From bugzilla at redhat.com Mon Feb 1 21:12:34 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Feb 2016 21:12:34 +0000 Subject: [RHSA-2016:0097-01] Moderate: redis security advisory Message-ID: <201602012112.u11LCYB6013605@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: redis security advisory Advisory ID: RHSA-2016:0097-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0097.html Issue date: 2016-02-01 CVE Names: CVE-2015-8080 ===================================================================== 1. Summary: Updated redis packages that fix a security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7 - x86_64 3. Description: Redis is an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, or sorted sets. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. (CVE-2015-8080) All users of redis are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1278965 - CVE-2015-8080 redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7: Source: redis-2.8.24-1.el7ost.src.rpm x86_64: redis-2.8.24-1.el7ost.x86_64.rpm redis-debuginfo-2.8.24-1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8080 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWr8okXlSAg2UNWIIRAnRvAJ0UGy22d5bMIrbhyaWXsjEds6sITgCgv7uo trKj5tnbIP1yv3ahG/Sp31o= =NQc0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 1 21:13:24 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Feb 2016 21:13:24 +0000 Subject: [RHSA-2016:0095-01] Moderate: redis security advisory Message-ID: <201602012113.u11LDPUK031193@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: redis security advisory Advisory ID: RHSA-2016:0095-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0095.html Issue date: 2016-02-01 CVE Names: CVE-2015-8080 ===================================================================== 1. Summary: Updated redis packages that fix a security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64 3. Description: Redis is an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, or sorted sets. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. (CVE-2015-8080) All users of redis are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1278965 - CVE-2015-8080 redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: redis-2.8.24-1.el7ost.src.rpm x86_64: redis-2.8.24-1.el7ost.x86_64.rpm redis-debuginfo-2.8.24-1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8080 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWr8paXlSAg2UNWIIRAveZAJ4zcjFzXL66C0Ua+i7SjO6KFBl4tgCcD5FE belYk8ghbRGvoCot/duqgFU= =40nf -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 1 21:14:59 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Feb 2016 21:14:59 +0000 Subject: [RHSA-2016:0096-01] Moderate: redis security advisory Message-ID: <201602012115.u11LExiM032041@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: redis security advisory Advisory ID: RHSA-2016:0096-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0096.html Issue date: 2016-02-01 CVE Names: CVE-2015-8080 ===================================================================== 1. Summary: Updated redis packages that fix a security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - x86_64 3. Description: Redis is an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, or sorted sets. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. (CVE-2015-8080) All users of redis are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1278965 - CVE-2015-8080 redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: redis-2.8.24-1.el7ost.src.rpm x86_64: redis-2.8.24-1.el7ost.x86_64.rpm redis-debuginfo-2.8.24-1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8080 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWr8qXXlSAg2UNWIIRAutjAJ0egO85oh4Zpm+b9LmqbhKpzXsJzQCfSJpI nMkOdehML0R5viHYuSYzzyw= =gtp1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 2 14:50:05 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Feb 2016 14:50:05 +0000 Subject: [RHSA-2016:0098-01] Critical: java-1.8.0-ibm security update Message-ID: <201602021450.u12Eo5Dv028401@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2016:0098-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0098.html Issue date: 2016-02-02 CVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 ===================================================================== 1. Summary: Updated java-1.8.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 8 SR2-FP10 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298949 - CVE-2016-0475 OpenJDK: PBE incorrect key lengths (Libraries, 8138589) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.2.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.2.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.ppc.rpm java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.2.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.ppc.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.2.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.2.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.2.10-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.2.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.2.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.2.10-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.s390.rpm java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.2.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.s390.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.2.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.2.10-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.2.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.2.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.2.10-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5041 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0475 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWsMICXlSAg2UNWIIRAsGsAJ4t9Ka4R3vL+LT4kvONlIMH6ZK5mwCgm82U edTf7O5p3gw4+XCHwzF2dGo= =a7A+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 2 14:51:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Feb 2016 14:51:27 +0000 Subject: [RHSA-2016:0099-01] Critical: java-1.7.1-ibm security update Message-ID: <201602021451.u12EpRog006493@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2016:0099-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0099.html Issue date: 2016-02-02 CVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 ===================================================================== 1. Summary: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3-FP30 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.i686.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.2.el6_7.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.30-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.30-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5041 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/cve/CVE-2015-8540 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWsMJfXlSAg2UNWIIRArTCAKCFip8hWmQOb8eehCM0Y8CLbk2B1ACbBc+i CzP3qtAPz0FpC4vXlhIcXOg= =235r -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 2 14:53:18 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Feb 2016 14:53:18 +0000 Subject: [RHSA-2016:0100-01] Critical: java-1.7.0-ibm security update Message-ID: <201602021453.u12ErI6a032094@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2016:0100-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0100.html Issue date: 2016-02-02 CVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9-FP30 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm ppc: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5041 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/cve/CVE-2015-8540 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWsMKEXlSAg2UNWIIRAqilAJ4sljRpJ9y1h2sYvEXd9W1WwJCvAACfWd/t e6w3NzuFQbPRSX3TR57CJAc= =aMV0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 2 14:54:23 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Feb 2016 14:54:23 +0000 Subject: [RHSA-2016:0101-01] Critical: java-1.6.0-ibm security update Message-ID: <201602021454.u12EsNw6000676@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2016:0101-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0101.html Issue date: 2016-02-02 CVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP20 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.20-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.20-1jpp.1.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5041 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/cve/CVE-2015-8540 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWsMMAXlSAg2UNWIIRAqCgAKCFaoQw87aLleznuzK8TZ7MUDFAtgCfaz7M vyUqj990s36hkTcd1nrSEPg= =tfuA -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 2 20:57:58 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Feb 2016 20:57:58 +0000 Subject: [RHSA-2016:0103-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201602022057.u12KvwOu018228@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:0103-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0103.html Issue date: 2016-02-02 CVE Names: CVE-2015-8104 CVE-2016-0728 CVE-2016-0774 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues, multiple bugs, and one enhancement are now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. (CVE-2015-8104, Important) * A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2016-0728, Important) * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) Red Hat would like to thank the Perception Point research team for reporting the CVE-2016-0728 issue. The security impact of the CVE-2016-0774 issue was discovered by Red Hat. Bug fixes: * NMI watchdog of guests using legacy LVT0-based NMI delivery did not work with APICv. Now, NMI works with LVT0 regardless of APICv. (BZ#1244726) * Parallel file-extending direct I/O writes could previously race to update the size of the file. If they executed out-of-order, the file size could move backwards and push a previously completed write beyond the end of the file, causing it to be lost. (BZ#1258942) * The GHES NMI handler had a global spin lock that significantly increased the latency of each perf sample collection. This update simplifies locking inside the handler. (BZ#1280200) * Sometimes, iptables rules are updated along with ip rules, and routes are reloaded. Previously, skb->sk was mistakenly attached to some IPv6 forwarding traffic packets, which could cause kernel panic. Now, such packets are checked and not processed. (BZ#1281700) * The NUMA node was not reported for PCI adapters, which affected every POWER system deployed with Red Hat Enterprise Linux 7 and caused significant decrease in the system performance. (BZ#1283525) * Processing packets with a lot of different IPv6 source addresses caused the kernel to return warnings concerning soft-lockups due to high lock contention and latency increase. (BZ#1285369) * Running edge triggered interrupts with an ack notifier when simultaneously reconfiguring the Intel I/O IOAPIC did not work correctly, so EOI in the interrupt did not cause a VM to exit if APICv was enabled. Consequently, the VM sometimes became unresponsive. (BZ#1287001) * Block device readahead was artificially limited, so the read performance was poor, especially on RAID devices. Now, per-device readahead limits are used for each device, which has improved read performance. (BZ#1287548) * Identical expectations could not be tracked simultaneously even if they resided in different connection tracking zones. Now, an expectation insert attempt is rejected only if the zone is also identical. (BZ#1290093) * The storvsc kernel driver for Microsoft Hyper-V storage was setting incorrect SRB flags, and Red Hat Enterprise Linux 7 guests running on Microsoft Hyper-V were experiencing slow I/O as well as I/O failures when they were connected to a virtual SAN. Now, SRB flags are set correctly. (BZ#1290095) * When a NUMA system with no memory in node 0 was used, the system terminated unexpectedly during boot or when using OpenVSwitch. Now, the kernel tries to allocate memory from other nodes when node 0 is not present. (BZ#1300950) Enhancement: * IPsec has been updated to provide many fixes and some enhancements. Of particular note is the ability to match on outgoing interfaces. (BZ#1287407) 4. Solution: All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1278496 - CVE-2015-8104 virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception 1297475 - CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility 1303961 - CVE-2016-0774 kernel: pipe buffer state corruption after unsuccessful atomic read from pipe 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.26.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.26.2.el7.noarch.rpm kernel-doc-3.10.0-229.26.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.26.2.el7.x86_64.rpm kernel-debug-3.10.0-229.26.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.26.2.el7.x86_64.rpm kernel-devel-3.10.0-229.26.2.el7.x86_64.rpm kernel-headers-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.26.2.el7.x86_64.rpm perf-3.10.0-229.26.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.26.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm python-perf-3.10.0-229.26.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.26.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.26.2.el7.noarch.rpm kernel-doc-3.10.0-229.26.2.el7.noarch.rpm ppc64: kernel-3.10.0-229.26.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.26.2.el7.ppc64.rpm kernel-debug-3.10.0-229.26.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.26.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.26.2.el7.ppc64.rpm kernel-devel-3.10.0-229.26.2.el7.ppc64.rpm kernel-headers-3.10.0-229.26.2.el7.ppc64.rpm kernel-tools-3.10.0-229.26.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.26.2.el7.ppc64.rpm perf-3.10.0-229.26.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm s390x: kernel-3.10.0-229.26.2.el7.s390x.rpm kernel-debug-3.10.0-229.26.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.26.2.el7.s390x.rpm kernel-debug-devel-3.10.0-229.26.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.26.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.26.2.el7.s390x.rpm kernel-devel-3.10.0-229.26.2.el7.s390x.rpm kernel-headers-3.10.0-229.26.2.el7.s390x.rpm kernel-kdump-3.10.0-229.26.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.26.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.26.2.el7.s390x.rpm perf-3.10.0-229.26.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.26.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.s390x.rpm x86_64: kernel-3.10.0-229.26.2.el7.x86_64.rpm kernel-debug-3.10.0-229.26.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.26.2.el7.x86_64.rpm kernel-devel-3.10.0-229.26.2.el7.x86_64.rpm kernel-headers-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.26.2.el7.x86_64.rpm perf-3.10.0-229.26.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.26.2.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.26.2.ael7b.noarch.rpm kernel-doc-3.10.0-229.26.2.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.26.2.ael7b.ppc64le.rpm perf-3.10.0-229.26.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.26.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.26.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm python-perf-3.10.0-229.26.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.26.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.26.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.26.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.26.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.26.2.el7.s390x.rpm python-perf-3.10.0-229.26.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.26.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm python-perf-3.10.0-229.26.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.26.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.26.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm python-perf-3.10.0-229.26.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.26.2.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8104 https://access.redhat.com/security/cve/CVE-2016-0728 https://access.redhat.com/security/cve/CVE-2016-0774 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWsRgRXlSAg2UNWIIRAsuoAJ9mnI1BiwR8EIbz4ftpTIHLgMb7uACgupNa ZLhiq2N2Uby2QzMRLTMeMXM= =H7xL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 8 04:48:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Feb 2016 04:48:17 +0000 Subject: [RHSA-2016:0126-01] Moderate: openstack-swift security update Message-ID: <201602080448.u184mQUB015838@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2016:0126-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0126.html Issue date: 2016-02-08 CVE Names: CVE-2016-0737 CVE-2016-0738 ===================================================================== 1. Summary: Updated openstack-swift packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage (swift), in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0738) A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0737) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Romain Le Disez from OVH and ?rjan Persson from Kiliaro as the original reporters. All users of openstack-swift are advised to upgrade to these updated packages, which correct these issues. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298905 - CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects 1298924 - CVE-2016-0737 openstack-swift: Client to proxy DoS through Large Objects 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-swift-1.13.1-8.el6ost.src.rpm noarch: openstack-swift-1.13.1-8.el6ost.noarch.rpm openstack-swift-account-1.13.1-8.el6ost.noarch.rpm openstack-swift-container-1.13.1-8.el6ost.noarch.rpm openstack-swift-doc-1.13.1-8.el6ost.noarch.rpm openstack-swift-object-1.13.1-8.el6ost.noarch.rpm openstack-swift-proxy-1.13.1-8.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0737 https://access.redhat.com/security/cve/CVE-2016-0738 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWuB1RXlSAg2UNWIIRAks2AJ0U8AAwBV0ZBajdj8khFy//ltR7WQCgwAHM q/qYsJt2iVIDRbBgT0+sDH4= =SSw9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 8 04:49:20 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Feb 2016 04:49:20 +0000 Subject: [RHSA-2016:0128-01] Moderate: openstack-swift security update Message-ID: <201602080449.u184nKP6016051@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2016:0128-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0128.html Issue date: 2016-02-08 CVE Names: CVE-2016-0737 CVE-2016-0738 ===================================================================== 1. Summary: Updated openstack-swift packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage (swift), in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0738) A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0737) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Romain Le Disez from OVH and ?rjan Persson from Kiliaro as the original reporters. All users of openstack-swift are advised to upgrade to these updated packages, which correct these issues. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298905 - CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects 1298924 - CVE-2016-0737 openstack-swift: Client to proxy DoS through Large Objects 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-swift-2.2.0-6.el7ost.src.rpm noarch: openstack-swift-2.2.0-6.el7ost.noarch.rpm openstack-swift-account-2.2.0-6.el7ost.noarch.rpm openstack-swift-container-2.2.0-6.el7ost.noarch.rpm openstack-swift-doc-2.2.0-6.el7ost.noarch.rpm openstack-swift-object-2.2.0-6.el7ost.noarch.rpm openstack-swift-proxy-2.2.0-6.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0737 https://access.redhat.com/security/cve/CVE-2016-0738 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWuB4zXlSAg2UNWIIRAiPSAJ49QbiZ3zFK/ACOL+NbvYTy3BhhqACfZAph M/anGkKilZbRxAN3WrpDJig= =ARzY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 8 04:51:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Feb 2016 04:51:35 +0000 Subject: [RHSA-2016:0127-01] Moderate: openstack-swift security update Message-ID: <201602080451.u184pZId011882@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2016:0127-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0127.html Issue date: 2016-02-08 CVE Names: CVE-2016-0737 CVE-2016-0738 ===================================================================== 1. Summary: Updated openstack-swift packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage (swift), in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0738) A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0737) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Romain Le Disez from OVH and ?rjan Persson from Kiliaro as the original reporters. All users of openstack-swift are advised to upgrade to these updated packages, which correct these issues. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298905 - CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects 1298924 - CVE-2016-0737 openstack-swift: Client to proxy DoS through Large Objects 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-swift-1.13.1-8.el7ost.src.rpm noarch: openstack-swift-1.13.1-8.el7ost.noarch.rpm openstack-swift-account-1.13.1-8.el7ost.noarch.rpm openstack-swift-container-1.13.1-8.el7ost.noarch.rpm openstack-swift-doc-1.13.1-8.el7ost.noarch.rpm openstack-swift-object-1.13.1-8.el7ost.noarch.rpm openstack-swift-proxy-1.13.1-8.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0737 https://access.redhat.com/security/cve/CVE-2016-0738 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWuB5wXlSAg2UNWIIRAj7KAJ0YyiSONzP6j+ZPedTBnDU3+Ng3uACfcaeU OZF6wGT5DjzkIkQGA5jzr0o= =xcD8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 8 08:05:11 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Feb 2016 08:05:11 +0000 Subject: [RHSA-2016:0129-01] Moderate: python-django security update Message-ID: <201602080805.u1885BES028266@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0129-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0129.html Issue date: 2016-02-08 CVE Names: CVE-2015-8213 ===================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. (CVE-2015-8213) Red Hat would like to thank the Django project for reporting this issue. Upstream acknowledges Ryan Butterfield as the original reporter. All python-django users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1283553 - CVE-2015-8213 python-django: Information leak through date template filter 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: python-django-1.6.11-4.el7ost.src.rpm noarch: python-django-1.6.11-4.el7ost.noarch.rpm python-django-bash-completion-1.6.11-4.el7ost.noarch.rpm python-django-doc-1.6.11-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8213 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWuEwsXlSAg2UNWIIRAtKmAJ9d/v5+O21ZjrkahAtOZZtJg9nMOQCgiJLR 45AZUjDFdv9pOstjGbYFMNE= =gWAz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 9 12:03:46 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Feb 2016 12:03:46 +0000 Subject: [RHSA-2016:0152-01] Moderate: sos security and bug fix update Message-ID: <201602091203.u19C3kOh021758@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sos security and bug fix update Advisory ID: RHSA-2016:0152-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0152.html Issue date: 2016-02-09 CVE Names: CVE-2015-7529 ===================================================================== 1. Summary: An updated sos package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bug: * Previously, when the hpasm plug-in ran the "hpasmcli" command in a Python Popen constructor or a system pipeline, the command would hang and eventually time out after 300 seconds. Sos was forced to wait for the time out to finish, unnecessarily prolonging its run time. With this update, the timeout of the "hpasmcli" command has been set to 0, eliminating the delay and speeding up sos completion time. (BZ#1291828) All sos users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1282542 - CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7529 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWudWOXlSAg2UNWIIRApwBAKCk6r8WO17eyHXa/YGiTFMoFsv3GQCgxH1W QBZay53eiKbmOXKp/d3aB1Y= =cVZa -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 9 21:02:34 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Feb 2016 21:02:34 +0000 Subject: [RHSA-2016:0155-01] Moderate: openstack-swift security update Message-ID: <201602092102.u19L2enf019809@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2016:0155-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0155.html Issue date: 2016-02-09 CVE Names: CVE-2016-0737 CVE-2016-0738 ===================================================================== 1. Summary: Updated openstack-swift packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage (swift), in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0738) A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. (CVE-2016-0737) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Romain Le Disez from OVH and ?rjan Persson from Kiliaro as the original reporters. All users of openstack-swift are advised to upgrade to these updated packages, which correct these issues. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298905 - CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects 1298924 - CVE-2016-0737 openstack-swift: Client to proxy DoS through Large Objects 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-swift-2.3.0-3.el7ost.src.rpm noarch: openstack-swift-2.3.0-3.el7ost.noarch.rpm openstack-swift-account-2.3.0-3.el7ost.noarch.rpm openstack-swift-container-2.3.0-3.el7ost.noarch.rpm openstack-swift-doc-2.3.0-3.el7ost.noarch.rpm openstack-swift-object-2.3.0-3.el7ost.noarch.rpm openstack-swift-proxy-2.3.0-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0737 https://access.redhat.com/security/cve/CVE-2016-0738 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWulPDXlSAg2UNWIIRAtdvAKCuQ/q9DhiQ57bbMwUbiTH+r9NBmgCeKmzw hcU+TA2Hd+GYDb27EIDZBKo= =A7/F -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 10 01:29:37 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Feb 2016 01:29:37 +0000 Subject: [RHSA-2016:0156-01] Moderate: python-django security update Message-ID: <201602100129.u1A1Tb8S008368@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0156-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0156.html Issue date: 2016-02-10 CVE Names: CVE-2015-8213 ===================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. (CVE-2015-8213) Red Hat would like to thank the Django project for reporting this issue. Upstream acknowledges Ryan Butterfield as the original reporter. All python-django users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1283553 - CVE-2015-8213 python-django: Information leak through date template filter 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: python-django-1.8.7-1.el7.src.rpm noarch: python-django-1.8.7-1.el7.noarch.rpm python-django-bash-completion-1.8.7-1.el7.noarch.rpm python-django-doc-1.8.7-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8213 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWupJxXlSAg2UNWIIRAp/FAJ98UafVVrTgAYq+QMX8bbs/ddUCQwCfX3jQ whMW4xI3o7RcFMILqIsRF+I= =qpGd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 10 01:30:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Feb 2016 01:30:13 +0000 Subject: [RHSA-2016:0157-01] Moderate: python-django security update Message-ID: <201602100130.u1A1UDeY003266@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0157-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0157.html Issue date: 2016-02-10 CVE Names: CVE-2015-8213 ===================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. (CVE-2015-8213) Red Hat would like to thank the Django project for reporting this issue. Upstream acknowledges Ryan Butterfield as the original reporter. All python-django users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1283553 - CVE-2015-8213 python-django: Information leak through date template filter 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: python-django-1.6.11-4.el7ost.src.rpm noarch: python-django-1.6.11-4.el7ost.noarch.rpm python-django-bash-completion-1.6.11-4.el7ost.noarch.rpm python-django-doc-1.6.11-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8213 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWupKYXlSAg2UNWIIRAh3FAJ9N+Ug3UKuBHIQf48AQ6zqVKQtw+gCgrkII +QTePcp3qylbWs3eVvmOjds= =hi6/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 10 01:31:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Feb 2016 01:31:04 +0000 Subject: [RHSA-2016:0158-01] Moderate: python-django security update Message-ID: <201602100131.u1A1V4Ki017218@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0158-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0158.html Issue date: 2016-02-10 CVE Names: CVE-2015-8213 ===================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. (CVE-2015-8213) Red Hat would like to thank the Django project for reporting this issue. Upstream acknowledges Ryan Butterfield as the original reporter. All python-django users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1283553 - CVE-2015-8213 python-django: Information leak through date template filter 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: python-django-1.6.11-4.el6ost.src.rpm noarch: python-django-1.6.11-4.el6ost.noarch.rpm python-django-bash-completion-1.6.11-4.el6ost.noarch.rpm python-django-doc-1.6.11-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8213 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWupLOXlSAg2UNWIIRApylAKCvXr9RfOJoXXMA4YyhHc5hPAE29ACaA68p DEk7dBpkEAN/Mdu0ik85pTk= =1FK8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 10 21:12:45 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Feb 2016 21:12:45 +0000 Subject: [RHSA-2016:0166-01] Critical: flash-plugin security update Message-ID: <201602102112.u1ALCjXx007624@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0166-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0166.html Issue date: 2016-02-10 CVE Names: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.569. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1306015 - flash-plugin: multiple code execution issues fixed in APSB16-04 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.569-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.569-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.569-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.569-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.569-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0964 https://access.redhat.com/security/cve/CVE-2016-0965 https://access.redhat.com/security/cve/CVE-2016-0966 https://access.redhat.com/security/cve/CVE-2016-0967 https://access.redhat.com/security/cve/CVE-2016-0968 https://access.redhat.com/security/cve/CVE-2016-0969 https://access.redhat.com/security/cve/CVE-2016-0970 https://access.redhat.com/security/cve/CVE-2016-0971 https://access.redhat.com/security/cve/CVE-2016-0972 https://access.redhat.com/security/cve/CVE-2016-0973 https://access.redhat.com/security/cve/CVE-2016-0974 https://access.redhat.com/security/cve/CVE-2016-0975 https://access.redhat.com/security/cve/CVE-2016-0976 https://access.redhat.com/security/cve/CVE-2016-0977 https://access.redhat.com/security/cve/CVE-2016-0978 https://access.redhat.com/security/cve/CVE-2016-0979 https://access.redhat.com/security/cve/CVE-2016-0980 https://access.redhat.com/security/cve/CVE-2016-0981 https://access.redhat.com/security/cve/CVE-2016-0982 https://access.redhat.com/security/cve/CVE-2016-0983 https://access.redhat.com/security/cve/CVE-2016-0984 https://access.redhat.com/security/cve/CVE-2016-0985 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-04.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWu6e/XlSAg2UNWIIRAjmUAKCGpUXzgRVrT3PakYJ2DXND2WjYigCeN69a BqfeXKQ7gO6znLLAPjMjwBk= =bzir -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 11:15:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 11:15:35 +0000 Subject: [RHSA-2016:0197-01] Critical: firefox security update Message-ID: <201602161115.u1GBFabG026850@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:0197-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0197.html Issue date: 2016-02-16 CVE Names: CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523) All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1305805 - CVE-2016-1521 graphite2: Out-of-bound read vulnerability triggered by crafted fonts 1305810 - CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities 1305813 - CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality 1306496 - Mozilla: Vulnerabilities in Graphite 2 (MFSA 2016-14) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-38.6.1-1.el5_11.src.rpm i386: firefox-38.6.1-1.el5_11.i386.rpm firefox-debuginfo-38.6.1-1.el5_11.i386.rpm x86_64: firefox-38.6.1-1.el5_11.i386.rpm firefox-38.6.1-1.el5_11.x86_64.rpm firefox-debuginfo-38.6.1-1.el5_11.i386.rpm firefox-debuginfo-38.6.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-38.6.1-1.el5_11.src.rpm i386: firefox-38.6.1-1.el5_11.i386.rpm firefox-debuginfo-38.6.1-1.el5_11.i386.rpm ppc: firefox-38.6.1-1.el5_11.ppc64.rpm firefox-debuginfo-38.6.1-1.el5_11.ppc64.rpm s390x: firefox-38.6.1-1.el5_11.s390.rpm firefox-38.6.1-1.el5_11.s390x.rpm firefox-debuginfo-38.6.1-1.el5_11.s390.rpm firefox-debuginfo-38.6.1-1.el5_11.s390x.rpm x86_64: firefox-38.6.1-1.el5_11.i386.rpm firefox-38.6.1-1.el5_11.x86_64.rpm firefox-debuginfo-38.6.1-1.el5_11.i386.rpm firefox-debuginfo-38.6.1-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-38.6.1-1.el6_7.src.rpm i386: firefox-38.6.1-1.el6_7.i686.rpm firefox-debuginfo-38.6.1-1.el6_7.i686.rpm x86_64: firefox-38.6.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.6.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-38.6.1-1.el6_7.i686.rpm firefox-debuginfo-38.6.1-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-38.6.1-1.el6_7.src.rpm x86_64: firefox-38.6.1-1.el6_7.i686.rpm firefox-38.6.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.6.1-1.el6_7.i686.rpm firefox-debuginfo-38.6.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-38.6.1-1.el6_7.src.rpm i386: firefox-38.6.1-1.el6_7.i686.rpm firefox-debuginfo-38.6.1-1.el6_7.i686.rpm ppc64: firefox-38.6.1-1.el6_7.ppc64.rpm firefox-debuginfo-38.6.1-1.el6_7.ppc64.rpm s390x: firefox-38.6.1-1.el6_7.s390x.rpm firefox-debuginfo-38.6.1-1.el6_7.s390x.rpm x86_64: firefox-38.6.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.6.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-38.6.1-1.el6_7.ppc.rpm firefox-debuginfo-38.6.1-1.el6_7.ppc.rpm s390x: firefox-38.6.1-1.el6_7.s390.rpm firefox-debuginfo-38.6.1-1.el6_7.s390.rpm x86_64: firefox-38.6.1-1.el6_7.i686.rpm firefox-debuginfo-38.6.1-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-38.6.1-1.el6_7.src.rpm i386: firefox-38.6.1-1.el6_7.i686.rpm firefox-debuginfo-38.6.1-1.el6_7.i686.rpm x86_64: firefox-38.6.1-1.el6_7.x86_64.rpm firefox-debuginfo-38.6.1-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-38.6.1-1.el6_7.i686.rpm firefox-debuginfo-38.6.1-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-38.6.1-1.el7_2.src.rpm x86_64: firefox-38.6.1-1.el7_2.x86_64.rpm firefox-debuginfo-38.6.1-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-38.6.1-1.el7_2.i686.rpm firefox-debuginfo-38.6.1-1.el7_2.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.6.1-1.el7_2.src.rpm ppc64: firefox-38.6.1-1.el7_2.ppc64.rpm firefox-debuginfo-38.6.1-1.el7_2.ppc64.rpm ppc64le: firefox-38.6.1-1.el7_2.ppc64le.rpm firefox-debuginfo-38.6.1-1.el7_2.ppc64le.rpm s390x: firefox-38.6.1-1.el7_2.s390x.rpm firefox-debuginfo-38.6.1-1.el7_2.s390x.rpm x86_64: firefox-38.6.1-1.el7_2.x86_64.rpm firefox-debuginfo-38.6.1-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-38.6.1-1.el7_2.ppc.rpm firefox-debuginfo-38.6.1-1.el7_2.ppc.rpm s390x: firefox-38.6.1-1.el7_2.s390.rpm firefox-debuginfo-38.6.1-1.el7_2.s390.rpm x86_64: firefox-38.6.1-1.el7_2.i686.rpm firefox-debuginfo-38.6.1-1.el7_2.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-38.6.1-1.el7_2.src.rpm x86_64: firefox-38.6.1-1.el7_2.x86_64.rpm firefox-debuginfo-38.6.1-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-38.6.1-1.el7_2.i686.rpm firefox-debuginfo-38.6.1-1.el7_2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1521 https://access.redhat.com/security/cve/CVE-2016-1522 https://access.redhat.com/security/cve/CVE-2016-1523 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/security/announce/2016/mfsa2016-14.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWwwSAXlSAg2UNWIIRAs5YAJ9C+O0vrWxKSTG/B8V38okWqs0vYACeJQUS LTaIEgKKdee6SolXfO7/xrI= =MRQP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 13:25:26 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 13:25:26 +0000 Subject: [RHSA-2016:0185-01] Important: kernel security and bug fix update Message-ID: <201602161325.u1GDPQ0k021836@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:0185-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0185.html Issue date: 2016-02-16 CVE Names: CVE-2015-5157 CVE-2015-7872 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-7872, Important) * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157, Moderate) This update also fixes the following bugs: * Previously, processing packets with a lot of different IPv6 source addresses caused the kernel to return warnings concerning soft-lockups due to high lock contention and latency increase. With this update, lock contention is reduced by backing off concurrent waiting threads on the lock. As a result, the kernel no longer issues warnings in the described scenario. (BZ#1285370) * Prior to this update, block device readahead was artificially limited. As a consequence, the read performance was poor, especially on RAID devices. Now, per-device readahead limits are used for each device instead of a global limit. As a result, read performance has improved, especially on RAID devices. (BZ#1287550) * After injecting an EEH error, the host was previously not recovering and observing I/O hangs in HTX tool logs. This update makes sure that when one or both of EEH_STATE_MMIO_ACTIVE and EEH_STATE_MMIO_ENABLED flags is marked in the PE state, the PE's IO path is regarded as enabled as well. As a result, the host no longer hangs and recovers as expected. (BZ#1289101) * The genwqe device driver was previously using the GFP_ATOMIC flag for allocating consecutive memory pages from the kernel's atomic memory pool, even in non-atomic situations. This could lead to allocation failures during memory pressure. With this update, the genwqe driver's memory allocations use the GFP_KERNEL flag, and the driver can allocate memory even during memory pressure situations. (BZ#1289450) * The nx842 co-processor for IBM Power Systems could in some circumstances provide invalid data due to a data corruption bug during uncompression. With this update, all compression and uncompression calls to the nx842 co-processor contain a cyclic redundancy check (CRC) flag, which forces all compression and uncompression operations to check data integrity and prevents the co-processor from providing corrupted data. (BZ#1289451) * A failed "updatepp" operation on the little-endian variant of IBM Power Systems could previously cause a wrong hash value to be used for the next hash insert operation in the page table. This could result in a missing hash pte update or invalidate operation, potentially causing memory corruption. With this update, the hash value is always recalculated after a failed "updatepp" operation, avoiding memory corruption. (BZ#1289452) * Large Receive Offload (LRO) flag disabling was not being propagated downwards from above devices in vlan and bond hierarchy, breaking the flow of traffic. This problem has been fixed and LRO flags now propagate correctly. (BZ#1292072) * Due to rounding errors in the CPU frequency of the intel_pstate driver, the CPU frequency never reached the value requested by the user. A kernel patch has been applied to fix these rounding errors. (BZ#1296276) * When running several containers (up to 100), reports of hung tasks were previously reported. This update fixes the AB-BA deadlock in the dm_destroy() function, and the hung reports no longer occur. (BZ#1296566) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1259577 - CVE-2015-5157 kernel: x86-64: IRET faults during NMIs processing 1272371 - CVE-2015-7872 kernel: Keyrings crash triggerable by unprivileged user 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-327.10.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.10.1.el7.noarch.rpm kernel-doc-3.10.0-327.10.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-headers-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.10.1.el7.x86_64.rpm perf-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-327.10.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.10.1.el7.noarch.rpm kernel-doc-3.10.0-327.10.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-headers-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.10.1.el7.x86_64.rpm perf-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-327.10.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.10.1.el7.noarch.rpm kernel-doc-3.10.0-327.10.1.el7.noarch.rpm ppc64: kernel-3.10.0-327.10.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-327.10.1.el7.ppc64.rpm kernel-debug-3.10.0-327.10.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-327.10.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.10.1.el7.ppc64.rpm kernel-devel-3.10.0-327.10.1.el7.ppc64.rpm kernel-headers-3.10.0-327.10.1.el7.ppc64.rpm kernel-tools-3.10.0-327.10.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-327.10.1.el7.ppc64.rpm perf-3.10.0-327.10.1.el7.ppc64.rpm perf-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm python-perf-3.10.0-327.10.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-327.10.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.10.1.el7.ppc64le.rpm kernel-debug-3.10.0-327.10.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.10.1.el7.ppc64le.rpm kernel-devel-3.10.0-327.10.1.el7.ppc64le.rpm kernel-headers-3.10.0-327.10.1.el7.ppc64le.rpm kernel-tools-3.10.0-327.10.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.10.1.el7.ppc64le.rpm perf-3.10.0-327.10.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm python-perf-3.10.0-327.10.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm s390x: kernel-3.10.0-327.10.1.el7.s390x.rpm kernel-debug-3.10.0-327.10.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-327.10.1.el7.s390x.rpm kernel-debug-devel-3.10.0-327.10.1.el7.s390x.rpm kernel-debuginfo-3.10.0-327.10.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-327.10.1.el7.s390x.rpm kernel-devel-3.10.0-327.10.1.el7.s390x.rpm kernel-headers-3.10.0-327.10.1.el7.s390x.rpm kernel-kdump-3.10.0-327.10.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-327.10.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-327.10.1.el7.s390x.rpm perf-3.10.0-327.10.1.el7.s390x.rpm perf-debuginfo-3.10.0-327.10.1.el7.s390x.rpm python-perf-3.10.0-327.10.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.s390x.rpm x86_64: kernel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-headers-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.10.1.el7.x86_64.rpm perf-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.10.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-327.10.1.el7.ppc64.rpm perf-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.10.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.10.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.10.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-327.10.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.10.1.el7.noarch.rpm kernel-doc-3.10.0-327.10.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-devel-3.10.0-327.10.1.el7.x86_64.rpm kernel-headers-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.10.1.el7.x86_64.rpm perf-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.10.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.10.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5157 https://access.redhat.com/security/cve/CVE-2015-7872 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWwyLbXlSAg2UNWIIRAgxrAKCtgSp0IG2VRgkKgqz9sZZG53TswgCfapXF 7d2BElAqDl89HA698MnHeP0= =0swE -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 13:26:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 13:26:33 +0000 Subject: [RHSA-2016:0188-01] Moderate: sos security and bug fix update Message-ID: <201602161326.u1GDQYmn012574@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sos security and bug fix update Advisory ID: RHSA-2016:0188-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0188.html Issue date: 2016-02-16 CVE Names: CVE-2015-7529 ===================================================================== 1. Summary: An updated sos package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bug: * Previously, the sosreport tool was not collecting the /var/lib/ceph and /var/run/ceph directories when run with the ceph plug-in enabled, causing the generated sosreport archive to miss vital troubleshooting information about ceph. With this update, the ceph plug-in for sosreport collects these directories, and the generated report contains more useful information. (BZ#1291347) All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1282542 - CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7529 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWwyNmXlSAg2UNWIIRAnO4AJ9fvNiKZWXt7tNmZckGj+ZwbEg7yQCdF6tc BccFgLAKTertp7JAVc2ITDc= =q6c8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 13:27:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 13:27:53 +0000 Subject: [RHSA-2016:0189-01] Moderate: polkit security update Message-ID: <201602161327.u1GDRrVv023529@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: polkit security update Advisory ID: RHSA-2016:0189-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0189.html Issue date: 2016-02-16 CVE Names: CVE-2015-3256 ===================================================================== 1. Summary: Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: PolicyKit is a toolkit for defining and handling authorizations. A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash. (CVE-2015-3256) All polkit users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1245684 - CVE-2015-3256 polkit: Memory corruption via javascript rule evaluation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: polkit-0.112-6.el7_2.src.rpm x86_64: polkit-0.112-6.el7_2.i686.rpm polkit-0.112-6.el7_2.x86_64.rpm polkit-debuginfo-0.112-6.el7_2.i686.rpm polkit-debuginfo-0.112-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: polkit-docs-0.112-6.el7_2.noarch.rpm x86_64: polkit-debuginfo-0.112-6.el7_2.i686.rpm polkit-debuginfo-0.112-6.el7_2.x86_64.rpm polkit-devel-0.112-6.el7_2.i686.rpm polkit-devel-0.112-6.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: polkit-0.112-6.el7_2.src.rpm x86_64: polkit-0.112-6.el7_2.i686.rpm polkit-0.112-6.el7_2.x86_64.rpm polkit-debuginfo-0.112-6.el7_2.i686.rpm polkit-debuginfo-0.112-6.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: polkit-docs-0.112-6.el7_2.noarch.rpm x86_64: polkit-debuginfo-0.112-6.el7_2.i686.rpm polkit-debuginfo-0.112-6.el7_2.x86_64.rpm polkit-devel-0.112-6.el7_2.i686.rpm polkit-devel-0.112-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: polkit-0.112-6.el7_2.src.rpm noarch: polkit-docs-0.112-6.el7_2.noarch.rpm ppc64: polkit-0.112-6.el7_2.ppc.rpm polkit-0.112-6.el7_2.ppc64.rpm polkit-debuginfo-0.112-6.el7_2.ppc.rpm polkit-debuginfo-0.112-6.el7_2.ppc64.rpm polkit-devel-0.112-6.el7_2.ppc.rpm polkit-devel-0.112-6.el7_2.ppc64.rpm ppc64le: polkit-0.112-6.el7_2.ppc64le.rpm polkit-debuginfo-0.112-6.el7_2.ppc64le.rpm polkit-devel-0.112-6.el7_2.ppc64le.rpm s390x: polkit-0.112-6.el7_2.s390.rpm polkit-0.112-6.el7_2.s390x.rpm polkit-debuginfo-0.112-6.el7_2.s390.rpm polkit-debuginfo-0.112-6.el7_2.s390x.rpm polkit-devel-0.112-6.el7_2.s390.rpm polkit-devel-0.112-6.el7_2.s390x.rpm x86_64: polkit-0.112-6.el7_2.i686.rpm polkit-0.112-6.el7_2.x86_64.rpm polkit-debuginfo-0.112-6.el7_2.i686.rpm polkit-debuginfo-0.112-6.el7_2.x86_64.rpm polkit-devel-0.112-6.el7_2.i686.rpm polkit-devel-0.112-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: polkit-0.112-6.el7_2.src.rpm noarch: polkit-docs-0.112-6.el7_2.noarch.rpm x86_64: polkit-0.112-6.el7_2.i686.rpm polkit-0.112-6.el7_2.x86_64.rpm polkit-debuginfo-0.112-6.el7_2.i686.rpm polkit-debuginfo-0.112-6.el7_2.x86_64.rpm polkit-devel-0.112-6.el7_2.i686.rpm polkit-devel-0.112-6.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3256 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWwyOyXlSAg2UNWIIRAuSgAJ4lfCDrb4Xwe4dncC9LaF47Vdpy1gCfSOVa UCCbtlqa2plEEoP+5AdJGWU= =eVWD -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 13:28:43 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 13:28:43 +0000 Subject: [RHSA-2016:0204-01] Important: 389-ds-base security and bug fix update Message-ID: <201602161328.u1GDShqp021340@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: 389-ds-base security and bug fix update Advisory ID: RHSA-2016:0204-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0204.html Issue date: 2016-02-16 CVE Names: CVE-2016-0741 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service). (CVE-2016-0741) This update fixes the following bugs: * Previously, if a simple paged results search failed in the back end, the simple paged results slot was not released. Consequently, the simple paged results slots in a connection object could be accumulated. With this update, the simple paged results slot is released correctly when a search fails, and unused simple paged results slots are no longer left in a connection object. (BZ#1290725) * Previously, when several values of the same attribute were deleted using the ldapmodify command, and at least one of them was added again during the same operation, the equality index was not updated. As a consequence, an exact search for the re-added attribute value did not return the entry. The logic of the index code has been modified to update the index if at least one of the values in the entry changes, and the exact search for the re-added attribute value now returns the correct entry. (BZ#1290726) * Prior to this update, when the cleanAllRUV task was running, a bogus attrlist_replace error message was logged repeatedly due to a memory corruption. With this update, the appropriate memory copy function memmove is used, which fixes the memory corruption. As a result, the error messages are no longer logged in this scenario. (BZ#1295684) * To fix a simple paged results bug, an exclusive lock on a connection was previously added. This consequently caused a self deadlock in a particular case. With this update, the exclusive lock on a connection has been changed to the re-entrant type, and the self deadlock no longer occurs. (BZ#1298105) * Previously, an unnecessary lock was sometimes acquired on a connection object, which could consequently cause a deadlock. A patch has been applied to remove the unnecessary locking, and the deadlock no longer occurs. (BZ#1299346) Users of 389-ds-base are advised to upgrade to these updated packages, which correct these issues. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1290725 - SimplePagedResults -- in the search error case, simple paged results slot was not released. 1290726 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation 1295684 - many attrlist_replace errors in connection with cleanallruv 1299346 - deadlock on connection mutex 1299416 - CVE-2016-0741 389-ds-base: worker threads do not detect abnormally closed connections causing DoS 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: 389-ds-base-1.3.4.0-26.el7_2.src.rpm x86_64: 389-ds-base-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-debuginfo-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-devel-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: 389-ds-base-1.3.4.0-26.el7_2.src.rpm x86_64: 389-ds-base-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-debuginfo-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-devel-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: 389-ds-base-1.3.4.0-26.el7_2.src.rpm ppc64le: 389-ds-base-1.3.4.0-26.el7_2.ppc64le.rpm 389-ds-base-debuginfo-1.3.4.0-26.el7_2.ppc64le.rpm 389-ds-base-libs-1.3.4.0-26.el7_2.ppc64le.rpm x86_64: 389-ds-base-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-debuginfo-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: 389-ds-base-debuginfo-1.3.4.0-26.el7_2.ppc64le.rpm 389-ds-base-devel-1.3.4.0-26.el7_2.ppc64le.rpm x86_64: 389-ds-base-debuginfo-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-devel-1.3.4.0-26.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: 389-ds-base-1.3.4.0-26.el7_2.src.rpm x86_64: 389-ds-base-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-debuginfo-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: 389-ds-base-debuginfo-1.3.4.0-26.el7_2.x86_64.rpm 389-ds-base-devel-1.3.4.0-26.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0741 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWwyP0XlSAg2UNWIIRAk1XAJ9wLhd9CR6Yp07m9KM395nCZkWLXQCfas4M gTXdY+3jlwBM9R2+Zn3hGoc= =hCR4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 13:30:14 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 13:30:14 +0000 Subject: [RHSA-2016:0212-01] Important: kernel-rt security, bug fix, and enhancement update Message-ID: <201602161330.u1GDUElq022368@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2016:0212-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0212.html Issue date: 2016-02-16 CVE Names: CVE-2015-5157 CVE-2015-7872 ===================================================================== 1. Summary: Updated kernel-rt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-7872, Important) * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157, Moderate) The kernel-rt packages have been upgraded to version 3.10.0-327.10.1, which provides a number of bug fixes and enhancements, including: * [md] dm: fix AB-BA deadlock in __dm_destroy() * [md] revert "dm-mpath: fix stalls when handling invalid ioctl * [cpufreq] intel_pstate: Fix limits->max_perf and limits->max_policy_pct rounding errors * [cpufreq] revert "intel_pstate: fix rounding error in max_freq_pct" * [crypto] nx: 842 - Add CRC and validation support * [of] return NUMA_NO_NODE from fallback of_node_to_nid() (BZ#1282591) This update also fixes the following bugs: * Because the realtime kernel replaces most of the spinlocks with rtmutexes, the locking scheme used in both NAPI polling and busy polling could become out of synchronization with the State Machine they protected. This could cause system performance degradation or even a livelock situation when a machine with faster NICs (10g or 40g) was subject to a heavy pressure receiving network packets. The locking schemes on NAPI polling and busy polling routines have been hardened to enforce the State machine sanity to help ensure the system continues to function properly under pressure. (BZ#1293230) * A possible livelock in the NAPI polling and busy polling routines could lead the system to a livelock on threads running at high, realtime, priorities. The threads running at priorities lower than the ones of the threads involved in the livelock were prevented from running on the CPUs affected by the livelock. Among those lower priority threads are the rcuc/ threads. With this update, right before (4 jiffies) a RCU stall is detected, the rcuc/ threads on the CPUs facing the livelock have their priorities boosted above the priority of the threads involved in the livelock. The softirq code has also been updated to be more robust. These modifications allow the rcuc/ threads to execute even under system pressure, mitigating the RCU stalls. (BZ#1293229) * Multiple CPUs trying to take an rq lock previously caused large latencies on machines with many CPUs. On systems with more than 32 cores, this update uses the "push" rather than "pull" approach and provides multiple changes to the scheduling of rq locks. As a result, machines no longer suffer from multiplied latencies on large CPU systems. (BZ#1282597) * Previously, the SFC driver for 10 GB cards executed polling in NAPI mode, using a locking mechanism similar to a "trylock". Consequently, when running on a Realtime kernel, a livelock could occur. This update modifies the locking mechanism so that once the lock is taken it is not released until the operation is complete. (BZ#1282609) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1259577 - CVE-2015-5157 kernel: x86-64: IRET faults during NMIs processing 1272371 - CVE-2015-7872 kernel: Keyrings crash triggerable by unprivileged user 1282591 - kernel-rt: update to the RHEL7.2.z batch 2 source tree 1293229 - RCU stalls message on realtime kernel 1293230 - rt: netpoll: live lock with NAPI polling and busy polling on realtime kernel 6. Package List: Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-327.10.1.rt56.211.el7_2.src.rpm noarch: kernel-rt-doc-3.10.0-327.10.1.rt56.211.el7_2.noarch.rpm x86_64: kernel-rt-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-debug-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-devel-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-trace-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.10.1.rt56.211.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5157 https://access.redhat.com/security/cve/CVE-2015-7872 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWwyQ1XlSAg2UNWIIRAk6uAJ4kyBoHx56B7UyvOzVpWglSftM3qACgjsLj xbmYnoygGvrnJ0orjtnWTlw= =vq1c -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 15:58:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 15:58:01 +0000 Subject: [RHSA-2016:0224-01] Important: kernel-rt security, bug fix, and enhancement update Message-ID: <201602161558.u1GFw2ZW027363@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2016:0224-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0224.html Issue date: 2016-02-16 CVE Names: CVE-2015-5157 CVE-2015-7872 ===================================================================== 1. Summary: Updated kernel-rt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-7872, Important) * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157, Moderate) This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and provides a number of bug fixes and enhancements, including: * [md] dm: fix AB-BA deadlock in __dm_destroy() * [md] revert "dm-mpath: fix stalls when handling invalid ioctl * [cpufreq] intel_pstate: Fix limits->max_perf and limits->max_policy_pct rounding errors * [cpufreq] revert "intel_pstate: fix rounding error in max_freq_pct" * [crypto] nx: 842 - Add CRC and validation support * [of] return NUMA_NO_NODE from fallback of_node_to_nid() (BZ#1277670) The HP Smart Array (hpsa) SCSI driver has been updated to the latest version included in a Red Hat release. (BZ#1224096) This update also fixes the following bugs: * A heavy load of incoming packets on a fast networking driver (like the i40e) will both stress the softirq mechanism on the realtime kernel (as described in BZ#1293229) and exercise the possible livelock in the netpoll NAPI/busy polling routines (as described in BZ#1293230). The fixes applied to both BZ#1293229 and BZ#1293230 will address these issues by hardening the locking mechanism for the netpoll NAPI/busy polling and by enhancing the way softirqs are serviced. These fixes also create a failsafe to avoiding RCU stalls on a heavily loaded system and allows the networking driver to work as expected. (BZ#1200766) * The nohz_full code in older versions of the MRG-Realtime kernels was incomplete and known to be problematic due to the way the old implementation interacted with the real time features in the kernel. The nohz_full kernel code has been updated enabling this feature to function as expected and allowing this feature to be enabled in the realtime kernel. (BZ#1278511) * Because the realtime kernel replaces most of the spinlocks with rtmutexes, the locking scheme used in both NAPI polling and busy polling could become out of synchronization with the State Machine they protected. This could cause system performance degradation or even a livelock situation when a machine with faster NICs (10g or 40g) was subject to a heavy pressure receiving network packets. The locking schemes on NAPI polling and busy polling routines were hardened to enforce the State machine sanity to help ensure the system continues to function properly under pressure. (BZ#1295884) * A possible livelock in the NAPI polling and busy polling routines could lead the system to a livelock on threads running at high, realtime, priorities. The threads running at priorities lower than the ones of the threads involved in the livelock would be prevented from running on the CPUs affected by the livelock. Among those lower priority threads are the rcuc/ threads. Right before (4 jiffies) a RCU stall is detected, the rcuc/ threads on the CPUs facing the livelock have their priorities boosted above the priority of the threads involved in the livelock. The softirq code was also updated to be more robust. These modifications allowed the rcuc/ threads to execute even under system pressure, mitigating the RCU stalls. (BZ#1295885) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1259577 - CVE-2015-5157 kernel: x86-64: IRET faults during NMIs processing 1272371 - CVE-2015-7872 kernel: Keyrings crash triggerable by unprivileged user 1277670 - update the MRG 2.5.x 3.10 kernel-rt sources 1278511 - nohz_full still not working even with nohz=on 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-327.rt56.171.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-327.rt56.171.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-327.rt56.171.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.171.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-327.rt56.171.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5157 https://access.redhat.com/security/cve/CVE-2015-7872 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0bFXlSAg2UNWIIRAhJ9AJ4me67AcalhWd+KUtQ/e/Z/SNvkGACeLayE OVmcF/3wKbUMhuleb6PXFcs= =XMP8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 16:03:24 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 16:03:24 +0000 Subject: [RHSA-2016:0175-01] Critical: glibc security and bug fix update Message-ID: <201602161603.u1GG3Oj7017422@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security and bug fix update Advisory ID: RHSA-2016:0175-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0175.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. This update also fixes the following bugs: * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm ppc64: glibc-2.12-1.166.el6_7.7.ppc.rpm glibc-2.12-1.166.el6_7.7.ppc64.rpm glibc-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-devel-2.12-1.166.el6_7.7.ppc.rpm glibc-devel-2.12-1.166.el6_7.7.ppc64.rpm glibc-headers-2.12-1.166.el6_7.7.ppc64.rpm glibc-utils-2.12-1.166.el6_7.7.ppc64.rpm nscd-2.12-1.166.el6_7.7.ppc64.rpm s390x: glibc-2.12-1.166.el6_7.7.s390.rpm glibc-2.12-1.166.el6_7.7.s390x.rpm glibc-common-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-devel-2.12-1.166.el6_7.7.s390.rpm glibc-devel-2.12-1.166.el6_7.7.s390x.rpm glibc-headers-2.12-1.166.el6_7.7.s390x.rpm glibc-utils-2.12-1.166.el6_7.7.s390x.rpm nscd-2.12-1.166.el6_7.7.s390x.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm ppc64: glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-static-2.12-1.166.el6_7.7.ppc.rpm glibc-static-2.12-1.166.el6_7.7.ppc64.rpm s390x: glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-static-2.12-1.166.el6_7.7.s390.rpm glibc-static-2.12-1.166.el6_7.7.s390x.rpm x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0gnXlSAg2UNWIIRAgp4AJ9BIF6YHY/UoQcUvkEfqPbxa4+G6wCgouQY aOCbFFx87AiVZnfSlGYcLjI= =tRjT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 16:07:44 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 16:07:44 +0000 Subject: [RHSA-2016:0176-01] Critical: glibc security and bug fix update Message-ID: <201602161607.u1GG7i5M021776@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security and bug fix update Advisory ID: RHSA-2016:0176-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0176.html Issue date: 2016-02-16 CVE Names: CVE-2015-5229 CVE-2015-7547 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs: * The existing implementation of the "free" function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of "madvise" system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the "mallopt" function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930) * On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error "monstartup: out of memory". The bug has been corrected and applications compiled for profiling now start correctly. (BZ#1298956) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1256285 - CVE-2015-5229 glibc: calloc may return non-zero memory 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 1298956 - "monstartup: out of memory" on PPC64LE [rhel-7.2.z] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm ppc64: glibc-2.17-106.el7_2.4.ppc.rpm glibc-2.17-106.el7_2.4.ppc64.rpm glibc-common-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64.rpm glibc-devel-2.17-106.el7_2.4.ppc.rpm glibc-devel-2.17-106.el7_2.4.ppc64.rpm glibc-headers-2.17-106.el7_2.4.ppc64.rpm glibc-utils-2.17-106.el7_2.4.ppc64.rpm nscd-2.17-106.el7_2.4.ppc64.rpm ppc64le: glibc-2.17-106.el7_2.4.ppc64le.rpm glibc-common-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64le.rpm glibc-devel-2.17-106.el7_2.4.ppc64le.rpm glibc-headers-2.17-106.el7_2.4.ppc64le.rpm glibc-utils-2.17-106.el7_2.4.ppc64le.rpm nscd-2.17-106.el7_2.4.ppc64le.rpm s390x: glibc-2.17-106.el7_2.4.s390.rpm glibc-2.17-106.el7_2.4.s390x.rpm glibc-common-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390x.rpm glibc-devel-2.17-106.el7_2.4.s390.rpm glibc-devel-2.17-106.el7_2.4.s390x.rpm glibc-headers-2.17-106.el7_2.4.s390x.rpm glibc-utils-2.17-106.el7_2.4.s390x.rpm nscd-2.17-106.el7_2.4.s390x.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64.rpm glibc-static-2.17-106.el7_2.4.ppc.rpm glibc-static-2.17-106.el7_2.4.ppc64.rpm ppc64le: glibc-debuginfo-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64le.rpm glibc-static-2.17-106.el7_2.4.ppc64le.rpm s390x: glibc-debuginfo-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390x.rpm glibc-static-2.17-106.el7_2.4.s390.rpm glibc-static-2.17-106.el7_2.4.s390x.rpm x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5229 https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0iDXlSAg2UNWIIRAh1MAJ4i9uRE0pNTb+BjMHGTLL5PpEbF6gCgrBwA pR+M8a0yt5CoWGJfxcd7yVg= =gySF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 16 16:14:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Feb 2016 16:14:51 +0000 Subject: [RHSA-2016:0225-01] Critical: glibc security update Message-ID: <201602161614.u1GGEqG8009819@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2016:0225-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0225.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.11.src.rpm x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.17.src.rpm x86_64: glibc-2.12-1.47.el6_2.17.i686.rpm glibc-2.12-1.47.el6_2.17.x86_64.rpm glibc-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-devel-2.12-1.47.el6_2.17.i686.rpm glibc-devel-2.12-1.47.el6_2.17.x86_64.rpm glibc-headers-2.12-1.47.el6_2.17.x86_64.rpm glibc-utils-2.12-1.47.el6_2.17.x86_64.rpm nscd-2.12-1.47.el6_2.17.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.9.src.rpm x86_64: glibc-2.12-1.107.el6_4.9.i686.rpm glibc-2.12-1.107.el6_4.9.x86_64.rpm glibc-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-devel-2.12-1.107.el6_4.9.i686.rpm glibc-devel-2.12-1.107.el6_4.9.x86_64.rpm glibc-headers-2.12-1.107.el6_4.9.x86_64.rpm glibc-utils-2.12-1.107.el6_4.9.x86_64.rpm nscd-2.12-1.107.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.7.src.rpm x86_64: glibc-2.12-1.132.el6_5.7.i686.rpm glibc-2.12-1.132.el6_5.7.x86_64.rpm glibc-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-devel-2.12-1.132.el6_5.7.i686.rpm glibc-devel-2.12-1.132.el6_5.7.x86_64.rpm glibc-headers-2.12-1.132.el6_5.7.x86_64.rpm glibc-utils-2.12-1.132.el6_5.7.x86_64.rpm nscd-2.12-1.132.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.11.src.rpm i386: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-headers-2.12-1.149.el6_6.11.i686.rpm glibc-utils-2.12-1.149.el6_6.11.i686.rpm nscd-2.12-1.149.el6_6.11.i686.rpm ppc64: glibc-2.12-1.149.el6_6.11.ppc.rpm glibc-2.12-1.149.el6_6.11.ppc64.rpm glibc-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-devel-2.12-1.149.el6_6.11.ppc.rpm glibc-devel-2.12-1.149.el6_6.11.ppc64.rpm glibc-headers-2.12-1.149.el6_6.11.ppc64.rpm glibc-utils-2.12-1.149.el6_6.11.ppc64.rpm nscd-2.12-1.149.el6_6.11.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.11.s390.rpm glibc-2.12-1.149.el6_6.11.s390x.rpm glibc-common-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-devel-2.12-1.149.el6_6.11.s390.rpm glibc-devel-2.12-1.149.el6_6.11.s390x.rpm glibc-headers-2.12-1.149.el6_6.11.s390x.rpm glibc-utils-2.12-1.149.el6_6.11.s390x.rpm nscd-2.12-1.149.el6_6.11.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.17.src.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-static-2.12-1.47.el6_2.17.i686.rpm glibc-static-2.12-1.47.el6_2.17.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.9.src.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-static-2.12-1.107.el6_4.9.i686.rpm glibc-static-2.12-1.107.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.7.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-static-2.12-1.132.el6_5.7.i686.rpm glibc-static-2.12-1.132.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-static-2.12-1.149.el6_6.11.ppc.rpm glibc-static-2.12-1.149.el6_6.11.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-static-2.12-1.149.el6_6.11.s390.rpm glibc-static-2.12-1.149.el6_6.11.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: glibc-2.17-79.el7_1.4.src.rpm x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: glibc-2.17-79.el7_1.4.src.rpm ppc64: glibc-2.17-79.el7_1.4.ppc.rpm glibc-2.17-79.el7_1.4.ppc64.rpm glibc-common-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-devel-2.17-79.el7_1.4.ppc.rpm glibc-devel-2.17-79.el7_1.4.ppc64.rpm glibc-headers-2.17-79.el7_1.4.ppc64.rpm glibc-utils-2.17-79.el7_1.4.ppc64.rpm nscd-2.17-79.el7_1.4.ppc64.rpm s390x: glibc-2.17-79.el7_1.4.s390.rpm glibc-2.17-79.el7_1.4.s390x.rpm glibc-common-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-devel-2.17-79.el7_1.4.s390.rpm glibc-devel-2.17-79.el7_1.4.s390x.rpm glibc-headers-2.17-79.el7_1.4.s390x.rpm glibc-utils-2.17-79.el7_1.4.s390x.rpm nscd-2.17-79.el7_1.4.s390x.rpm x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: glibc-2.17-79.ael7b_1.4.src.rpm ppc64le: glibc-2.17-79.ael7b_1.4.ppc64le.rpm glibc-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-devel-2.17-79.ael7b_1.4.ppc64le.rpm glibc-headers-2.17-79.ael7b_1.4.ppc64le.rpm glibc-utils-2.17-79.ael7b_1.4.ppc64le.rpm nscd-2.17-79.ael7b_1.4.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-static-2.17-79.el7_1.4.ppc.rpm glibc-static-2.17-79.el7_1.4.ppc64.rpm s390x: glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-static-2.17-79.el7_1.4.s390.rpm glibc-static-2.17-79.el7_1.4.s390x.rpm x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-static-2.17-79.ael7b_1.4.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0rVXlSAg2UNWIIRAoWoAJ93rclEfn9JUszTFNh+0YlrV1LDvgCdHL4z ZcaJTtI1osFTTkgVY6t05d0= =2Ia0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 17 05:04:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Feb 2016 05:04:01 +0000 Subject: [RHSA-2016:0241-01] Important: chromium-browser security update Message-ID: <201602170504.u1H542FI005551@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:0241-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0241.html Issue date: 2016-02-17 CVE Names: CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627) All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.109, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1306152 - CVE-2016-1622 chromium-browser: same-origin bypass in Extensions 1306153 - CVE-2016-1623 chromium-browser: same-origin bypass in DOM 1306154 - CVE-2016-1624 chromium-browser: buffer overflow in Brotli 1306155 - CVE-2016-1625 chromium-browser: navigation bypass in Chrome Instant 1306156 - CVE-2016-1626 chromium-browser: out-of-bounds read in PDFium 1306157 - CVE-2016-1627 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-48.0.2564.109-1.el6.i686.rpm chromium-browser-debuginfo-48.0.2564.109-1.el6.i686.rpm x86_64: chromium-browser-48.0.2564.109-1.el6.x86_64.rpm chromium-browser-debuginfo-48.0.2564.109-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-48.0.2564.109-1.el6.i686.rpm chromium-browser-debuginfo-48.0.2564.109-1.el6.i686.rpm x86_64: chromium-browser-48.0.2564.109-1.el6.x86_64.rpm chromium-browser-debuginfo-48.0.2564.109-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-48.0.2564.109-1.el6.i686.rpm chromium-browser-debuginfo-48.0.2564.109-1.el6.i686.rpm x86_64: chromium-browser-48.0.2564.109-1.el6.x86_64.rpm chromium-browser-debuginfo-48.0.2564.109-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1622 https://access.redhat.com/security/cve/CVE-2016-1623 https://access.redhat.com/security/cve/CVE-2016-1624 https://access.redhat.com/security/cve/CVE-2016-1625 https://access.redhat.com/security/cve/CVE-2016-1626 https://access.redhat.com/security/cve/CVE-2016-1627 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw/82XlSAg2UNWIIRAplcAJsEGZ0lS6zSUS4TL3CgbTR3ij7bDQCgh/7b h2HDcogZZnAygP/uhulAOqw= =5x2R -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 18 15:26:26 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Feb 2016 10:26:26 -0500 Subject: [RHSA-2016:0258-01] Important: thunderbird security update Message-ID: <201602181526.u1IFQQG3013025@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2016:0258-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0258.html Issue date: 2016-02-18 CVE Names: CVE-2016-1930 CVE-2016-1935 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301818 - CVE-2016-1930 Mozilla: Miscellaneous memory safety hazards (rv:38.6) (MFSA 2016-01) 1301821 - CVE-2016-1935 Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-38.6.0-1.el5_11.src.rpm i386: thunderbird-38.6.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.6.0-1.el5_11.i386.rpm x86_64: thunderbird-38.6.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-38.6.0-1.el5_11.src.rpm i386: thunderbird-38.6.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.6.0-1.el5_11.i386.rpm x86_64: thunderbird-38.6.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-38.6.0-1.el6_7.src.rpm i386: thunderbird-38.6.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.6.0-1.el6_7.i686.rpm x86_64: thunderbird-38.6.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-38.6.0-1.el6_7.src.rpm i386: thunderbird-38.6.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.6.0-1.el6_7.i686.rpm ppc64: thunderbird-38.6.0-1.el6_7.ppc64.rpm thunderbird-debuginfo-38.6.0-1.el6_7.ppc64.rpm s390x: thunderbird-38.6.0-1.el6_7.s390x.rpm thunderbird-debuginfo-38.6.0-1.el6_7.s390x.rpm x86_64: thunderbird-38.6.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-38.6.0-1.el6_7.src.rpm i386: thunderbird-38.6.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.6.0-1.el6_7.i686.rpm x86_64: thunderbird-38.6.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-38.6.0-1.el7_2.src.rpm x86_64: thunderbird-38.6.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-38.6.0-1.el7_2.src.rpm ppc64le: thunderbird-38.6.0-1.el7_2.ppc64le.rpm thunderbird-debuginfo-38.6.0-1.el7_2.ppc64le.rpm x86_64: thunderbird-38.6.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-38.6.0-1.el7_2.src.rpm x86_64: thunderbird-38.6.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.6.0-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1930 https://access.redhat.com/security/cve/CVE-2016-1935 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWxeKgXlSAg2UNWIIRAoqdAKCg4Xm6M8RdvhSe42Ghq5bHiOAVXgCdEYdz rTQZ1u0M7pLaWFF8foFMUDY= =Lv9u -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 18 19:39:02 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Feb 2016 19:39:02 +0000 Subject: [RHSA-2016:0266-01] Moderate: openstack-heat bug fix and security advisory Message-ID: <201602181939.u1IJd2KI012673@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-heat bug fix and security advisory Advisory ID: RHSA-2016:0266-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0266.html Issue date: 2016-02-18 CVE Names: CVE-2015-5295 ===================================================================== 1. Summary: Updated openstack-heat packages that fix one security issue and resolve various bugs are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server. (CVE-2015-5295) This issue was discovered by Steven Hardy of Red Hat. This update has the following known issue: * By default, the number of created heat-engine workers match the number of cores on the undercloud. However, if there is only one core, there is only one heat-engine worker, and this causes deadlocks when creating the overcloud stack. A single heat-engine worker is not enough to launch an overcloud stack. Workaround: The undercloud must have at least two (virtual) cores. For virtual deployments, this should be two vCPUs, regardless of cores on the baremetal host. Otherwise, you can uncomment the num_engine_workers line in /etc/heat/heat.conf, and restart openstack- heat-engine. (BZ#1290949) This update also fixes the following bugs: * When a stack update fails, Orchestration stores a merged environment file. Previously, with an interrupted update, the merged environment file was not written, any resources already created that had new type aliases in the environment could not have their types resolved, and the failed stack could not be updated. This patch now catches any exceptions that occur, and ensures that the stack can now be updated. (BZ#1290950) * Previously, stack updates resulted in an OS::Neutron::Port resource being replaced when the property values were changed in the following ways: - The network property referred to the same network, but by name instead of UUID, or by UUID instead of name. - Specifying the network using the 'network' property instead of the deprecated 'network_id' property, or using the deprecated 'network_id' property instead of the network property. This issue has been resolved. (BZ#1291845) * This update resolves an issue that caused the deployment of Orchestration templates to fail during resource validation. Network IDs are now correctly identified. (BZ#1292152) * Previously, using the Orchestration API actions > check call removed output values from the existing stack (using either CLI or dashboard). This broke stack updates and other operations depending on stack output values after operation execution. This issue has been resolved. (BZ#1299257) * Upgrades of overclouds from Red Hat Enterprise Linux OpenStack Platform 7.2 to 7.3 failed with the error "resources.SwiftDevicesAndProxyConfig: Property controller_swift_proxy_memcaches_v6 not assigned". This issue has been resolved. (BZ#1300847) * Previously, when resource metadata was requested from Orchestration, all attribute values were fetched, even though this data was not returned by the API. This meant at least one pointless ReST API call to the OpenStack service, and "404 Not Found" messages accumulated in both heat-engine and nova-api logs. With this update, Orchestration no longer calculates attribute values when only the metadata for a resource is requested. (BZ#1304854) * Previously, the "heat-manage purge_delete" cron job on the undercloud failed when attempting to purge the raw_template table. This patch fixes the raw_template purge query on MySQL, and handles stack tags before removing stacks which resolves the issue and also removes some race conditions where incorrect data was being deleted.(BZ#1306444) 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 7 runs on Red Hat Enterprise Linux 7.2. The Red Hat Enterprise Linux OpenStack Platform 7 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 7, including which channels need to be enabled and disabled. The Release Notes are available at: https://access.redhat.com/documentation/en/red-hat-enterprise-linux-opensta ck-platform/version-7/red-hat-enterprise-linux-openstack-platform-7-release - -notes/release-notes This update is available through 'yum update' on systems registered through Red Hat Subscription Manager. For more information about Red Hat Subscription Manager, see: https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Manageme nt/1/html/RHSM/index.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1280094 - Uncaught exceptions can leave stacks hanging UPDATE_IN_PROGRESS 1288207 - Heat is unable to delete stack's resources if a 'port' name is given to a resource and not a UUID. 1290949 - rhel-osp-director: re-ran the deployment command: "Stack failed with status: resources.Controller: MessagingTimeout: resources[0]: Timed out waiting for a reply to message ID 863d0fbc6ce24cd288074d901d1a6e64 ERROR: openstack Heat Stack update failed." 1290950 - rhel-osp-director: update 7.0->7.2 and 7.2 >7.3 fails StackValidationFailed: Unknown resource Type : OS::TripleO::NodeTLSCAData (*include-password or export HEAT_INCLUDE_PASSWORD=1) 1291845 - when not using network isolation, after an update from GA to latest release the apis try to reach the old public_virtual_ip 1292152 - Heat template fails in validation started with OSP7 1298295 - CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leading to DoS 1299257 - heat API: actions->check removes stack output values. 1299613 - rhel-osp-director: Scale-up Ceph from 1 to 3 fails, when Overcloud is deployed with SSL (resources.EndpointMap: Timed out) . 1300847 - rhel-osp-director: Overcloud update from 7.2-> 7.3 fails "resources.SwiftDevicesAndProxyConfig: Property controller_swift_proxy_memcaches_v6 not assigned " 1302828 - Hooks can remain set after a stack operation is stopped 1304854 - Metadata polling unnecessarily calls Nova 1304935 - Heat logs gigabytes of boring, worthless stuff 1306444 - DB Purge of raw_template fails on constraint from resources.current_template_id 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-heat-2015.1.2-9.el7ost.src.rpm noarch: openstack-heat-api-2015.1.2-9.el7ost.noarch.rpm openstack-heat-api-cfn-2015.1.2-9.el7ost.noarch.rpm openstack-heat-api-cloudwatch-2015.1.2-9.el7ost.noarch.rpm openstack-heat-common-2015.1.2-9.el7ost.noarch.rpm openstack-heat-engine-2015.1.2-9.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5295 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWxh2PXlSAg2UNWIIRAs8ZAJ96mowFUbmIWA5smljYit1Sa7Pr4gCggyUq G5GA0S0D9YUvuUDPFRCNxbI= =/ZbZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 23 07:32:00 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Feb 2016 07:32:00 +0000 Subject: [RHSA-2016:0286-01] Critical: chromium-browser security update Message-ID: <201602230732.u1N7W1Mk001749@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2016:0286-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0286.html Issue date: 2016-02-23 CVE Names: CVE-2016-1629 ===================================================================== 1. Summary: Updated chromium-browser packages that fix two security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1629) All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.116, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1309988 - CVE-2016-1629 chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome 6. Package List: Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-48.0.2564.116-1.el6.i686.rpm chromium-browser-debuginfo-48.0.2564.116-1.el6.i686.rpm x86_64: chromium-browser-48.0.2564.116-1.el6.x86_64.rpm chromium-browser-debuginfo-48.0.2564.116-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-48.0.2564.116-1.el6.i686.rpm chromium-browser-debuginfo-48.0.2564.116-1.el6.i686.rpm x86_64: chromium-browser-48.0.2564.116-1.el6.x86_64.rpm chromium-browser-debuginfo-48.0.2564.116-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1629 https://access.redhat.com/security/updates/classification/#critical http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWzArIXlSAg2UNWIIRAqTPAJ9boPDKLHCRPzspQBR6z1qjNkZ/iQCfZmXg aZViInuR81i3BENAcqVUnbA= =Qgpe -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 24 10:53:03 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 24 Feb 2016 10:53:03 +0000 Subject: [RHSA-2016:0296-01] Important: rh-ror41 security update Message-ID: <201602241053.u1OAr3Uo024751@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ror41 security update Advisory ID: RHSA-2016:0296-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0296.html Issue date: 2016-02-24 CVE Names: CVE-2015-7576 CVE-2015-7577 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753 ===================================================================== 1. Summary: Updated rh-ror41-rubygem-actionpack, rh-ror41-rubygem-actionview, rh-ror41-rubygem-activemodel, and rh-ror41-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller (MVC) framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code. (CVE-2016-0752) The following issues were corrected in rubygem-actionpack: A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. (CVE-2016-0751) A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service. (CVE-2015-7581) A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. (CVE-2015-7576) The following issue was corrected in rubygem-activerecord: A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. (CVE-2015-7577) The following issue was corrected in rubygem-activemodel and rubygem-activerecord: A flaw was found in the way the Active Model based models processed attributes. An attacker with the ability to pass arbitrary attributes to models could possibly use this flaw to bypass input validation. (CVE-2016-0753) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges John Poulin as the original reporter of CVE-2016-0752, Aaron Patterson of Red Hat as the original reporter of CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576, Justin Coyne as the original reporter of CVE-2015-7577, and John Backus from BlockScore as the original reporter of CVE-2016-0753. All rh-ror41 collection rubygem-actionpack, rubygem-actionview, rubygem-activemodel, and rubygem-activerecord packages users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the rh-ror41 collection must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301933 - CVE-2015-7576 rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller 1301946 - CVE-2016-0751 rubygem-actionpack: possible object leak and denial of service attack in Action Pack 1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record 1301963 - CVE-2016-0752 rubygem-actionview, rubygem-actionpack: directory traversal flaw in Action View 1301973 - CVE-2016-0753 rubygem-activemodel, rubygem-activerecord: possible input validation circumvention in Active Model 1301981 - CVE-2015-7581 rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el6.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ror41-rubygem-actionpack-4.1.5-3.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.src.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.src.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-3.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-activemodel-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activemodel-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activerecord-doc-4.1.5-2.el7.noarch.rpm rh-ror41-rubygem-activesupport-4.1.5-3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7576 https://access.redhat.com/security/cve/CVE-2015-7577 https://access.redhat.com/security/cve/CVE-2015-7581 https://access.redhat.com/security/cve/CVE-2016-0751 https://access.redhat.com/security/cve/CVE-2016-0752 https://access.redhat.com/security/cve/CVE-2016-0753 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWzYmiXlSAg2UNWIIRAqjwAKCjesF5PPTGO327SSig5cCaVFbYPQCgmZmX 5WdX2olMbU+anTQUliW+BLE= =BDIt -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 29 05:20:00 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Feb 2016 05:20:00 +0000 Subject: [RHSA-2016:0309-01] Low: openstack-glance security update Message-ID: <201602290520.u1T5K0oG019256@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2016:0309-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0309.html Issue date: 2016-02-29 CVE Names: CVE-2016-0757 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected. (CVE-2016-0757) Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Erno Kuvaja of HPE as the original reporter. All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1302607 - CVE-2016-0757 openstack-glance: Glance image status manipulation through locations 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-glance-2014.2.3-4.el7ost.src.rpm noarch: openstack-glance-2014.2.3-4.el7ost.noarch.rpm openstack-glance-doc-2014.2.3-4.el7ost.noarch.rpm python-glance-2014.2.3-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0757 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW09TmXlSAg2UNWIIRAlWKAJ46lYcUBlTkWHKIpN+2J2jIkyPIBQCeJ8+L uq5Qsnn2Ts2uT+SkteTt7eM= =1QaQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 29 05:20:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Feb 2016 05:20:57 +0000 Subject: [RHSA-2016:0308-01] Moderate: rabbitmq-server security and bugfix update Message-ID: <201602290520.u1T5Kvcq008896@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rabbitmq-server security and bugfix update Advisory ID: RHSA-2016:0308-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0308.html Issue date: 2016-02-29 CVE Names: CVE-2014-9649 CVE-2014-9650 ===================================================================== 1. Summary: Updated rabbitmq-server packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL (not escaped). (CVE-2014-9649) A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data. (CVE-2014-9650) This update also fixes the following bug: * Previously, if the rabbit_mirror_queue_master did not return when using HA and 'auto_delete' queues, the RabbitMQ server blocked channels during termination. These channels would then have no associated connections and were displayed as 'unknown'. This issue has been resolved. (BZ#1303747) All rabbitmq-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185514 - CVE-2014-9649 RabbitMQ: /api/... XSS vulnerability 1185515 - CVE-2014-9650 RabbitMQ: /api/definitions response splitting vulnerability 1303747 - Blocked channels and queues using HA 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: rabbitmq-server-3.3.5-18.el7ost.src.rpm noarch: rabbitmq-server-3.3.5-18.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9649 https://access.redhat.com/security/cve/CVE-2014-9650 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW09UoXlSAg2UNWIIRAvhCAKCJb7/We3Nk7axulBvnSAmZlByA4ACeN9Mp 0T+1d3u7YXOvKrc2KuPGEVY= =hJwd -----END PGP SIGNATURE-----