From bugzilla at redhat.com Thu Dec 1 16:45:25 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Dec 2016 16:45:25 +0000 Subject: [RHSA-2016:2842-01] Low: Red Hat OpenShift Enterprise 2.x - 30 Day End Of Life Notice Message-ID: <201612011645.uB1GjPhI001176@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat OpenShift Enterprise 2.x - 30 Day End Of Life Notice Advisory ID: RHSA-2016:2842-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2842.html Issue date: 2016-12-01 ===================================================================== 1. Summary: This is the 30 Day notification for the End of Production Phase 1 of Red Hat OpenShift Enterprise 2.x (2.0, 2.1 and 2.2). 2. Description: In accordance with the Red Hat OpenShift Enterprise Support Life Cycle Policy, support for OpenShift Enterprise 2.x (2.0, 2.1 and 2.2) will end on December 31, 2016. Red Hat will not provide extended support for this product. Customers are requested to migrate to a supported Red Hat OpenShift Enterprise product prior to the end of the life cycle for OpenShift Enterprise 2.x. After December 31, 2016, technical support through Red Hat's Global Support Services will no longer be provided. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 2.x to the latest version of Red Hat OpenShift Enterprise. Please contact your Red Hat account representative if you have questions and/or concerns on this matter. 3. Solution: Full details of the Red Hat OpenShift Enterprise Life Cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/openshift 4. Bugs fixed (https://bugzilla.redhat.com/): 1372035 - Red Hat OpenShift Enterprise 2.x - 30 Day End Of Life Notice 5. References: https://access.redhat.com/security/updates/classification/#low 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYQFOeXlSAg2UNWIIRAmaUAKCvnoKrDBJdIeb1zDSUlyChrx4TbACfa4YR zOViFiK5xpEG+EAuMoxgXJo= =bx4L -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 1 18:38:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Dec 2016 13:38:51 -0500 Subject: [RHSA-2016:2843-01] Critical: firefox security update Message-ID: <201612011838.uB1IcpVs030907@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:2843-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2843.html Issue date: 2016-12-01 CVE Names: CVE-2016-9079 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix(es): * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1400376 - CVE-2016-9079 Mozilla: Firefox SVG Animation Remote Code Execution (MFSA 2016-92) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-45.5.1-1.el5_11.src.rpm i386: firefox-45.5.1-1.el5_11.i386.rpm firefox-debuginfo-45.5.1-1.el5_11.i386.rpm x86_64: firefox-45.5.1-1.el5_11.i386.rpm firefox-45.5.1-1.el5_11.x86_64.rpm firefox-debuginfo-45.5.1-1.el5_11.i386.rpm firefox-debuginfo-45.5.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-45.5.1-1.el5_11.src.rpm i386: firefox-45.5.1-1.el5_11.i386.rpm firefox-debuginfo-45.5.1-1.el5_11.i386.rpm ppc: firefox-45.5.1-1.el5_11.ppc64.rpm firefox-debuginfo-45.5.1-1.el5_11.ppc64.rpm s390x: firefox-45.5.1-1.el5_11.s390.rpm firefox-45.5.1-1.el5_11.s390x.rpm firefox-debuginfo-45.5.1-1.el5_11.s390.rpm firefox-debuginfo-45.5.1-1.el5_11.s390x.rpm x86_64: firefox-45.5.1-1.el5_11.i386.rpm firefox-45.5.1-1.el5_11.x86_64.rpm firefox-debuginfo-45.5.1-1.el5_11.i386.rpm firefox-debuginfo-45.5.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-45.5.1-1.el6_8.src.rpm i386: firefox-45.5.1-1.el6_8.i686.rpm firefox-debuginfo-45.5.1-1.el6_8.i686.rpm x86_64: firefox-45.5.1-1.el6_8.x86_64.rpm firefox-debuginfo-45.5.1-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-45.5.1-1.el6_8.i686.rpm firefox-debuginfo-45.5.1-1.el6_8.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-45.5.1-1.el6_8.src.rpm x86_64: firefox-45.5.1-1.el6_8.i686.rpm firefox-45.5.1-1.el6_8.x86_64.rpm firefox-debuginfo-45.5.1-1.el6_8.i686.rpm firefox-debuginfo-45.5.1-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-45.5.1-1.el6_8.src.rpm i386: firefox-45.5.1-1.el6_8.i686.rpm firefox-debuginfo-45.5.1-1.el6_8.i686.rpm ppc64: firefox-45.5.1-1.el6_8.ppc64.rpm firefox-debuginfo-45.5.1-1.el6_8.ppc64.rpm s390x: firefox-45.5.1-1.el6_8.s390x.rpm firefox-debuginfo-45.5.1-1.el6_8.s390x.rpm x86_64: firefox-45.5.1-1.el6_8.x86_64.rpm firefox-debuginfo-45.5.1-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-45.5.1-1.el6_8.ppc.rpm firefox-debuginfo-45.5.1-1.el6_8.ppc.rpm s390x: firefox-45.5.1-1.el6_8.s390.rpm firefox-debuginfo-45.5.1-1.el6_8.s390.rpm x86_64: firefox-45.5.1-1.el6_8.i686.rpm firefox-debuginfo-45.5.1-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-45.5.1-1.el6_8.src.rpm i386: firefox-45.5.1-1.el6_8.i686.rpm firefox-debuginfo-45.5.1-1.el6_8.i686.rpm x86_64: firefox-45.5.1-1.el6_8.x86_64.rpm firefox-debuginfo-45.5.1-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-45.5.1-1.el6_8.i686.rpm firefox-debuginfo-45.5.1-1.el6_8.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-45.5.1-1.el7_3.src.rpm x86_64: firefox-45.5.1-1.el7_3.x86_64.rpm firefox-debuginfo-45.5.1-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-45.5.1-1.el7_3.i686.rpm firefox-debuginfo-45.5.1-1.el7_3.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-45.5.1-1.el7_3.src.rpm aarch64: firefox-45.5.1-1.el7_3.aarch64.rpm firefox-debuginfo-45.5.1-1.el7_3.aarch64.rpm ppc64: firefox-45.5.1-1.el7_3.ppc64.rpm firefox-debuginfo-45.5.1-1.el7_3.ppc64.rpm ppc64le: firefox-45.5.1-1.el7_3.ppc64le.rpm firefox-debuginfo-45.5.1-1.el7_3.ppc64le.rpm s390x: firefox-45.5.1-1.el7_3.s390x.rpm firefox-debuginfo-45.5.1-1.el7_3.s390x.rpm x86_64: firefox-45.5.1-1.el7_3.x86_64.rpm firefox-debuginfo-45.5.1-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-45.5.1-1.el7_3.ppc.rpm firefox-debuginfo-45.5.1-1.el7_3.ppc.rpm s390x: firefox-45.5.1-1.el7_3.s390.rpm firefox-debuginfo-45.5.1-1.el7_3.s390.rpm x86_64: firefox-45.5.1-1.el7_3.i686.rpm firefox-debuginfo-45.5.1-1.el7_3.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-45.5.1-1.el7_3.src.rpm x86_64: firefox-45.5.1-1.el7_3.x86_64.rpm firefox-debuginfo-45.5.1-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-45.5.1-1.el7_3.i686.rpm firefox-debuginfo-45.5.1-1.el7_3.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9079 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYQG45XlSAg2UNWIIRAl8rAJ9AvJZhR67k4oXFESnnqkGey5a77wCgixyf ALHj51/YrR+48TLYkXtX1aY= =5Sph -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 5 07:55:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Dec 2016 07:55:51 +0000 Subject: [RHSA-2016:2850-01] Important: thunderbird security update Message-ID: <201612050755.uB57tpiZ009151@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2016:2850-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2850.html Issue date: 2016-12-05 CVE Names: CVE-2016-9079 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix(es): * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1400376 - CVE-2016-9079 Mozilla: Firefox SVG Animation Remote Code Execution (MFSA 2016-92) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-45.5.1-1.el5_11.src.rpm i386: thunderbird-45.5.1-1.el5_11.i386.rpm thunderbird-debuginfo-45.5.1-1.el5_11.i386.rpm x86_64: thunderbird-45.5.1-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-45.5.1-1.el5_11.src.rpm i386: thunderbird-45.5.1-1.el5_11.i386.rpm thunderbird-debuginfo-45.5.1-1.el5_11.i386.rpm x86_64: thunderbird-45.5.1-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-45.5.1-1.el6_8.src.rpm i386: thunderbird-45.5.1-1.el6_8.i686.rpm thunderbird-debuginfo-45.5.1-1.el6_8.i686.rpm x86_64: thunderbird-45.5.1-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-45.5.1-1.el6_8.src.rpm i386: thunderbird-45.5.1-1.el6_8.i686.rpm thunderbird-debuginfo-45.5.1-1.el6_8.i686.rpm ppc64: thunderbird-45.5.1-1.el6_8.ppc64.rpm thunderbird-debuginfo-45.5.1-1.el6_8.ppc64.rpm s390x: thunderbird-45.5.1-1.el6_8.s390x.rpm thunderbird-debuginfo-45.5.1-1.el6_8.s390x.rpm x86_64: thunderbird-45.5.1-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-45.5.1-1.el6_8.src.rpm i386: thunderbird-45.5.1-1.el6_8.i686.rpm thunderbird-debuginfo-45.5.1-1.el6_8.i686.rpm x86_64: thunderbird-45.5.1-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-45.5.1-1.el7_3.src.rpm x86_64: thunderbird-45.5.1-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-45.5.1-1.el7_3.src.rpm aarch64: thunderbird-45.5.1-1.el7_3.aarch64.rpm thunderbird-debuginfo-45.5.1-1.el7_3.aarch64.rpm ppc64le: thunderbird-45.5.1-1.el7_3.ppc64le.rpm thunderbird-debuginfo-45.5.1-1.el7_3.ppc64le.rpm x86_64: thunderbird-45.5.1-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-45.5.1-1.el7_3.src.rpm x86_64: thunderbird-45.5.1-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.5.1-1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9079 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYRR1nXlSAg2UNWIIRAodoAJ0UiiPUCIIAECrcVZJZDlJpUp19OwCggRCN uS/PETALJx3WzLcwZc1AH+Q= =SECC -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 6 06:31:23 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Dec 2016 06:31:23 +0000 Subject: [RHSA-2016:2871-01] Important: bind security update Message-ID: <201612060631.uB66VPZG032609@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:2871-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2871.html Issue date: 2016-12-06 CVE Names: CVE-2016-8864 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.6.src.rpm x86_64: bind-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.6.i686.rpm bind-libs-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.6.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm i386: bind-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.i686.rpm ppc64: bind-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm s390x: bind-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.s390x.rpm x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.6.src.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.6.i686.rpm bind-devel-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.i686.rpm ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8864 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01434 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYRlsfXlSAg2UNWIIRAmy8AJ9xFyJSMmX2XN+lcWzsNNQT7cfR8QCggVOj KpG5DRbXaKAdrUMg5IeIS+s= =aWJX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 6 11:53:34 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Dec 2016 11:53:34 +0000 Subject: [RHSA-2016:2872-01] Moderate: sudo security update Message-ID: <201612061153.uB6BrYtm032245@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sudo security update Advisory ID: RHSA-2016:2872-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2872.html Issue date: 2016-12-06 CVE Names: CVE-2016-7032 CVE-2016-7076 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076) These issues were discovered by Florian Weimer (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1372830 - CVE-2016-7032 sudo: noexec bypass via system() and popen() 1384982 - CVE-2016-7076 sudo: noexec bypass via wordexp() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: sudo-1.8.6p3-25.el6_8.src.rpm i386: sudo-1.8.6p3-25.el6_8.i686.rpm sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm x86_64: sudo-1.8.6p3-25.el6_8.x86_64.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm sudo-devel-1.8.6p3-25.el6_8.i686.rpm x86_64: sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm sudo-devel-1.8.6p3-25.el6_8.i686.rpm sudo-devel-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: sudo-1.8.6p3-25.el6_8.src.rpm x86_64: sudo-1.8.6p3-25.el6_8.x86_64.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm sudo-devel-1.8.6p3-25.el6_8.i686.rpm sudo-devel-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: sudo-1.8.6p3-25.el6_8.src.rpm i386: sudo-1.8.6p3-25.el6_8.i686.rpm sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm ppc64: sudo-1.8.6p3-25.el6_8.ppc64.rpm sudo-debuginfo-1.8.6p3-25.el6_8.ppc64.rpm s390x: sudo-1.8.6p3-25.el6_8.s390x.rpm sudo-debuginfo-1.8.6p3-25.el6_8.s390x.rpm x86_64: sudo-1.8.6p3-25.el6_8.x86_64.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm sudo-devel-1.8.6p3-25.el6_8.i686.rpm ppc64: sudo-debuginfo-1.8.6p3-25.el6_8.ppc.rpm sudo-debuginfo-1.8.6p3-25.el6_8.ppc64.rpm sudo-devel-1.8.6p3-25.el6_8.ppc.rpm sudo-devel-1.8.6p3-25.el6_8.ppc64.rpm s390x: sudo-debuginfo-1.8.6p3-25.el6_8.s390.rpm sudo-debuginfo-1.8.6p3-25.el6_8.s390x.rpm sudo-devel-1.8.6p3-25.el6_8.s390.rpm sudo-devel-1.8.6p3-25.el6_8.s390x.rpm x86_64: sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm sudo-devel-1.8.6p3-25.el6_8.i686.rpm sudo-devel-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: sudo-1.8.6p3-25.el6_8.src.rpm i386: sudo-1.8.6p3-25.el6_8.i686.rpm sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm x86_64: sudo-1.8.6p3-25.el6_8.x86_64.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm sudo-devel-1.8.6p3-25.el6_8.i686.rpm x86_64: sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm sudo-devel-1.8.6p3-25.el6_8.i686.rpm sudo-devel-1.8.6p3-25.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: sudo-1.8.6p7-21.el7_3.src.rpm x86_64: sudo-1.8.6p7-21.el7_3.x86_64.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: sudo-debuginfo-1.8.6p7-21.el7_3.i686.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm sudo-devel-1.8.6p7-21.el7_3.i686.rpm sudo-devel-1.8.6p7-21.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sudo-1.8.6p7-21.el7_3.src.rpm x86_64: sudo-1.8.6p7-21.el7_3.x86_64.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: sudo-debuginfo-1.8.6p7-21.el7_3.i686.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm sudo-devel-1.8.6p7-21.el7_3.i686.rpm sudo-devel-1.8.6p7-21.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sudo-1.8.6p7-21.el7_3.src.rpm aarch64: sudo-1.8.6p7-21.el7_3.aarch64.rpm sudo-debuginfo-1.8.6p7-21.el7_3.aarch64.rpm ppc64: sudo-1.8.6p7-21.el7_3.ppc64.rpm sudo-debuginfo-1.8.6p7-21.el7_3.ppc64.rpm ppc64le: sudo-1.8.6p7-21.el7_3.ppc64le.rpm sudo-debuginfo-1.8.6p7-21.el7_3.ppc64le.rpm s390x: sudo-1.8.6p7-21.el7_3.s390x.rpm sudo-debuginfo-1.8.6p7-21.el7_3.s390x.rpm x86_64: sudo-1.8.6p7-21.el7_3.x86_64.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: sudo-debuginfo-1.8.6p7-21.el7_3.aarch64.rpm sudo-devel-1.8.6p7-21.el7_3.aarch64.rpm ppc64: sudo-debuginfo-1.8.6p7-21.el7_3.ppc.rpm sudo-debuginfo-1.8.6p7-21.el7_3.ppc64.rpm sudo-devel-1.8.6p7-21.el7_3.ppc.rpm sudo-devel-1.8.6p7-21.el7_3.ppc64.rpm ppc64le: sudo-debuginfo-1.8.6p7-21.el7_3.ppc64le.rpm sudo-devel-1.8.6p7-21.el7_3.ppc64le.rpm s390x: sudo-debuginfo-1.8.6p7-21.el7_3.s390.rpm sudo-debuginfo-1.8.6p7-21.el7_3.s390x.rpm sudo-devel-1.8.6p7-21.el7_3.s390.rpm sudo-devel-1.8.6p7-21.el7_3.s390x.rpm x86_64: sudo-debuginfo-1.8.6p7-21.el7_3.i686.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm sudo-devel-1.8.6p7-21.el7_3.i686.rpm sudo-devel-1.8.6p7-21.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sudo-1.8.6p7-21.el7_3.src.rpm x86_64: sudo-1.8.6p7-21.el7_3.x86_64.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: sudo-debuginfo-1.8.6p7-21.el7_3.i686.rpm sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm sudo-devel-1.8.6p7-21.el7_3.i686.rpm sudo-devel-1.8.6p7-21.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7032 https://access.redhat.com/security/cve/CVE-2016-7076 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYRqaEXlSAg2UNWIIRAim8AJ911lHOJS+wAeB6J6uUKy67M+1j7QCaA+Bl WHJJ934ZNL7OsDrkaY4y5QE= =MFFg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 7 19:35:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Dec 2016 19:35:27 +0000 Subject: [RHSA-2016:2919-01] Important: chromium-browser security update Message-ID: <201612071935.uB7JZRk8013247@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:2919-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2919.html Issue date: 2016-12-07 CVE Names: CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 55.0.2883.75. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-9651, CVE-2016-9652, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1400850 - CVE-2016-9651 chromium-browser: private property access in v8 1400851 - CVE-2016-5208 chromium-browser: universal xss in blink 1400852 - CVE-2016-5207 chromium-browser: universal xss in blink 1400853 - CVE-2016-5206 chromium-browser: same-origin bypass in pdfium 1400854 - CVE-2016-5205 chromium-browser: universal xss in blink 1400855 - CVE-2016-5204 chromium-browser: universal xss in blink 1400856 - CVE-2016-5209 chromium-browser: out of bounds write in blink 1400857 - CVE-2016-5203 chromium-browser: use after free in pdfium 1400859 - CVE-2016-5210 chromium-browser: out of bounds write in pdfium 1400861 - CVE-2016-5212 chromium-browser: local file disclosure in devtools 1400862 - CVE-2016-5211 chromium-browser: use after free in pdfium 1400863 - CVE-2016-5213 chromium-browser: use after free in v8 1400864 - CVE-2016-5214 chromium-browser: file download protection bypass 1400865 - CVE-2016-5216 chromium-browser: use after free in pdfium 1400866 - CVE-2016-5215 chromium-browser: use after free in webaudio 1400867 - CVE-2016-5217 chromium-browser: use of unvalidated data in pdfium 1400868 - CVE-2016-5218 chromium-browser: address spoofing in omnibox 1400869 - CVE-2016-5219 chromium-browser: use after free in v8 1400870 - CVE-2016-5221 chromium-browser: integer overflow in angle 1400871 - CVE-2016-5220 chromium-browser: local file access in pdfium 1400872 - CVE-2016-5222 chromium-browser: address spoofing in omnibox 1400873 - CVE-2016-9650 chromium-browser: csp referrer disclosure 1400875 - CVE-2016-5223 chromium-browser: integer overflow in pdfium 1400876 - CVE-2016-5226 chromium-browser: limited xss in blink 1400877 - CVE-2016-5225 chromium-browser: csp bypass in blink 1400878 - CVE-2016-5224 chromium-browser: same-origin bypass in svg 1400879 - CVE-2016-9652 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-55.0.2883.75-1.el6.i686.rpm chromium-browser-debuginfo-55.0.2883.75-1.el6.i686.rpm x86_64: chromium-browser-55.0.2883.75-1.el6.x86_64.rpm chromium-browser-debuginfo-55.0.2883.75-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-55.0.2883.75-1.el6.i686.rpm chromium-browser-debuginfo-55.0.2883.75-1.el6.i686.rpm x86_64: chromium-browser-55.0.2883.75-1.el6.x86_64.rpm chromium-browser-debuginfo-55.0.2883.75-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-55.0.2883.75-1.el6.i686.rpm chromium-browser-debuginfo-55.0.2883.75-1.el6.i686.rpm x86_64: chromium-browser-55.0.2883.75-1.el6.x86_64.rpm chromium-browser-debuginfo-55.0.2883.75-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5203 https://access.redhat.com/security/cve/CVE-2016-5204 https://access.redhat.com/security/cve/CVE-2016-5205 https://access.redhat.com/security/cve/CVE-2016-5206 https://access.redhat.com/security/cve/CVE-2016-5207 https://access.redhat.com/security/cve/CVE-2016-5208 https://access.redhat.com/security/cve/CVE-2016-5209 https://access.redhat.com/security/cve/CVE-2016-5210 https://access.redhat.com/security/cve/CVE-2016-5211 https://access.redhat.com/security/cve/CVE-2016-5212 https://access.redhat.com/security/cve/CVE-2016-5213 https://access.redhat.com/security/cve/CVE-2016-5214 https://access.redhat.com/security/cve/CVE-2016-5215 https://access.redhat.com/security/cve/CVE-2016-5216 https://access.redhat.com/security/cve/CVE-2016-5217 https://access.redhat.com/security/cve/CVE-2016-5218 https://access.redhat.com/security/cve/CVE-2016-5219 https://access.redhat.com/security/cve/CVE-2016-5220 https://access.redhat.com/security/cve/CVE-2016-5221 https://access.redhat.com/security/cve/CVE-2016-5222 https://access.redhat.com/security/cve/CVE-2016-5223 https://access.redhat.com/security/cve/CVE-2016-5224 https://access.redhat.com/security/cve/CVE-2016-5225 https://access.redhat.com/security/cve/CVE-2016-5226 https://access.redhat.com/security/cve/CVE-2016-9650 https://access.redhat.com/security/cve/CVE-2016-9651 https://access.redhat.com/security/cve/CVE-2016-9652 https://access.redhat.com/security/updates/classification/#important https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYSGRcXlSAg2UNWIIRAiHmAJ9Nl7uHXgQUjZU81KybHyCCHmCi8QCgr8fs CEnkb1YITLftO/cJ3o/KLWA= =cu2B -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 7 21:02:18 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Dec 2016 21:02:18 +0000 Subject: [RHSA-2016:2915-01] Important: atomic-openshift security and bug fix update Message-ID: <201612072102.uB7L2IHi017933@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: atomic-openshift security and bug fix update Advisory ID: RHSA-2016:2915-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:2915 Issue date: 2016-12-07 CVE Names: CVE-2016-8651 ===================================================================== 1. Summary: An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.1, 3.2, and 3.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.3 - noarch, x86_64 Red Hat OpenShift Enterprise 3.1 - noarch, x86_64 Red Hat OpenShift Enterprise 3.2 - noarch, x86_64 3. Description: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform releases 3.3.1.7, 3.2.1.21, and 3.1.1.10. See the following advisory for the container images for these releases: https://access.redhat.com/errata/RHBA-2016:2916 Security Fix(es): * An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. (CVE-2016-8651) Bug Fix(es) for OpenShift Container Platform 3.3: * Previously when rapidly updating multiple namespaces controlled by a single ClusterResourceQuota, the status.total.used can get out of sync with the sum of the status.namespaces[*].used. This bug fix ensures the ClusterResourceQuota objects are properly updated. (BZ#1400200) * When using the `oc new-app --search` command in an environment where OpenShift Container Platform (OCP) could not reach Docker Hub, the command failed for any query. OCP now prints a warning and continues with what was found in other sources. (BZ#1388524) * The OpenShift Container Platform node daemon did not recover properly from restarts, and it lost information about attached and mounted volumes. In rare cases, the daemon deleted all data on a mounted volume, thinking that it has been already unmounted while it was only missing its node's cache. This bug fix ensures node caches are recovered after restarts, and as a result no data loss occurs on the mounted volumes. (BZ#1398417) * Previously, ScheduledJobs were not cleaned up on project deletion. If a new project was created with the same project name, the previously-defined ScheduledJobs would re-appear. This bug fix ensures ScheduledJobs are removed when a project is removed. (BZ#1399700) Bug Fix(es) for OpenShift Container Platform 3.2: * When using the `oc new-app --search` command in an environment where OpenShift Container Platform (OCP) could not reach Docker Hub, the command failed for any query. OCP now prints a warning and continues with what was found in other sources. (BZ#1388522) All OpenShift Container Platform users are advised to upgrade to these updated packages and images. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this update, see the following cluster upgrade documentation that relates to your installed version of OpenShift Container Platform. For OpenShift Container Platform 3.3: https://docs.openshift.com/container-platform/3.3/install_config/upgrading/ automated_upgrades.html#upgrading-to-ocp-3-3-asynchronous-releases For OpenShift Container Platform 3.2: https://docs.openshift.com/enterprise/3.2/install_config/upgrading/automate d_upgrades.html#upgrading-to-openshift-enterprise-3-2-asynchronous-releases For OpenShift Container Platform 3.1: https://docs.openshift.com/enterprise/3.1/install_config/upgrading/automate d_upgrades.html#upgrading-to-openshift-enterprise-3-1-asynchronous-releases 5. Bugs fixed (https://bugzilla.redhat.com/): 1388522 - [backport] (3.2) Failed to "oc new-app --search" at the offline environment disconnected to the Internet 1388524 - [backport] (3.3) Failed to "oc new-app --search" at the offline environment disconnected to the Internet 1397987 - CVE-2016-8651 OpenShift Enterprise 3: Pulling of any image is possible with it manifest 1398417 - Data from persistent volumes is wiped after a node service restart 1399700 - Scheduledjob not deleted when project has been deleted 1400200 - ClusterResourceQuota status total doesn't match sum of namespaces 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: atomic-openshift-3.1.1.10-1.git.0.efeef8d.el7aos.src.rpm noarch: atomic-openshift-docker-excluder-3.1.1.10-1.git.0.efeef8d.el7aos.noarch.rpm atomic-openshift-excluder-3.1.1.10-1.git.0.efeef8d.el7aos.noarch.rpm x86_64: atomic-openshift-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-clients-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-clients-redistributable-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-dockerregistry-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-master-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-node-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-pod-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-recycle-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm atomic-openshift-sdn-ovs-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm tuned-profiles-atomic-openshift-node-3.1.1.10-1.git.0.efeef8d.el7aos.x86_64.rpm Red Hat OpenShift Enterprise 3.2: Source: atomic-openshift-3.2.1.21-1.git.0.4250771.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.2.1.21-1.git.0.4250771.el7.noarch.rpm atomic-openshift-excluder-3.2.1.21-1.git.0.4250771.el7.noarch.rpm x86_64: atomic-openshift-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-clients-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-dockerregistry-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-master-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-node-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-pod-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-recycle-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm atomic-openshift-tests-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.2.1.21-1.git.0.4250771.el7.x86_64.rpm Red Hat OpenShift Container Platform 3.3: Source: atomic-openshift-3.3.1.7-1.git.0.0988966.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.3.1.7-1.git.0.0988966.el7.noarch.rpm atomic-openshift-excluder-3.3.1.7-1.git.0.0988966.el7.noarch.rpm x86_64: atomic-openshift-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-clients-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-dockerregistry-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-master-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-node-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-pod-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm atomic-openshift-tests-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.3.1.7-1.git.0.0988966.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8651 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYSHjTXlSAg2UNWIIRAjf3AKCBVHwXqFQ1tRc9E1dxLeWvNn4TRQCfdZVu Jp/Zdi85OIL+aWxTUBx3Fwc= =RShg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 7 22:55:23 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Dec 2016 22:55:23 +0000 Subject: [RHSA-2016:2923-01] Moderate: openstack-cinder and openstack-glance security update Message-ID: <201612072255.uB7MtNTv018627@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder and openstack-glance security update Advisory ID: RHSA-2016:2923-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2923.html Issue date: 2016-12-07 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: Updated openstack-cinder and openstack-glance packages that fix one security issue are now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API. OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. Security Fix(es): * A resource vulnerability in the Block Storage (cinder) and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 1380842 - Creating Encrypted Volumes with Cinder(Ceph backend) gives false positive 1381283 - cinder-api lost SSL in oslo.service wsgi move for Mitaka 1381350 - qemu-img calls need to be restricted by ulimit 1386253 - NetApp Cinder driver: cloning operations are unsuccessful 6. Package List: Red Hat OpenStack Platform 9.0: Source: openstack-cinder-8.1.1-4.el7ost.src.rpm openstack-glance-12.0.0-2.el7ost.src.rpm noarch: openstack-cinder-8.1.1-4.el7ost.noarch.rpm openstack-glance-12.0.0-2.el7ost.noarch.rpm python-cinder-8.1.1-4.el7ost.noarch.rpm python-cinder-tests-8.1.1-4.el7ost.noarch.rpm python-glance-12.0.0-2.el7ost.noarch.rpm python-glance-tests-12.0.0-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYSJNBXlSAg2UNWIIRAqseAJ9mS4L+3LpgAhLLJ+F3q3o671xO3ACfVwIo b923YWt9AfVmMqyeioV/WMM= =Sj+Y -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 8 16:27:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Dec 2016 16:27:57 +0000 Subject: [RHSA-2016:2927-01] Important: rh-mariadb100-mariadb security update Message-ID: <201612081627.uB8GRwNO025465@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mariadb100-mariadb security update Advisory ID: RHSA-2016:2927-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2927.html Issue date: 2016-12-08 CVE Names: CVE-2016-3492 CVE-2016-5612 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-5630 CVE-2016-6662 CVE-2016-6663 CVE-2016-8283 ===================================================================== 1. Summary: An update for rh-mariadb100-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb (10.0.28). Security Fix(es): * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-5630, CVE-2016-8283) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) 1378936 - CVE-2016-6663 CVE-2016-5616 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016) 1386554 - CVE-2016-3492 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) 1386561 - CVE-2016-5612 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) 1386566 - CVE-2016-5624 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) 1386568 - CVE-2016-5626 mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) 1386572 - CVE-2016-5629 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) 1386573 - CVE-2016-5630 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU October 2016) 1386585 - CVE-2016-8283 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mariadb100-mariadb-10.0.28-5.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.28-5.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mariadb100-mariadb-10.0.28-5.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.28-5.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mariadb100-mariadb-10.0.28-5.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.28-5.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.28-5.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mariadb100-mariadb-10.0.28-5.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.28-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-mariadb100-mariadb-10.0.28-5.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.28-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-mariadb100-mariadb-10.0.28-5.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.28-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mariadb100-mariadb-10.0.28-5.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.28-5.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.28-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3492 https://access.redhat.com/security/cve/CVE-2016-5612 https://access.redhat.com/security/cve/CVE-2016-5616 https://access.redhat.com/security/cve/CVE-2016-5624 https://access.redhat.com/security/cve/CVE-2016-5626 https://access.redhat.com/security/cve/CVE-2016-5629 https://access.redhat.com/security/cve/CVE-2016-5630 https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/cve/CVE-2016-6663 https://access.redhat.com/security/cve/CVE-2016-8283 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYSYn4XlSAg2UNWIIRAk2rAJ4w53lWhfYR0entIb/FVhfeAYTywACfSo0f eWEyfSgCqEAJM3lMI3vwQSw= =Tch2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 8 16:28:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Dec 2016 16:28:33 +0000 Subject: [RHSA-2016:2928-01] Important: rh-mariadb101-mariadb security update Message-ID: <201612081628.uB8GSXkF026036@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mariadb101-mariadb security update Advisory ID: RHSA-2016:2928-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2928.html Issue date: 2016-12-08 CVE Names: CVE-2016-3492 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-8283 ===================================================================== 1. Summary: An update for rh-mariadb101-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb (10.1.19). Security Fix(es): * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) 1378936 - CVE-2016-6663 CVE-2016-5616 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016) 1386554 - CVE-2016-3492 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) 1386566 - CVE-2016-5624 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) 1386568 - CVE-2016-5626 mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) 1386572 - CVE-2016-5629 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) 1386585 - CVE-2016-8283 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mariadb101-mariadb-10.1.19-6.el6.src.rpm x86_64: rh-mariadb101-mariadb-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.19-6.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mariadb101-mariadb-10.1.19-6.el6.src.rpm x86_64: rh-mariadb101-mariadb-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.19-6.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mariadb101-mariadb-10.1.19-6.el6.src.rpm x86_64: rh-mariadb101-mariadb-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.19-6.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.19-6.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mariadb101-mariadb-10.1.19-6.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.19-6.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-mariadb101-mariadb-10.1.19-6.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.19-6.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-mariadb101-mariadb-10.1.19-6.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.19-6.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mariadb101-mariadb-10.1.19-6.el7.src.rpm x86_64: rh-mariadb101-mariadb-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.19-6.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.19-6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3492 https://access.redhat.com/security/cve/CVE-2016-5616 https://access.redhat.com/security/cve/CVE-2016-5624 https://access.redhat.com/security/cve/CVE-2016-5626 https://access.redhat.com/security/cve/CVE-2016-5629 https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/cve/CVE-2016-6663 https://access.redhat.com/security/cve/CVE-2016-8283 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10119-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYSYoaXlSAg2UNWIIRAox0AJwMlvYFOi5GldeTBA0ssjAs47G0jQCeL39c zlXS4W/FbsAzCpFc+jTBND4= =sHVD -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 9 08:44:08 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Dec 2016 08:44:08 +0000 Subject: [RHSA-2016:2932-01] Low: python-XStatic-jquery-ui security update Message-ID: <201612090844.uB98i8RT024585@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: python-XStatic-jquery-ui security update Advisory ID: RHSA-2016:2932-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2932.html Issue date: 2016-12-08 CVE Names: CVE-2016-7103 ===================================================================== 1. Summary: An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: jquery-ui javascript library packaged for setuptools (easy_install) / pip. The following packages have been upgraded to a newer upstream version: python-XStatic-jquery-ui (1.12.0.1). (BZ#1371011) Security Fix(es): * It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. (CVE-2016-7103) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1360286 - CVE-2016-7103 jquery-ui: cross-site scripting in dialog closeText 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.src.rpm noarch: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7103 https://access.redhat.com/security/updates/classification/#low https://nodesecurity.io/advisories/127 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYSm6VXlSAg2UNWIIRAsucAJ93Xt1k8IDBBC5339ZbCu3Fv8z45gCgtPSd mErcxYXRG3GmyJFe1jlDnk8= =FFll -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 9 08:45:50 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Dec 2016 08:45:50 +0000 Subject: [RHSA-2016:2933-01] Low: python-XStatic-jquery-ui security update Message-ID: <201612090845.uB98joh9025838@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: python-XStatic-jquery-ui security update Advisory ID: RHSA-2016:2933-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2933.html Issue date: 2016-12-08 CVE Names: CVE-2016-7103 ===================================================================== 1. Summary: An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - noarch 3. Description: jQuery UI is a set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript library. The following packages have been upgraded to a newer upstream version: python-XStatic-jquery-ui (1.12.0.1). (BZ#1371012) Security Fix(es): * It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. (CVE-2016-7103) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1360286 - CVE-2016-7103 jquery-ui: cross-site scripting in dialog closeText 6. Package List: Red Hat OpenStack Platform 9.0: Source: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.src.rpm noarch: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7103 https://access.redhat.com/security/updates/classification/#low https://nodesecurity.io/advisories/127 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYSm7iXlSAg2UNWIIRAgYuAJ9nx/mDxvAMV9GqBVXSoNoAY75kVgCfaiQ4 H411GyUQcGWB9/jQFPqLcPA= =QbgE -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 14 10:13:23 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Dec 2016 10:13:23 +0000 Subject: [RHSA-2016:2946-01] Critical: firefox security update Message-ID: <201612141013.uBEADOiq026383@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:2946-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2946.html Issue date: 2016-12-14 CVE Names: CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Philipp, Wladimir Palant, Nils, Jann Horn, Aral, Andrew Krasichkov, insertscript, Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1404083 - CVE-2016-9899 Mozilla: Use-after-free while manipulating DOM events and audio elements (MFSA 2016-94, MFSA 2016-95) 1404086 - CVE-2016-9895 Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95) 1404087 - CVE-2016-9897 Mozilla: Memory corruption in libGLES (MFSA 2016-94, MFSA 2016-95) 1404089 - CVE-2016-9898 Mozilla: Use-after-free in Editor while manipulating DOM subtrees (MFSA 2016-94, MFSA 2016-95) 1404090 - CVE-2016-9900 Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95) 1404091 - CVE-2016-9904 Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95) 1404094 - CVE-2016-9905 Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95) 1404096 - CVE-2016-9893 Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95) 1404358 - CVE-2016-9901 Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95) 1404359 - CVE-2016-9902 Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-45.6.0-1.el5_11.src.rpm i386: firefox-45.6.0-1.el5_11.i386.rpm firefox-debuginfo-45.6.0-1.el5_11.i386.rpm x86_64: firefox-45.6.0-1.el5_11.i386.rpm firefox-45.6.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.6.0-1.el5_11.i386.rpm firefox-debuginfo-45.6.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-45.6.0-1.el5_11.src.rpm i386: firefox-45.6.0-1.el5_11.i386.rpm firefox-debuginfo-45.6.0-1.el5_11.i386.rpm ppc: firefox-45.6.0-1.el5_11.ppc64.rpm firefox-debuginfo-45.6.0-1.el5_11.ppc64.rpm s390x: firefox-45.6.0-1.el5_11.s390.rpm firefox-45.6.0-1.el5_11.s390x.rpm firefox-debuginfo-45.6.0-1.el5_11.s390.rpm firefox-debuginfo-45.6.0-1.el5_11.s390x.rpm x86_64: firefox-45.6.0-1.el5_11.i386.rpm firefox-45.6.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.6.0-1.el5_11.i386.rpm firefox-debuginfo-45.6.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-45.6.0-1.el6_8.src.rpm i386: firefox-45.6.0-1.el6_8.i686.rpm firefox-debuginfo-45.6.0-1.el6_8.i686.rpm x86_64: firefox-45.6.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.6.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-45.6.0-1.el6_8.i686.rpm firefox-debuginfo-45.6.0-1.el6_8.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-45.6.0-1.el6_8.src.rpm x86_64: firefox-45.6.0-1.el6_8.i686.rpm firefox-45.6.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.6.0-1.el6_8.i686.rpm firefox-debuginfo-45.6.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-45.6.0-1.el6_8.src.rpm i386: firefox-45.6.0-1.el6_8.i686.rpm firefox-debuginfo-45.6.0-1.el6_8.i686.rpm ppc64: firefox-45.6.0-1.el6_8.ppc64.rpm firefox-debuginfo-45.6.0-1.el6_8.ppc64.rpm s390x: firefox-45.6.0-1.el6_8.s390x.rpm firefox-debuginfo-45.6.0-1.el6_8.s390x.rpm x86_64: firefox-45.6.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.6.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-45.6.0-1.el6_8.ppc.rpm firefox-debuginfo-45.6.0-1.el6_8.ppc.rpm s390x: firefox-45.6.0-1.el6_8.s390.rpm firefox-debuginfo-45.6.0-1.el6_8.s390.rpm x86_64: firefox-45.6.0-1.el6_8.i686.rpm firefox-debuginfo-45.6.0-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-45.6.0-1.el6_8.src.rpm i386: firefox-45.6.0-1.el6_8.i686.rpm firefox-debuginfo-45.6.0-1.el6_8.i686.rpm x86_64: firefox-45.6.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.6.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-45.6.0-1.el6_8.i686.rpm firefox-debuginfo-45.6.0-1.el6_8.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-45.6.0-1.el7_3.src.rpm x86_64: firefox-45.6.0-1.el7_3.x86_64.rpm firefox-debuginfo-45.6.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-45.6.0-1.el7_3.i686.rpm firefox-debuginfo-45.6.0-1.el7_3.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-45.6.0-1.el7_3.src.rpm aarch64: firefox-45.6.0-1.el7_3.aarch64.rpm firefox-debuginfo-45.6.0-1.el7_3.aarch64.rpm ppc64: firefox-45.6.0-1.el7_3.ppc64.rpm firefox-debuginfo-45.6.0-1.el7_3.ppc64.rpm ppc64le: firefox-45.6.0-1.el7_3.ppc64le.rpm firefox-debuginfo-45.6.0-1.el7_3.ppc64le.rpm s390x: firefox-45.6.0-1.el7_3.s390x.rpm firefox-debuginfo-45.6.0-1.el7_3.s390x.rpm x86_64: firefox-45.6.0-1.el7_3.x86_64.rpm firefox-debuginfo-45.6.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-45.6.0-1.el7_3.ppc.rpm firefox-debuginfo-45.6.0-1.el7_3.ppc.rpm s390x: firefox-45.6.0-1.el7_3.s390.rpm firefox-debuginfo-45.6.0-1.el7_3.s390.rpm x86_64: firefox-45.6.0-1.el7_3.i686.rpm firefox-debuginfo-45.6.0-1.el7_3.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-45.6.0-1.el7_3.src.rpm x86_64: firefox-45.6.0-1.el7_3.x86_64.rpm firefox-debuginfo-45.6.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-45.6.0-1.el7_3.i686.rpm firefox-debuginfo-45.6.0-1.el7_3.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9893 https://access.redhat.com/security/cve/CVE-2016-9895 https://access.redhat.com/security/cve/CVE-2016-9897 https://access.redhat.com/security/cve/CVE-2016-9898 https://access.redhat.com/security/cve/CVE-2016-9899 https://access.redhat.com/security/cve/CVE-2016-9900 https://access.redhat.com/security/cve/CVE-2016-9901 https://access.redhat.com/security/cve/CVE-2016-9902 https://access.redhat.com/security/cve/CVE-2016-9904 https://access.redhat.com/security/cve/CVE-2016-9905 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.6 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYURs4XlSAg2UNWIIRAh+iAJ9UCJrM0i4CBLAcqYtD8f0m0gbFoQCguPRH bqKuysXEtehsUMcw/d5Rcwg= =VL2T -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 14 13:04:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Dec 2016 13:04:33 +0000 Subject: [RHSA-2016:2947-01] Critical: flash-plugin security update Message-ID: <201612141304.uBED4YaF016173@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:2947-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2947.html Issue date: 2016-12-14 CVE Names: CVE-2016-7867 CVE-2016-7868 CVE-2016-7869 CVE-2016-7870 CVE-2016-7871 CVE-2016-7872 CVE-2016-7873 CVE-2016-7874 CVE-2016-7875 CVE-2016-7876 CVE-2016-7877 CVE-2016-7878 CVE-2016-7879 CVE-2016-7880 CVE-2016-7881 CVE-2016-7890 CVE-2016-7892 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.186. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1404307 - flash-plugin: multiple code execution issues fixed in APSB16-39 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-24.0.0.186-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.186-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-24.0.0.186-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.186-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-24.0.0.186-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.186-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7867 https://access.redhat.com/security/cve/CVE-2016-7868 https://access.redhat.com/security/cve/CVE-2016-7869 https://access.redhat.com/security/cve/CVE-2016-7870 https://access.redhat.com/security/cve/CVE-2016-7871 https://access.redhat.com/security/cve/CVE-2016-7872 https://access.redhat.com/security/cve/CVE-2016-7873 https://access.redhat.com/security/cve/CVE-2016-7874 https://access.redhat.com/security/cve/CVE-2016-7875 https://access.redhat.com/security/cve/CVE-2016-7876 https://access.redhat.com/security/cve/CVE-2016-7877 https://access.redhat.com/security/cve/CVE-2016-7878 https://access.redhat.com/security/cve/CVE-2016-7879 https://access.redhat.com/security/cve/CVE-2016-7880 https://access.redhat.com/security/cve/CVE-2016-7881 https://access.redhat.com/security/cve/CVE-2016-7890 https://access.redhat.com/security/cve/CVE-2016-7892 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-39.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYUUNIXlSAg2UNWIIRAqmUAJ0WFw5f9zLJMXJ6dV4EKvqwjB6gbgCeLXVW HBcDgja9F69F5oI1iifGsq8= =AA6d -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 12:52:45 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2016 12:52:45 +0000 Subject: [RHSA-2016:2962-01] Important: kernel security and bug fix update Message-ID: <201612201252.uBKCqKDK018680@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:2962-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2962.html Issue date: 2016-12-20 CVE Names: CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) Bug Fix(es): * Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1391167) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-417.el5.src.rpm i386: kernel-2.6.18-417.el5.i686.rpm kernel-PAE-2.6.18-417.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-417.el5.i686.rpm kernel-PAE-devel-2.6.18-417.el5.i686.rpm kernel-debug-2.6.18-417.el5.i686.rpm kernel-debug-debuginfo-2.6.18-417.el5.i686.rpm kernel-debug-devel-2.6.18-417.el5.i686.rpm kernel-debuginfo-2.6.18-417.el5.i686.rpm kernel-debuginfo-common-2.6.18-417.el5.i686.rpm kernel-devel-2.6.18-417.el5.i686.rpm kernel-headers-2.6.18-417.el5.i386.rpm kernel-xen-2.6.18-417.el5.i686.rpm kernel-xen-debuginfo-2.6.18-417.el5.i686.rpm kernel-xen-devel-2.6.18-417.el5.i686.rpm noarch: kernel-doc-2.6.18-417.el5.noarch.rpm x86_64: kernel-2.6.18-417.el5.x86_64.rpm kernel-debug-2.6.18-417.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-417.el5.x86_64.rpm kernel-debug-devel-2.6.18-417.el5.x86_64.rpm kernel-debuginfo-2.6.18-417.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-417.el5.x86_64.rpm kernel-devel-2.6.18-417.el5.x86_64.rpm kernel-headers-2.6.18-417.el5.x86_64.rpm kernel-xen-2.6.18-417.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-417.el5.x86_64.rpm kernel-xen-devel-2.6.18-417.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-417.el5.src.rpm i386: kernel-2.6.18-417.el5.i686.rpm kernel-PAE-2.6.18-417.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-417.el5.i686.rpm kernel-PAE-devel-2.6.18-417.el5.i686.rpm kernel-debug-2.6.18-417.el5.i686.rpm kernel-debug-debuginfo-2.6.18-417.el5.i686.rpm kernel-debug-devel-2.6.18-417.el5.i686.rpm kernel-debuginfo-2.6.18-417.el5.i686.rpm kernel-debuginfo-common-2.6.18-417.el5.i686.rpm kernel-devel-2.6.18-417.el5.i686.rpm kernel-headers-2.6.18-417.el5.i386.rpm kernel-xen-2.6.18-417.el5.i686.rpm kernel-xen-debuginfo-2.6.18-417.el5.i686.rpm kernel-xen-devel-2.6.18-417.el5.i686.rpm ia64: kernel-2.6.18-417.el5.ia64.rpm kernel-debug-2.6.18-417.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-417.el5.ia64.rpm kernel-debug-devel-2.6.18-417.el5.ia64.rpm kernel-debuginfo-2.6.18-417.el5.ia64.rpm kernel-debuginfo-common-2.6.18-417.el5.ia64.rpm kernel-devel-2.6.18-417.el5.ia64.rpm kernel-headers-2.6.18-417.el5.ia64.rpm kernel-xen-2.6.18-417.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-417.el5.ia64.rpm kernel-xen-devel-2.6.18-417.el5.ia64.rpm noarch: kernel-doc-2.6.18-417.el5.noarch.rpm ppc: kernel-2.6.18-417.el5.ppc64.rpm kernel-debug-2.6.18-417.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-417.el5.ppc64.rpm kernel-debug-devel-2.6.18-417.el5.ppc64.rpm kernel-debuginfo-2.6.18-417.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-417.el5.ppc64.rpm kernel-devel-2.6.18-417.el5.ppc64.rpm kernel-headers-2.6.18-417.el5.ppc.rpm kernel-headers-2.6.18-417.el5.ppc64.rpm kernel-kdump-2.6.18-417.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-417.el5.ppc64.rpm kernel-kdump-devel-2.6.18-417.el5.ppc64.rpm s390x: kernel-2.6.18-417.el5.s390x.rpm kernel-debug-2.6.18-417.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-417.el5.s390x.rpm kernel-debug-devel-2.6.18-417.el5.s390x.rpm kernel-debuginfo-2.6.18-417.el5.s390x.rpm kernel-debuginfo-common-2.6.18-417.el5.s390x.rpm kernel-devel-2.6.18-417.el5.s390x.rpm kernel-headers-2.6.18-417.el5.s390x.rpm kernel-kdump-2.6.18-417.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-417.el5.s390x.rpm kernel-kdump-devel-2.6.18-417.el5.s390x.rpm x86_64: kernel-2.6.18-417.el5.x86_64.rpm kernel-debug-2.6.18-417.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-417.el5.x86_64.rpm kernel-debug-devel-2.6.18-417.el5.x86_64.rpm kernel-debuginfo-2.6.18-417.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-417.el5.x86_64.rpm kernel-devel-2.6.18-417.el5.x86_64.rpm kernel-headers-2.6.18-417.el5.x86_64.rpm kernel-xen-2.6.18-417.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-417.el5.x86_64.rpm kernel-xen-devel-2.6.18-417.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYWSl4XlSAg2UNWIIRAuhUAKCzXdjAvE9g2c5Pb4itcV4qzcv6vwCghGws Cfg6UoqqgzFKdI+Pi6E2vdA= =6ld/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:27:20 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2016 10:27:20 -0500 Subject: [RHSA-2016:2963-01] Important: xen security update Message-ID: <201612201527.uBKFRK5c026134@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2016:2963-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2963.html Issue date: 2016-12-20 CVE Names: CVE-2016-9637 ===================================================================== 1. Summary: An update for xen is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Multi OS (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: Xen is a virtual machine monitor Security Fix(es): * An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. (CVE-2016-9637) Red Hat would like to thank the Xen project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1397043 - CVE-2016-9637 XSA199 Xen: qemu ioport out-of-bounds array access (XSA-199) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: xen-3.0.3-148.el5_11.src.rpm i386: xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-libs-3.0.3-148.el5_11.i386.rpm x86_64: xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-debuginfo-3.0.3-148.el5_11.x86_64.rpm xen-libs-3.0.3-148.el5_11.i386.rpm xen-libs-3.0.3-148.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Multi OS (v. 5 client): Source: xen-3.0.3-148.el5_11.src.rpm i386: xen-3.0.3-148.el5_11.i386.rpm xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-devel-3.0.3-148.el5_11.i386.rpm x86_64: xen-3.0.3-148.el5_11.x86_64.rpm xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-debuginfo-3.0.3-148.el5_11.x86_64.rpm xen-devel-3.0.3-148.el5_11.i386.rpm xen-devel-3.0.3-148.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: xen-3.0.3-148.el5_11.src.rpm i386: xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-libs-3.0.3-148.el5_11.i386.rpm ia64: xen-debuginfo-3.0.3-148.el5_11.ia64.rpm xen-libs-3.0.3-148.el5_11.ia64.rpm x86_64: xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-debuginfo-3.0.3-148.el5_11.x86_64.rpm xen-libs-3.0.3-148.el5_11.i386.rpm xen-libs-3.0.3-148.el5_11.x86_64.rpm Red Hat Enterprise Linux Virtualization (v. 5 server): Source: xen-3.0.3-148.el5_11.src.rpm i386: xen-3.0.3-148.el5_11.i386.rpm xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-devel-3.0.3-148.el5_11.i386.rpm ia64: xen-3.0.3-148.el5_11.ia64.rpm xen-debuginfo-3.0.3-148.el5_11.ia64.rpm xen-devel-3.0.3-148.el5_11.ia64.rpm x86_64: xen-3.0.3-148.el5_11.x86_64.rpm xen-debuginfo-3.0.3-148.el5_11.i386.rpm xen-debuginfo-3.0.3-148.el5_11.x86_64.rpm xen-devel-3.0.3-148.el5_11.i386.rpm xen-devel-3.0.3-148.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9637 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYWU3XXlSAg2UNWIIRAm1fAKCqoXKBBxTgP0iDtpGJMMFRF8wkPQCfRJ1L G2OeLcJ0oKyjQf6y901pd10= =vFHR -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 21 05:35:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Dec 2016 00:35:04 -0500 Subject: [RHSA-2016:2972-01] Moderate: vim security update Message-ID: <201612210535.uBL5Z4uo017021@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: vim security update Advisory ID: RHSA-2016:2972-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2972.html Issue date: 2016-12-21 CVE Names: CVE-2016-1248 ===================================================================== 1. Summary: An update for vim is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1398227 - CVE-2016-1248 vim: Lack of validation of values for few options results in code exection 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: vim-7.4.629-5.el6_8.1.src.rpm i386: vim-X11-7.4.629-5.el6_8.1.i686.rpm vim-common-7.4.629-5.el6_8.1.i686.rpm vim-debuginfo-7.4.629-5.el6_8.1.i686.rpm vim-enhanced-7.4.629-5.el6_8.1.i686.rpm vim-filesystem-7.4.629-5.el6_8.1.i686.rpm vim-minimal-7.4.629-5.el6_8.1.i686.rpm x86_64: vim-X11-7.4.629-5.el6_8.1.x86_64.rpm vim-common-7.4.629-5.el6_8.1.x86_64.rpm vim-debuginfo-7.4.629-5.el6_8.1.x86_64.rpm vim-enhanced-7.4.629-5.el6_8.1.x86_64.rpm vim-filesystem-7.4.629-5.el6_8.1.x86_64.rpm vim-minimal-7.4.629-5.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: vim-7.4.629-5.el6_8.1.src.rpm x86_64: vim-common-7.4.629-5.el6_8.1.x86_64.rpm vim-debuginfo-7.4.629-5.el6_8.1.x86_64.rpm vim-enhanced-7.4.629-5.el6_8.1.x86_64.rpm vim-filesystem-7.4.629-5.el6_8.1.x86_64.rpm vim-minimal-7.4.629-5.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: vim-X11-7.4.629-5.el6_8.1.x86_64.rpm vim-debuginfo-7.4.629-5.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: vim-7.4.629-5.el6_8.1.src.rpm i386: vim-X11-7.4.629-5.el6_8.1.i686.rpm vim-common-7.4.629-5.el6_8.1.i686.rpm vim-debuginfo-7.4.629-5.el6_8.1.i686.rpm vim-enhanced-7.4.629-5.el6_8.1.i686.rpm vim-filesystem-7.4.629-5.el6_8.1.i686.rpm vim-minimal-7.4.629-5.el6_8.1.i686.rpm ppc64: vim-X11-7.4.629-5.el6_8.1.ppc64.rpm vim-common-7.4.629-5.el6_8.1.ppc64.rpm vim-debuginfo-7.4.629-5.el6_8.1.ppc64.rpm vim-enhanced-7.4.629-5.el6_8.1.ppc64.rpm vim-filesystem-7.4.629-5.el6_8.1.ppc64.rpm vim-minimal-7.4.629-5.el6_8.1.ppc64.rpm s390x: vim-X11-7.4.629-5.el6_8.1.s390x.rpm vim-common-7.4.629-5.el6_8.1.s390x.rpm vim-debuginfo-7.4.629-5.el6_8.1.s390x.rpm vim-enhanced-7.4.629-5.el6_8.1.s390x.rpm vim-filesystem-7.4.629-5.el6_8.1.s390x.rpm vim-minimal-7.4.629-5.el6_8.1.s390x.rpm x86_64: vim-X11-7.4.629-5.el6_8.1.x86_64.rpm vim-common-7.4.629-5.el6_8.1.x86_64.rpm vim-debuginfo-7.4.629-5.el6_8.1.x86_64.rpm vim-enhanced-7.4.629-5.el6_8.1.x86_64.rpm vim-filesystem-7.4.629-5.el6_8.1.x86_64.rpm vim-minimal-7.4.629-5.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: vim-7.4.629-5.el6_8.1.src.rpm i386: vim-X11-7.4.629-5.el6_8.1.i686.rpm vim-common-7.4.629-5.el6_8.1.i686.rpm vim-debuginfo-7.4.629-5.el6_8.1.i686.rpm vim-enhanced-7.4.629-5.el6_8.1.i686.rpm vim-filesystem-7.4.629-5.el6_8.1.i686.rpm vim-minimal-7.4.629-5.el6_8.1.i686.rpm x86_64: vim-X11-7.4.629-5.el6_8.1.x86_64.rpm vim-common-7.4.629-5.el6_8.1.x86_64.rpm vim-debuginfo-7.4.629-5.el6_8.1.x86_64.rpm vim-enhanced-7.4.629-5.el6_8.1.x86_64.rpm vim-filesystem-7.4.629-5.el6_8.1.x86_64.rpm vim-minimal-7.4.629-5.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: vim-7.4.160-1.el7_3.1.src.rpm x86_64: vim-X11-7.4.160-1.el7_3.1.x86_64.rpm vim-common-7.4.160-1.el7_3.1.x86_64.rpm vim-debuginfo-7.4.160-1.el7_3.1.x86_64.rpm vim-enhanced-7.4.160-1.el7_3.1.x86_64.rpm vim-filesystem-7.4.160-1.el7_3.1.x86_64.rpm vim-minimal-7.4.160-1.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: vim-7.4.160-1.el7_3.1.src.rpm x86_64: vim-common-7.4.160-1.el7_3.1.x86_64.rpm vim-debuginfo-7.4.160-1.el7_3.1.x86_64.rpm vim-enhanced-7.4.160-1.el7_3.1.x86_64.rpm vim-filesystem-7.4.160-1.el7_3.1.x86_64.rpm vim-minimal-7.4.160-1.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: vim-X11-7.4.160-1.el7_3.1.x86_64.rpm vim-debuginfo-7.4.160-1.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: vim-7.4.160-1.el7_3.1.src.rpm aarch64: vim-X11-7.4.160-1.el7_3.1.aarch64.rpm vim-common-7.4.160-1.el7_3.1.aarch64.rpm vim-debuginfo-7.4.160-1.el7_3.1.aarch64.rpm vim-enhanced-7.4.160-1.el7_3.1.aarch64.rpm vim-filesystem-7.4.160-1.el7_3.1.aarch64.rpm vim-minimal-7.4.160-1.el7_3.1.aarch64.rpm ppc64: vim-X11-7.4.160-1.el7_3.1.ppc64.rpm vim-common-7.4.160-1.el7_3.1.ppc64.rpm vim-debuginfo-7.4.160-1.el7_3.1.ppc64.rpm vim-enhanced-7.4.160-1.el7_3.1.ppc64.rpm vim-filesystem-7.4.160-1.el7_3.1.ppc64.rpm vim-minimal-7.4.160-1.el7_3.1.ppc64.rpm ppc64le: vim-X11-7.4.160-1.el7_3.1.ppc64le.rpm vim-common-7.4.160-1.el7_3.1.ppc64le.rpm vim-debuginfo-7.4.160-1.el7_3.1.ppc64le.rpm vim-enhanced-7.4.160-1.el7_3.1.ppc64le.rpm vim-filesystem-7.4.160-1.el7_3.1.ppc64le.rpm vim-minimal-7.4.160-1.el7_3.1.ppc64le.rpm s390x: vim-X11-7.4.160-1.el7_3.1.s390x.rpm vim-common-7.4.160-1.el7_3.1.s390x.rpm vim-debuginfo-7.4.160-1.el7_3.1.s390x.rpm vim-enhanced-7.4.160-1.el7_3.1.s390x.rpm vim-filesystem-7.4.160-1.el7_3.1.s390x.rpm vim-minimal-7.4.160-1.el7_3.1.s390x.rpm x86_64: vim-X11-7.4.160-1.el7_3.1.x86_64.rpm vim-common-7.4.160-1.el7_3.1.x86_64.rpm vim-debuginfo-7.4.160-1.el7_3.1.x86_64.rpm vim-enhanced-7.4.160-1.el7_3.1.x86_64.rpm vim-filesystem-7.4.160-1.el7_3.1.x86_64.rpm vim-minimal-7.4.160-1.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: vim-7.4.160-1.el7_3.1.src.rpm x86_64: vim-X11-7.4.160-1.el7_3.1.x86_64.rpm vim-common-7.4.160-1.el7_3.1.x86_64.rpm vim-debuginfo-7.4.160-1.el7_3.1.x86_64.rpm vim-enhanced-7.4.160-1.el7_3.1.x86_64.rpm vim-filesystem-7.4.160-1.el7_3.1.x86_64.rpm vim-minimal-7.4.160-1.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1248 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYWhSEXlSAg2UNWIIRAjN4AKCg5SQlY6DGCsdpIEXjakAu7LEH3gCfcNvR Qo2CwW2cSnay/xMmfvAFMFI= =MlRI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 21 10:02:12 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Dec 2016 10:02:12 +0000 Subject: [RHSA-2016:2973-01] Important: thunderbird security update Message-ID: <201612211002.uBLA2Dt9022526@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2016:2973-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2973.html Issue date: 2016-12-21 CVE Names: CVE-2016-9893 CVE-2016-9895 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9905 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9905) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Wladimir Palant, Philipp, Andrew Krasichkov, insertscript, Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1404083 - CVE-2016-9899 Mozilla: Use-after-free while manipulating DOM events and audio elements (MFSA 2016-94, MFSA 2016-95) 1404086 - CVE-2016-9895 Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95) 1404090 - CVE-2016-9900 Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95) 1404094 - CVE-2016-9905 Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95) 1404096 - CVE-2016-9893 Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95) 1404358 - CVE-2016-9901 Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95) 1404359 - CVE-2016-9902 Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-45.6.0-1.el5_11.src.rpm i386: thunderbird-45.6.0-1.el5_11.i386.rpm thunderbird-debuginfo-45.6.0-1.el5_11.i386.rpm x86_64: thunderbird-45.6.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-45.6.0-1.el5_11.src.rpm i386: thunderbird-45.6.0-1.el5_11.i386.rpm thunderbird-debuginfo-45.6.0-1.el5_11.i386.rpm x86_64: thunderbird-45.6.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-45.6.0-1.el6_8.src.rpm i386: thunderbird-45.6.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.6.0-1.el6_8.i686.rpm x86_64: thunderbird-45.6.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-45.6.0-1.el6_8.src.rpm i386: thunderbird-45.6.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.6.0-1.el6_8.i686.rpm ppc64: thunderbird-45.6.0-1.el6_8.ppc64.rpm thunderbird-debuginfo-45.6.0-1.el6_8.ppc64.rpm s390x: thunderbird-45.6.0-1.el6_8.s390x.rpm thunderbird-debuginfo-45.6.0-1.el6_8.s390x.rpm x86_64: thunderbird-45.6.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-45.6.0-1.el6_8.src.rpm i386: thunderbird-45.6.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.6.0-1.el6_8.i686.rpm x86_64: thunderbird-45.6.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-45.6.0-1.el7_3.src.rpm x86_64: thunderbird-45.6.0-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-45.6.0-1.el7_3.src.rpm aarch64: thunderbird-45.6.0-1.el7_3.aarch64.rpm thunderbird-debuginfo-45.6.0-1.el7_3.aarch64.rpm ppc64le: thunderbird-45.6.0-1.el7_3.ppc64le.rpm thunderbird-debuginfo-45.6.0-1.el7_3.ppc64le.rpm x86_64: thunderbird-45.6.0-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-45.6.0-1.el7_3.src.rpm x86_64: thunderbird-45.6.0-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.6.0-1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9893 https://access.redhat.com/security/cve/CVE-2016-9895 https://access.redhat.com/security/cve/CVE-2016-9899 https://access.redhat.com/security/cve/CVE-2016-9900 https://access.redhat.com/security/cve/CVE-2016-9901 https://access.redhat.com/security/cve/CVE-2016-9902 https://access.redhat.com/security/cve/CVE-2016-9905 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYWlMfXlSAg2UNWIIRAiNoAKCwtMYDqaZ1/XWRLmh4b+yo+JZmeACdFQmG 3kx80YpOWkDWUOSvbANGfEY= =B6Uj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 21 12:37:45 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Dec 2016 12:37:45 +0000 Subject: [RHSA-2016:2974-01] Important: gstreamer-plugins-bad-free security update Message-ID: <201612211237.uBLCbksr003582@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gstreamer-plugins-bad-free security update Advisory ID: RHSA-2016:2974-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2974.html Issue date: 2016-12-21 CVE Names: CVE-2016-9445 CVE-2016-9447 ===================================================================== 1. Summary: An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9447) Note: This updates removes the vulnerable Nintendo NSF plug-in. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1395126 - CVE-2016-9447 gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder 1395767 - CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: gstreamer-plugins-bad-free-0.10.19-5.el6_8.src.rpm i386: gstreamer-plugins-bad-free-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm x86_64: gstreamer-plugins-bad-free-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.i686.rpm x86_64: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: gstreamer-plugins-bad-free-0.10.19-5.el6_8.src.rpm i386: gstreamer-plugins-bad-free-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm ppc64: gstreamer-plugins-bad-free-0.10.19-5.el6_8.ppc.rpm gstreamer-plugins-bad-free-0.10.19-5.el6_8.ppc64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.ppc.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.ppc64.rpm s390x: gstreamer-plugins-bad-free-0.10.19-5.el6_8.s390.rpm gstreamer-plugins-bad-free-0.10.19-5.el6_8.s390x.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.s390.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.s390x.rpm x86_64: gstreamer-plugins-bad-free-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.i686.rpm ppc64: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.ppc.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.ppc64.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.ppc.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.ppc64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.ppc64.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.ppc.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.ppc64.rpm s390x: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.s390.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.s390x.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.s390.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.s390x.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.s390x.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.s390.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.s390x.rpm x86_64: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: gstreamer-plugins-bad-free-0.10.19-5.el6_8.src.rpm i386: gstreamer-plugins-bad-free-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm x86_64: gstreamer-plugins-bad-free-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.i686.rpm x86_64: gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-devel-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.19-5.el6_8.x86_64.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.i686.rpm gstreamer-plugins-bad-free-extras-0.10.19-5.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9445 https://access.redhat.com/security/cve/CVE-2016-9447 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYWnePXlSAg2UNWIIRAiQIAJ4rnkAmiR3WJao106GCiFa/pdRF6gCgtaIS OItwduDyEi+kw40mI35CbO0= =PLQh -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 21 12:38:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Dec 2016 12:38:53 +0000 Subject: [RHSA-2016:2975-01] Important: gstreamer-plugins-good security update Message-ID: <201612211238.uBLCcsDT013704@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gstreamer-plugins-good security update Advisory ID: RHSA-2016:2975-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2975.html Issue date: 2016-12-21 CVE Names: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 ===================================================================== 1. Summary: An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This updates removes the vulnerable FLC/FLI/FLX plug-in. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1397441 - CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 gstreamer-plugins-good: Heap buffer overflow in FLIC decoder 1401874 - CVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: gstreamer-plugins-good-0.10.23-4.el6_8.src.rpm i386: gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm x86_64: gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm x86_64: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: gstreamer-plugins-good-0.10.23-4.el6_8.src.rpm x86_64: gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: gstreamer-plugins-good-0.10.23-4.el6_8.src.rpm i386: gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm ppc64: gstreamer-plugins-good-0.10.23-4.el6_8.ppc.rpm gstreamer-plugins-good-0.10.23-4.el6_8.ppc64.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.ppc.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.ppc64.rpm s390x: gstreamer-plugins-good-0.10.23-4.el6_8.s390.rpm gstreamer-plugins-good-0.10.23-4.el6_8.s390x.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.s390.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.s390x.rpm x86_64: gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm ppc64: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.ppc.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.ppc64.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.ppc.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.ppc64.rpm s390x: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.s390.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.s390x.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.s390.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.s390x.rpm x86_64: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: gstreamer-plugins-good-0.10.23-4.el6_8.src.rpm i386: gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm x86_64: gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm x86_64: gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm gstreamer-plugins-good-devel-0.10.23-4.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9634 https://access.redhat.com/security/cve/CVE-2016-9635 https://access.redhat.com/security/cve/CVE-2016-9636 https://access.redhat.com/security/cve/CVE-2016-9807 https://access.redhat.com/security/cve/CVE-2016-9808 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYWnfUXlSAg2UNWIIRAr3AAKC1+ScIHk2W+CH6hNVDLwvb0WguBwCgvO5w PKJVGNNh7v4L+2PDQMn2dYg= =J5zt -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 22 00:12:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Dec 2016 00:12:10 +0000 Subject: [RHSA-2016:2991-01] Moderate: openstack-cinder, openstack-glance, and openstack-nova update Message-ID: <201612220012.uBM0CBZZ006296@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder, openstack-glance, and openstack-nova update Advisory ID: RHSA-2016:2991-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2991.html Issue date: 2016-12-21 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: An update for openstack-nova, openstack-cinder, and openstack-glance is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API. OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. The following packages have been upgraded to a newer upstream version: openstack-nova (12.0.5), openstack-cinder (7.0.3), openstack-glance (11.0.1). (BZ#1381466, BZ#1396263) Security Fix(es): * A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) This issue was discovered by Richard W.M. Jones (Red Hat). Bug Fix(es): * There is a known issue with Unicode string handling in the OSProfiler library. Consequently, the creation of a Block Storage (cinder) snapshot will fail if it uses non-ASCII characters. With this update, the OSProfiler library is not loaded unless it is specifically enabled in the cinder configuration. As a result, the Unicode handling issue in OSProfiler is still present, and will result in the same failure if OSProfiler is used, however it will be unlikely to occur in most cinder configurations. A more in-depth resolution for this issue is not currently in scope. (BZ#1383899) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 1357461 - Incorrect host cpu is given to emulator threads when cpu_realtime_mask flag is set. 1379385 - Floating IP shows as associated in Nova after deletion[rhos-8.0] 1381466 - rebase to 12.0.5 1381534 - Multi-Ephemeral instance Live Block Migration fails silently 1381965 - [Backport] Block based migration doesn't work for instances that have a volume attached 1383899 - Can not create cinder snapshot if the description contains non-ascii code 1385486 - [8.0.z] After upgrading from RHOSP 6 to RHOSP 8 existing instances fail to start. 1386263 - NetApp Cinder driver: cloning operations are unsuccessful 1387467 - glance image-create owner option not working 1387617 - Can't do image-create for suspended instance booted from volume [RHOS-8] 1390109 - [tempest] test_delete_attached_volume fails in RHOS8 1396263 - Rebase to 7.0.3 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: openstack-cinder-7.0.3-1.el7ost.src.rpm openstack-glance-11.0.1-6.el7ost.src.rpm openstack-nova-12.0.5-9.el7ost.src.rpm noarch: openstack-cinder-7.0.3-1.el7ost.noarch.rpm openstack-glance-11.0.1-6.el7ost.noarch.rpm openstack-nova-12.0.5-9.el7ost.noarch.rpm openstack-nova-api-12.0.5-9.el7ost.noarch.rpm openstack-nova-cells-12.0.5-9.el7ost.noarch.rpm openstack-nova-cert-12.0.5-9.el7ost.noarch.rpm openstack-nova-common-12.0.5-9.el7ost.noarch.rpm openstack-nova-compute-12.0.5-9.el7ost.noarch.rpm openstack-nova-conductor-12.0.5-9.el7ost.noarch.rpm openstack-nova-console-12.0.5-9.el7ost.noarch.rpm openstack-nova-network-12.0.5-9.el7ost.noarch.rpm openstack-nova-novncproxy-12.0.5-9.el7ost.noarch.rpm openstack-nova-objectstore-12.0.5-9.el7ost.noarch.rpm openstack-nova-scheduler-12.0.5-9.el7ost.noarch.rpm openstack-nova-serialproxy-12.0.5-9.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-12.0.5-9.el7ost.noarch.rpm python-cinder-7.0.3-1.el7ost.noarch.rpm python-glance-11.0.1-6.el7ost.noarch.rpm python-nova-12.0.5-9.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYWxoXXlSAg2UNWIIRAic+AJ0flE7NcZDWStmz04/AatldiZ7ZzgCeN/3a c+47Wktos6ch9UQHXpp1IdI= =Xah4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 22 04:18:42 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Dec 2016 04:18:42 +0000 Subject: [RHSA-2016:2996-01] Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support Three-Month Notice Message-ID: <201612220418.uBM4IhJl023156@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support Three-Month Notice Advisory ID: RHSA-2016:2996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2996.html Issue date: 2016-12-22 ===================================================================== 1. Summary: This is the Three-Month notification for the retirement of Red Hat Enterprise Linux 4 Extended Life Cycle Support Add-On (ELS). This notification applies only to those customers subscribed to the Extended Life Cycle Support (ELS) channel for Red Hat Enterprise Linux 4. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017. In addition, on-going technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: redhat-release-4AS-10.14.src.rpm i386: redhat-release-4AS-10.14.i386.rpm ia64: redhat-release-4AS-10.14.ia64.rpm x86_64: redhat-release-4AS-10.14.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: redhat-release-4ES-10.14.src.rpm i386: redhat-release-4ES-10.14.i386.rpm x86_64: redhat-release-4ES-10.14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYW1QQXlSAg2UNWIIRAvk/AJ4zfPjdBtHpNOYt+gDEUvDF7hvK3ACdGPAF 7h65r2h9l2bZtAehrkvTp58= =OuCL -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 22 04:20:09 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Dec 2016 04:20:09 +0000 Subject: [RHSA-2016:2997-01] Low: Red Hat Enterprise Linux 5 Three-Month Retirement Notice Message-ID: <201612220420.uBM4KA2G024887@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5 Three-Month Retirement Notice Advisory ID: RHSA-2016:2997-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2997.html Issue date: 2016-12-22 ===================================================================== 1. Summary: This is the Three-Month notification for the retirement of Red Hat Enterprise Linux 5. This notification applies only to those customers subscribed to the channel for Red Hat Enterprise Linux 5. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected Urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (under "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected Urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. Note that the RHEL 5 ELS Add-On is available for the x86 (32- and 64-bit) architecture only. The RHEL 5 ELS Add-On is not available for the Itanium architecture. To enjoy even more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Instructions for migrating from RHEL 5 to RHEL7 are available at https://access.redhat.com/articles/1211223. Red Hat also offers a Pre-upgrade Assistant tool to aid with the migration of RHEL 5 systems to RHEL 7. For more information about this tool, please see https://access.redhat.com/solutions/1468623. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: redhat-release-5Client-5.11.0.7.src.rpm i386: redhat-release-5Client-5.11.0.7.i386.rpm x86_64: redhat-release-5Client-5.11.0.7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: redhat-release-5Server-5.11.0.7.src.rpm i386: redhat-release-5Server-5.11.0.7.i386.rpm ia64: redhat-release-5Server-5.11.0.7.ia64.rpm ppc: redhat-release-5Server-5.11.0.7.ppc.rpm s390x: redhat-release-5Server-5.11.0.7.s390x.rpm x86_64: redhat-release-5Server-5.11.0.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ https://access.redhat.com/articles/64664 https://access.redhat.com/articles/1211223 https://access.redhat.com/solutions/1468623 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYW1RjXlSAg2UNWIIRAiOrAKCNsKoet13L38oWoOySzctvDFnbuACeOuym 3N4O/PlEQSvARwdi16paPWM= =Ouhe -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 22 04:22:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Dec 2016 04:22:35 +0000 Subject: [RHSA-2016:2998-01] Low: Red Hat Enterprise Linux 6.2 Advanced Mission Critical (AMC) One-Year Notice Message-ID: <201612220422.uBM4MafD021432@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.2 Advanced Mission Critical (AMC) One-Year Notice Advisory ID: RHSA-2016:2998-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2998.html Issue date: 2016-12-22 ===================================================================== 1. Summary: This is the One-Year notification for the retirement of Red Hat Enterprise Linux 6.2 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 6.2. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017. In addition, technical support through Red Hat's Customer Experience and Engagement will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.2 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: redhat-release-server-6Server-6.2.0.7.el6_2.src.rpm x86_64: redhat-release-server-6Server-6.2.0.7.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/articles/64664 https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYW1TOXlSAg2UNWIIRAno+AJ9SxTMhg3L9yyxeB8tOQPs8ZBY53ACgki7I vROGBCRNmJtXXC3ixGU46b8= =mmFC -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 29 18:09:31 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 Dec 2016 18:09:31 +0000 Subject: [RHSA-2016:2999-01] Low: Red Hat OpenShift Enterprise 2.x - End Of Life Notice Message-ID: <201612291809.uBTI9VDo002768@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat OpenShift Enterprise 2.x - End Of Life Notice Advisory ID: RHSA-2016:2999-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2999.html Issue date: 2016-12-29 ===================================================================== 1. Summary: This is the Final notification for the End of Production Phase 1 of Red Hat OpenShift Enterprise 2.x (2.0, 2.1 and 2.2). 2. Description: In accordance with the Red Hat OpenShift Enterprise Support Life Cycle Policy, support for OpenShift Enterprise 2.x (2.0, 2.1 and 2.2) will end on December 31, 2016. Red Hat will not provide extended support for this product. Customers are requested to migrate to a supported Red Hat OpenShift Enterprise product prior to the end of the life cycle for OpenShift Enterprise 2.x. After December 31, 2016, technical support through Red Hat's Global Support Services will no longer be provided. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 2.x to the latest version of Red Hat OpenShift Enterprise. Please contact your Red Hat account representative if you have questions and/or concerns on this matter. 3. Solution: Full details of the Red Hat OpenShift Enterprise Life Cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/openshift 4. Bugs fixed (https://bugzilla.redhat.com/): 1372036 - Red Hat OpenShift Enterprise 2.x - End Of Life Notice 5. References: https://access.redhat.com/security/updates/classification/#low 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYZVFVXlSAg2UNWIIRAgFbAJ0ZbO5JZgwZaNgn3RXif2ac8cxeGwCgwkPv WgaaoQCLkxpOBCxNmAyqMYQ= =5x57 -----END PGP SIGNATURE-----