ#1348062) Enhancement(s): * This update optimizes the efficiency of the Transmission Control Protocol (TCP) when the peer is using a window under 537 bytes in size. As a result, devices that use maximum segment size (MSS) of 536 bytes or fewer will experience improved network performance. (BZ#1354446) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure. 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.4.2.el6.src.rpm i386: kernel-2.6.32-642.4.2.el6.i686.rpm kernel-debug-2.6.32-642.4.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm kernel-devel-2.6.32-642.4.2.el6.i686.rpm kernel-headers-2.6.32-642.4.2.el6.i686.rpm perf-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.4.2.el6.noarch.rpm kernel-doc-2.6.32-642.4.2.el6.noarch.rpm kernel-firmware-2.6.32-642.4.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.4.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm kernel-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-headers-2.6.32-642.4.2.el6.x86_64.rpm perf-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.4.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.4.2.el6.noarch.rpm kernel-doc-2.6.32-642.4.2.el6.noarch.rpm kernel-firmware-2.6.32-642.4.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.4.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm kernel-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-headers-2.6.32-642.4.2.el6.x86_64.rpm perf-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.4.2.el6.src.rpm i386: kernel-2.6.32-642.4.2.el6.i686.rpm kernel-debug-2.6.32-642.4.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm kernel-devel-2.6.32-642.4.2.el6.i686.rpm kernel-headers-2.6.32-642.4.2.el6.i686.rpm perf-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.4.2.el6.noarch.rpm kernel-doc-2.6.32-642.4.2.el6.noarch.rpm kernel-firmware-2.6.32-642.4.2.el6.noarch.rpm ppc64: kernel-2.6.32-642.4.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.4.2.el6.ppc64.rpm kernel-debug-2.6.32-642.4.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.4.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.4.2.el6.ppc64.rpm kernel-devel-2.6.32-642.4.2.el6.ppc64.rpm kernel-headers-2.6.32-642.4.2.el6.ppc64.rpm perf-2.6.32-642.4.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm s390x: kernel-2.6.32-642.4.2.el6.s390x.rpm kernel-debug-2.6.32-642.4.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.s390x.rpm kernel-debug-devel-2.6.32-642.4.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.4.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.4.2.el6.s390x.rpm kernel-devel-2.6.32-642.4.2.el6.s390x.rpm kernel-headers-2.6.32-642.4.2.el6.s390x.rpm kernel-kdump-2.6.32-642.4.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.4.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.4.2.el6.s390x.rpm perf-2.6.32-642.4.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.4.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.s390x.rpm x86_64: kernel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.4.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm kernel-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-headers-2.6.32-642.4.2.el6.x86_64.rpm perf-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.4.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm python-perf-2.6.32-642.4.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.4.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.4.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.4.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.4.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.4.2.el6.s390x.rpm python-perf-2.6.32-642.4.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.4.2.el6.src.rpm i386: kernel-2.6.32-642.4.2.el6.i686.rpm kernel-debug-2.6.32-642.4.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm kernel-devel-2.6.32-642.4.2.el6.i686.rpm kernel-headers-2.6.32-642.4.2.el6.i686.rpm perf-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.4.2.el6.noarch.rpm kernel-doc-2.6.32-642.4.2.el6.noarch.rpm kernel-firmware-2.6.32-642.4.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.4.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm kernel-devel-2.6.32-642.4.2.el6.x86_64.rpm kernel-headers-2.6.32-642.4.2.el6.x86_64.rpm perf-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.4.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.4.2.el6.i686.rpm perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm python-perf-2.6.32-642.4.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.4.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm python-perf-2.6.32-642.4.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.4.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5696 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXvLHiXlSAg2UNWIIRAlbRAJ9bvBSyM+UxrWKkCIqv/0P8ZIfVzgCgrCkl ds3mXAiLu5LvtvjNvaDQlI4= =lxsp -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 24 05:16:48 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 24 Aug 2016 05:16:48 +0000 Subject: [RHSA-2016:1756-01] Moderate: qemu-kvm-rhev security and bug fix update Message-ID: <201608240516.u7O5GmcG017660@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security and bug fix update Advisory ID: RHSA-2016:1756-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1756.html Issue date: 2016-08-24 CVE Names: CVE-2016-5126 CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host. (CVE-2016-5126) * Quick Emulator(QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting CVE-2016-5403. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1340924 - CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: qemu-kvm-rhev-2.3.0-31.el7_2.21.src.rpm x86_64: libcacard-rhev-2.3.0-31.el7_2.21.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5126 https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXvS2uXlSAg2UNWIIRAmV5AKCcxdjmnY6xgihdTFhJoIfcxOPCtwCgg35T hx1fqMkp5QzAEooE2anBCAE= =834c -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 24 18:17:42 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 24 Aug 2016 18:17:42 +0000 Subject: [RHSA-2016:1763-01] Moderate: qemu-kvm-rhev security update Message-ID: <201608241817.u7OIHgxq008908@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1763-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1763.html Issue date: 2016-08-24 CVE Names: CVE-2016-5126 CVE-2016-5403 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host. (CVE-2016-5126) * Quick Emulator(QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting CVE-2016-5403. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1340924 - CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat OpenStack Platform 9.0: Source: qemu-kvm-rhev-2.3.0-31.el7_2.21.src.rpm x86_64: libcacard-rhev-2.3.0-31.el7_2.21.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.21.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.21.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5126 https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXveRxXlSAg2UNWIIRAqMwAKCz01nRffvL0Nf8046hpcQ1AcN8AACggX8N bUjv4t8x0lI3G7JXK0BBKuw= =o4mj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 24 19:49:52 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 24 Aug 2016 19:49:52 +0000 Subject: [RHSA-2016:1773-01] Important: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update Message-ID: <201608241949.u7OJnqNZ014991@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update Advisory ID: RHSA-2016:1773-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1773.html Issue date: 2016-08-24 CVE Names: CVE-2014-3577 CVE-2015-7501 CVE-2016-0788 CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 CVE-2016-0792 CVE-2016-3721 CVE-2016-3722 CVE-2016-3723 CVE-2016-3724 CVE-2016-3725 CVE-2016-3726 CVE-2016-3727 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Enterprise 2.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise Client 2.2 - noarch Red Hat OpenShift Enterprise Infrastructure 2.2 - noarch, x86_64 Red Hat OpenShift Enterprise JBoss EAP add-on 2.2 - noarch Red Hat OpenShift Enterprise Node 2.2 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. * The Jenkins continuous integration server has been updated to upstream version 1.651.2 LTS that addresses a large number of security issues, including open redirects, a potential denial of service, unsafe handling of user provided environment variables and several instances of sensitive information disclosure. (CVE-2014-3577, CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792, CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727, CVE-2015-7501) Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise Technical Notes, which will be updated shortly for release 2.2.10, for details about these changes: https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-s ingle/Technical_Notes/index.html All OpenShift Enterprise 2 users are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. See the OpenShift Enterprise 2.2 Release Notes, which will be updated shortly for release 2.2.10, for important instructions on how to fully apply this asynchronous errata update: https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-s ingle/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix 1196783 - OPENSHIFT_GEAR_MEMORY_MB is not updated when resource limits change 1217403 - [RFE] separate system-level logs of cron cartridge from gear-level logs 1266239 - [RFE] Make user variables maximum value configurable. 1274852 - Routing Daemon does not update LB when head gear is moved. 1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation 1282852 - Tomcat Does not properly parse spaces in JVM parameters/setttings 1311722 - Deleting a multi-version cartridge on the node fails silently 1311946 - CVE-2016-0788 jenkins: Remote code execution vulnerability in remoting module (SECURITY-232) 1311947 - CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238) 1311948 - CVE-2016-0790 jenkins: Non-constant time comparison of API token (SECURITY-241) 1311949 - CVE-2016-0791 jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245) 1311950 - CVE-2016-0792 jenkins: Remote code execution through remote API (SECURITY-247) 1335415 - CVE-2016-3721 jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170) 1335416 - CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243) 1335417 - CVE-2016-3723 jenkins: Information on installed plugins exposed via API (SECURITY-250) 1335418 - CVE-2016-3724 jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266) 1335420 - CVE-2016-3725 jenkins: Regular users can trigger download of update site metadata (SECURITY-273) 1335421 - CVE-2016-3726 jenkins: Open redirect to scheme-relative URLs (SECURITY-276) 1335422 - CVE-2016-3727 jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281) 1358938 - libcgroup dependency error when installing node in ose-2.2 1361305 - gears exceeding quota cannot be stopped or idled 1361306 - Unable to obtain user-agent or client IP in websocket handshake on OpenShift hosted WildFly 1361307 - mysql cartridge removes logs on start 1362666 - oo-admin-move should move gears to nodes with enough free space + buffer space 6. Package List: Red Hat OpenShift Enterprise Client 2.2: Source: rhc-1.38.7.1-1.el6op.src.rpm noarch: rhc-1.38.7.1-1.el6op.noarch.rpm Red Hat OpenShift Enterprise Infrastructure 2.2: Source: activemq-5.9.0-6.redhat.611463.el6op.src.rpm openshift-origin-broker-1.16.3.2-1.el6op.src.rpm openshift-origin-broker-util-1.37.6.2-1.el6op.src.rpm rubygem-openshift-origin-admin-console-1.28.2.1-1.el6op.src.rpm rubygem-openshift-origin-controller-1.38.6.4-1.el6op.src.rpm rubygem-openshift-origin-msg-broker-mcollective-1.36.2.4-1.el6op.src.rpm rubygem-openshift-origin-routing-daemon-0.26.6.1-1.el6op.src.rpm noarch: openshift-origin-broker-1.16.3.2-1.el6op.noarch.rpm openshift-origin-broker-util-1.37.6.2-1.el6op.noarch.rpm rubygem-openshift-origin-admin-console-1.28.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.38.6.4-1.el6op.noarch.rpm rubygem-openshift-origin-msg-broker-mcollective-1.36.2.4-1.el6op.noarch.rpm rubygem-openshift-origin-routing-daemon-0.26.6.1-1.el6op.noarch.rpm x86_64: activemq-5.9.0-6.redhat.611463.el6op.x86_64.rpm activemq-client-5.9.0-6.redhat.611463.el6op.x86_64.rpm Red Hat OpenShift Enterprise JBoss EAP add-on 2.2: Source: openshift-origin-cartridge-jbosseap-2.27.4.2-1.el6op.src.rpm noarch: openshift-origin-cartridge-jbosseap-2.27.4.2-1.el6op.noarch.rpm Red Hat OpenShift Enterprise Node 2.2: Source: ImageMagick-6.7.2.7-5.el6_8.src.rpm activemq-5.9.0-6.redhat.611463.el6op.src.rpm jenkins-1.651.2-1.el6op.src.rpm libcgroup-0.40.rc1-18.el6_8.src.rpm openshift-origin-cartridge-cron-1.25.4.2-1.el6op.src.rpm openshift-origin-cartridge-diy-1.26.2.2-1.el6op.src.rpm openshift-origin-cartridge-haproxy-1.31.6.2-1.el6op.src.rpm openshift-origin-cartridge-jbossews-1.35.5.2-1.el6op.src.rpm openshift-origin-cartridge-jenkins-1.29.2.2-1.el6op.src.rpm openshift-origin-cartridge-jenkins-client-1.26.1.1-1.el6op.src.rpm openshift-origin-cartridge-mongodb-1.26.2.2-1.el6op.src.rpm openshift-origin-cartridge-mysql-1.31.3.3-1.el6op.src.rpm openshift-origin-cartridge-nodejs-1.33.1.2-1.el6op.src.rpm openshift-origin-cartridge-perl-1.30.2.2-1.el6op.src.rpm openshift-origin-cartridge-php-1.35.4.2-1.el6op.src.rpm openshift-origin-cartridge-python-1.34.3.2-1.el6op.src.rpm openshift-origin-cartridge-ruby-1.32.2.2-1.el6op.src.rpm openshift-origin-msg-node-mcollective-1.30.2.2-1.el6op.src.rpm openshift-origin-node-proxy-1.26.3.1-1.el6op.src.rpm openshift-origin-node-util-1.38.7.1-1.el6op.src.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.2.1-1.el6op.src.rpm rubygem-openshift-origin-node-1.38.6.4-1.el6op.src.rpm noarch: jenkins-1.651.2-1.el6op.noarch.rpm openshift-origin-cartridge-cron-1.25.4.2-1.el6op.noarch.rpm openshift-origin-cartridge-diy-1.26.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-haproxy-1.31.6.2-1.el6op.noarch.rpm openshift-origin-cartridge-jbossews-1.35.5.2-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-1.29.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-client-1.26.1.1-1.el6op.noarch.rpm openshift-origin-cartridge-mongodb-1.26.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-mysql-1.31.3.3-1.el6op.noarch.rpm openshift-origin-cartridge-nodejs-1.33.1.2-1.el6op.noarch.rpm openshift-origin-cartridge-perl-1.30.2.2-1.el6op.noarch.rpm openshift-origin-cartridge-php-1.35.4.2-1.el6op.noarch.rpm openshift-origin-cartridge-python-1.34.3.2-1.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.32.2.2-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.30.2.2-1.el6op.noarch.rpm openshift-origin-node-proxy-1.26.3.1-1.el6op.noarch.rpm openshift-origin-node-util-1.38.7.1-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.38.6.4-1.el6op.noarch.rpm x86_64: ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm activemq-client-5.9.0-6.redhat.611463.el6op.x86_64.rpm libcgroup-debuginfo-0.40.rc1-18.el6_8.x86_64.rpm libcgroup-pam-0.40.rc1-18.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2015-7501 https://access.redhat.com/security/cve/CVE-2016-0788 https://access.redhat.com/security/cve/CVE-2016-0789 https://access.redhat.com/security/cve/CVE-2016-0790 https://access.redhat.com/security/cve/CVE-2016-0791 https://access.redhat.com/security/cve/CVE-2016-0792 https://access.redhat.com/security/cve/CVE-2016-3721 https://access.redhat.com/security/cve/CVE-2016-3722 https://access.redhat.com/security/cve/CVE-2016-3723 https://access.redhat.com/security/cve/CVE-2016-3724 https://access.redhat.com/security/cve/CVE-2016-3725 https://access.redhat.com/security/cve/CVE-2016-3726 https://access.redhat.com/security/cve/CVE-2016-3727 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXvfohXlSAg2UNWIIRAkfNAKCBtVY0xEgjCs6Artz4o1q2MTshjwCdG8ow LTXLl4KmRK711Sc+V6NxT7c= =mDbi -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 26 15:11:38 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 26 Aug 2016 15:11:38 +0000 Subject: [RHSA-2016:1776-01] Important: java-1.6.0-openjdk security update Message-ID: <201608261511.u7QFBdaM010021@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2016:1776-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1776.html Issue date: 2016-08-26 CVE Names: CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3606 ===================================================================== 1. Summary: An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356963 - CVE-2016-3606 OpenJDK: insufficient bytecode verification (Hotspot, 8155981) 1357008 - CVE-2016-3500 OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872) 1357015 - CVE-2016-3508 OpenJDK: missing entity replacement limits (JAXP, 8149962) 1357494 - CVE-2016-3458 OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718) 1357506 - CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.4.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.4.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.4.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.4.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.4.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.4.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.5.el7_2.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.5.el7_2.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.5.el7_2.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.5.el7_2.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.5.el7_2.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.5.el7_2.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.5.el7_2.s390x.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.5.el7_2.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.40-1.13.12.5.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3458 https://access.redhat.com/security/cve/CVE-2016-3500 https://access.redhat.com/security/cve/CVE-2016-3508 https://access.redhat.com/security/cve/CVE-2016-3550 https://access.redhat.com/security/cve/CVE-2016-3606 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXwFvGXlSAg2UNWIIRAmUpAKCA2VUA/T+UwzeqKELzHGkpXSk2IACgu+Y2 vWCdJWY4FvNz+C24acT3U4o= =z2pu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 06:12:36 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2016 06:12:36 +0000 Subject: [RHSA-2016:1781-01] Moderate: rh-postgresql94-postgresql security update Message-ID: <201608310612.u7V6CaVB031240@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-postgresql94-postgresql security update Advisory ID: RHSA-2016:1781-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1781.html Issue date: 2016-08-31 CVE Names: CVE-2016-5423 CVE-2016-5424 ===================================================================== 1. Summary: An update for rh-postgresql94-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: rh-postgresql94-postgresql (9.4.9) Security Fix(es): * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 1364001 - CVE-2016-5423 postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference 1364002 - CVE-2016-5424 postgresql: privilege escalation via crafted database and role names 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-postgresql94-postgresql-9.4.9-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-postgresql94-postgresql-9.4.9-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-postgresql94-postgresql-9.4.9-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-postgresql94-postgresql-9.4.9-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-postgresql94-postgresql-9.4.9-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-postgresql94-postgresql-9.4.9-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-postgresql94-postgresql-9.4.9-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-postgresql94-postgresql-9.4.9-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-static-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.9-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.9-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5423 https://access.redhat.com/security/cve/CVE-2016-5424 https://access.redhat.com/security/updates/classification/#moderate https://www.postgresql.org/about/news/1644/ https://www.postgresql.org/docs/current/static/release-9-4-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXxnVAXlSAg2UNWIIRAsN3AKC6gcgXEBHRg/ou4VNmfBy4Nxh/FQCfbuEr y0yhdKD/urkt+1lG1I34sxo= =qiqO -----END PGP SIGNATURE-----