From bugzilla at redhat.com Mon Jul 4 05:52:15 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Jul 2016 05:52:15 +0000 Subject: [RHSA-2016:1377-01] Moderate: openstack-ironic security update Message-ID: <201607040552.u645qFbG024646@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-ironic security update Advisory ID: RHSA-2016:1377-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2016:1377 Issue date: 2016-07-04 CVE Names: CVE-2016-4985 ===================================================================== 1. Summary: An update for openstack-ironic is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: OpenStack Bare Metal (ironic) is a tool used to provision bare metal (as opposed to virtual) machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix(es): * An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses. (CVE-2016-4985) Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1346193 - CVE-2016-4985 openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: openstack-ironic-2015.1.2-4.el7ost.src.rpm noarch: openstack-ironic-api-2015.1.2-4.el7ost.noarch.rpm openstack-ironic-common-2015.1.2-4.el7ost.noarch.rpm openstack-ironic-conductor-2015.1.2-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4985 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXefmEXlSAg2UNWIIRAvpAAKClwR9TWrqzssQq+acel1agIIzoPACfdOyL BlEOAk0CxX/SFeN3Y0k8Vb8= =nfdd -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 4 05:52:49 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Jul 2016 05:52:49 +0000 Subject: [RHSA-2016:1378-01] Moderate: openstack-ironic security update Message-ID: <201607040552.u645qoEx022895@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-ironic security update Advisory ID: RHSA-2016:1378-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2016:1378 Issue date: 2016-07-04 CVE Names: CVE-2016-4985 ===================================================================== 1. Summary: An update for openstack-ironic is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: OpenStack Bare Metal (ironic) is a tool used to provision bare metal (as opposed to virtual) machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix(es): * An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses. (CVE-2016-4985) Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1346193 - CVE-2016-4985 openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: openstack-ironic-4.2.5-1.el7ost.src.rpm noarch: openstack-ironic-api-4.2.5-1.el7ost.noarch.rpm openstack-ironic-common-4.2.5-1.el7ost.noarch.rpm openstack-ironic-conductor-4.2.5-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4985 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXefmmXlSAg2UNWIIRAticAJ9FXmn40CCeU401eRVzVZ/vmMDGCwCgisDO jaPMWLK/WsbG2CHeUBOoEAU= =6OR1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 5 06:42:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Jul 2016 06:42:13 +0000 Subject: [RHSA-2016:1380-01] Moderate: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update Message-ID: <201607050642.u656gDJM027028@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update Advisory ID: RHSA-2016:1380-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1380 Issue date: 2016-07-05 CVE Names: CVE-2014-7191 ===================================================================== 1. Summary: An update for nodejs010-node-gyp and nodejs010-nodejs-qs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. (CVE-2014-7191) Bug Fix(es): * A previous patch to the nodejs010-node-gyp RPM package introduced a bug, which caused the node-gyp module to work incorrectly. As a consequence, users were unable to install or build native Node.js modules. A new patch has been applied, the node-gyp module now works as expected, and it no longer affects other modules. (BZ#1255594) All nodejs010-nodejs-qs and nodejs010-node-gyp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1146054 - CVE-2014-7191 nodejs-qs: Denial-of-Service Memory Exhaustion 1255594 - FTBFS: Cannot build with v8314-gyp 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: nodejs010-node-gyp-3.2.0-3.el6.src.rpm nodejs010-nodejs-qs-0.6.5-5.el6.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el6.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: nodejs010-node-gyp-3.2.0-3.el6.src.rpm nodejs010-nodejs-qs-0.6.5-5.el6.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el6.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: nodejs010-node-gyp-3.2.0-3.el6.src.rpm nodejs010-nodejs-qs-0.6.5-5.el6.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el6.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: nodejs010-node-gyp-3.2.0-3.el6.src.rpm nodejs010-nodejs-qs-0.6.5-5.el6.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el6.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: nodejs010-node-gyp-3.2.0-3.el7.src.rpm nodejs010-nodejs-qs-0.6.5-5.el7.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el7.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: nodejs010-node-gyp-3.2.0-3.el7.src.rpm nodejs010-nodejs-qs-0.6.5-5.el7.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el7.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: nodejs010-node-gyp-3.2.0-3.el7.src.rpm nodejs010-nodejs-qs-0.6.5-5.el7.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el7.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: nodejs010-node-gyp-3.2.0-3.el7.src.rpm nodejs010-nodejs-qs-0.6.5-5.el7.src.rpm noarch: nodejs010-node-gyp-3.2.0-3.el7.noarch.rpm nodejs010-nodejs-qs-0.6.5-5.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7191 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXe1akXlSAg2UNWIIRAkZgAJ4pPYggyUaVC8EE7LEOBuw68uDWogCgnDKz uVWazE2AkoCCOL0zmdRGuC0= =4B7W -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 11 05:34:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Jul 2016 05:34:22 +0000 Subject: [RHSA-2016:1392-01] Important: thunderbird security update Message-ID: <201607110534.u6B5YNRv007548@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2016:1392-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1392 Issue date: 2016-07-11 CVE Names: CVE-2016-2818 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-2818) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1342887 - CVE-2016-2818 Mozilla: Miscellaneous memory safety hazards (rv:45.2) (MFSA 2016-49) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-45.2-1.el5_11.src.rpm i386: thunderbird-45.2-1.el5_11.i386.rpm thunderbird-debuginfo-45.2-1.el5_11.i386.rpm x86_64: thunderbird-45.2-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.2-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-45.2-1.el5_11.src.rpm i386: thunderbird-45.2-1.el5_11.i386.rpm thunderbird-debuginfo-45.2-1.el5_11.i386.rpm x86_64: thunderbird-45.2-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.2-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-45.2-1.el6_8.src.rpm i386: thunderbird-45.2-1.el6_8.i686.rpm thunderbird-debuginfo-45.2-1.el6_8.i686.rpm x86_64: thunderbird-45.2-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.2-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-45.2-1.el6_8.src.rpm i386: thunderbird-45.2-1.el6_8.i686.rpm thunderbird-debuginfo-45.2-1.el6_8.i686.rpm ppc64: thunderbird-45.2-1.el6_8.ppc64.rpm thunderbird-debuginfo-45.2-1.el6_8.ppc64.rpm s390x: thunderbird-45.2-1.el6_8.s390x.rpm thunderbird-debuginfo-45.2-1.el6_8.s390x.rpm x86_64: thunderbird-45.2-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.2-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-45.2-1.el6_8.src.rpm i386: thunderbird-45.2-1.el6_8.i686.rpm thunderbird-debuginfo-45.2-1.el6_8.i686.rpm x86_64: thunderbird-45.2-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.2-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-45.2-1.el7_2.src.rpm x86_64: thunderbird-45.2-1.el7_2.x86_64.rpm thunderbird-debuginfo-45.2-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-45.2-1.el7_2.src.rpm ppc64le: thunderbird-45.2-1.el7_2.ppc64le.rpm thunderbird-debuginfo-45.2-1.el7_2.ppc64le.rpm x86_64: thunderbird-45.2-1.el7_2.x86_64.rpm thunderbird-debuginfo-45.2-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-45.2-1.el7_2.src.rpm x86_64: thunderbird-45.2-1.el7_2.x86_64.rpm thunderbird-debuginfo-45.2-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2818 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXgy+cXlSAg2UNWIIRAvkfAJsFLiTIyWDAZ5xIGOJkxo06Xap4ZwCgj5gl GiE0mPJYo1nN4SyLU8EyZig= =/l4A -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 12 15:06:47 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Jul 2016 15:06:47 +0000 Subject: [RHSA-2016:1395-01] Moderate: kernel security and bug fix update Message-ID: <201607121506.u6CF6WGq023315@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2016:1395-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1395 Issue date: 2016-07-12 CVE Names: CVE-2015-4170 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock. (CVE-2015-4170, Moderate) This update also fixes the following bugs: * When Small Computer System Interface (SCSI) devices were removed or deleted, a system crash could occur due to a race condition between listing all SCSI devices and SCSI device removal. The provided patch ensures that the starting node for the klist_iter_init_node() function is actually a member of the list before using it. As a result, a system crash no longer occurs in the described scenario. (BZ#1333402) * When creating Virtual Functions (VF) on the ixgbe driver, the Media Access Control (MAC) address for each VF could be random if not explicitly set. When generating a random MAC address, it was possible to set the address to zero. As a consequence, transmitted packets were discarded without being sent, and the user was not able to access the network. The provided patchset ensures that the VFs always end up with valid MAC addresses. As a result, packets are now transmitted as expected, and the user is able to access the network. (BZ#1335405) * Under significant load, some applications such as logshifter could generate bursts of log messages too large for the system logger to spool. Due to a race condition, log messages from that application could then be lost even after the log volume dropped to manageable levels. This update fixes the kernel mechanism used to notify the transmitter end of the socket used by the system logger that more space is available on the receiver side, removing a race condition which previously caused the sender to stop transmitting new messages and allowing all log messages to be processed correctly. (BZ#1337602) * When a USB serial driver was trying to acquire a line-discipline reference, a lockdep warning could occur due to the tty ldisc semaphore that was not fully initialized. With this update, a set of patches has been backported from upstream that fix this bug and no warnings occur in the aforementioned scenario. (BZ#1343554) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218879 - CVE-2015-4170 kernel: pty layer race condition on tty ldisc shutdown. 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.38.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.38.1.el7.noarch.rpm kernel-doc-3.10.0-229.38.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-headers-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.38.1.el7.x86_64.rpm perf-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.38.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.38.1.el7.noarch.rpm kernel-doc-3.10.0-229.38.1.el7.noarch.rpm ppc64: kernel-3.10.0-229.38.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.38.1.el7.ppc64.rpm kernel-debug-3.10.0-229.38.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.38.1.el7.ppc64.rpm kernel-devel-3.10.0-229.38.1.el7.ppc64.rpm kernel-headers-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.38.1.el7.ppc64.rpm perf-3.10.0-229.38.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm s390x: kernel-3.10.0-229.38.1.el7.s390x.rpm kernel-debug-3.10.0-229.38.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debug-devel-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.38.1.el7.s390x.rpm kernel-devel-3.10.0-229.38.1.el7.s390x.rpm kernel-headers-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.38.1.el7.s390x.rpm perf-3.10.0-229.38.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm x86_64: kernel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-headers-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.38.1.el7.x86_64.rpm perf-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.38.1.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.38.1.ael7b.noarch.rpm kernel-doc-3.10.0-229.38.1.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.38.1.ael7b.ppc64le.rpm perf-3.10.0-229.38.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.38.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm python-perf-3.10.0-229.38.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.38.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm python-perf-3.10.0-229.38.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.38.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm python-perf-3.10.0-229.38.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4170 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXhQdrXlSAg2UNWIIRApwBAKC5cW5uujSNLL9BDkSxEG1tZQiKmACeLrSa vc9k7W/+KCt6NnpA6bhYLkY= =Q676 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 12 21:43:00 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Jul 2016 21:43:00 +0000 Subject: [RHSA-2016:1406-01] Important: kernel security and bug fix update Message-ID: <201607122143.u6CLh1S8005224@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:1406-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1406 Issue date: 2016-07-12 CVE Names: CVE-2016-4565 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) Red Hat would like to thank Jann Horn for reporting this issue. This update also fixes the following bugs: * When providing some services and using the Integrated Services Digital Network (ISDN), the system could terminate unexpectedly due to the call of the tty_ldisc_flush() function. The provided patch removes this call and the system no longer hangs in the described scenario. (BZ#1337443) * An update to the Red Hat Enterprise Linux 6.8 kernel added calls of two functions provided by the ipv6.ko kernel module, which added a dependency on that module. On systems where ipv6.ko was prevented from being loaded, the nfsd.ko and lockd.ko modules were unable to be loaded. Consequently, it was not possible to run an NFS server or to mount NFS file systems as a client. The underlying source code has been fixed by adding the symbol_get() function, which determines if nfsd.ko and lock.ko are loaded into memory and calls them through function pointers, not directly. As a result, the aforementioned kernel modules are allowed to be loaded even if ipv6.ko is not, and the NFS mount works as expected. (BZ#1341496) * After upgrading the kernel, CPU load average increased compared to the prior kernel version due to the modification of the scheduler. The provided patch set reverts the calculation algorithm of this load average to the the previous version thus resulting in relatively lower values under the same system load. (BZ#1343015) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.3.1.el6.src.rpm i386: kernel-2.6.32-642.3.1.el6.i686.rpm kernel-debug-2.6.32-642.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm kernel-devel-2.6.32-642.3.1.el6.i686.rpm kernel-headers-2.6.32-642.3.1.el6.i686.rpm perf-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.3.1.el6.noarch.rpm kernel-doc-2.6.32-642.3.1.el6.noarch.rpm kernel-firmware-2.6.32-642.3.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-headers-2.6.32-642.3.1.el6.x86_64.rpm perf-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.3.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.3.1.el6.noarch.rpm kernel-doc-2.6.32-642.3.1.el6.noarch.rpm kernel-firmware-2.6.32-642.3.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-headers-2.6.32-642.3.1.el6.x86_64.rpm perf-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.3.1.el6.src.rpm i386: kernel-2.6.32-642.3.1.el6.i686.rpm kernel-debug-2.6.32-642.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm kernel-devel-2.6.32-642.3.1.el6.i686.rpm kernel-headers-2.6.32-642.3.1.el6.i686.rpm perf-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.3.1.el6.noarch.rpm kernel-doc-2.6.32-642.3.1.el6.noarch.rpm kernel-firmware-2.6.32-642.3.1.el6.noarch.rpm ppc64: kernel-2.6.32-642.3.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.3.1.el6.ppc64.rpm kernel-debug-2.6.32-642.3.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.3.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.3.1.el6.ppc64.rpm kernel-devel-2.6.32-642.3.1.el6.ppc64.rpm kernel-headers-2.6.32-642.3.1.el6.ppc64.rpm perf-2.6.32-642.3.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm s390x: kernel-2.6.32-642.3.1.el6.s390x.rpm kernel-debug-2.6.32-642.3.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.s390x.rpm kernel-debug-devel-2.6.32-642.3.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.3.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.3.1.el6.s390x.rpm kernel-devel-2.6.32-642.3.1.el6.s390x.rpm kernel-headers-2.6.32-642.3.1.el6.s390x.rpm kernel-kdump-2.6.32-642.3.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.3.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.3.1.el6.s390x.rpm perf-2.6.32-642.3.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.3.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.s390x.rpm x86_64: kernel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-headers-2.6.32-642.3.1.el6.x86_64.rpm perf-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.3.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm python-perf-2.6.32-642.3.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.3.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.3.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.3.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.3.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.3.1.el6.s390x.rpm python-perf-2.6.32-642.3.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.3.1.el6.src.rpm i386: kernel-2.6.32-642.3.1.el6.i686.rpm kernel-debug-2.6.32-642.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm kernel-devel-2.6.32-642.3.1.el6.i686.rpm kernel-headers-2.6.32-642.3.1.el6.i686.rpm perf-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.3.1.el6.noarch.rpm kernel-doc-2.6.32-642.3.1.el6.noarch.rpm kernel-firmware-2.6.32-642.3.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm kernel-headers-2.6.32-642.3.1.el6.x86_64.rpm perf-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm python-perf-2.6.32-642.3.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm python-perf-2.6.32-642.3.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4565 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXhWOZXlSAg2UNWIIRAth6AKCoL14mZaD/HQAfLBzYNt4mpGoiPACfZ2NC xHDxhtJRSONr/pi28qO4SdU= =on5i -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 13 18:55:52 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Jul 2016 18:55:52 +0000 Subject: [RHSA-2016:1423-01] Critical: flash-plugin security update Message-ID: <201607131855.u6DItqpW018263@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 14 06:15:03 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Jul 2016 06:15:03 +0000 Subject: [RHSA-2016:1425-01] Moderate: rh-nginx18-nginx security update Message-ID: <201607140615.u6E6F3aC020748@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 ===================================================================== 1. Summary: An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1). Security Fix(es): * A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450) * It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742) * A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746) * It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx18-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 14 15:59:12 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Jul 2016 15:59:12 +0000 Subject: [RHSA-2016:1427-01] Important: atomic-openshift security and bug fix update Message-ID: <201607141559.u6EFxCvQ022973@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: atomic-openshift security and bug fix update Advisory ID: RHSA-2016:1427-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1427 Issue date: 2016-07-14 CVE Names: CVE-2016-5392 ===================================================================== 1. Summary: An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.2 - x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their information. (CVE-2016-5392) This issue was discovered by Yanping Zhang (Red Hat). This updates includes the following images: openshift3/openvswitch:v3.2.1.7-1 openshift3/ose-pod:v3.2.1.7-1 openshift3/ose:v3.2.1.7-1 openshift3/ose-docker-registry:v3.2.1.7-1 openshift3/ose-keepalived-ipfailover:v3.2.1.7-1 openshift3/ose-recycler:v3.2.1.7-1 openshift3/ose-f5-router:v3.2.1.7-1 openshift3/ose-deployer:v3.2.1.7-1 openshift3/node:v3.2.1.7-1 openshift3/ose-sti-builder:v3.2.1.7-1 openshift3/ose-docker-builder:v3.2.1.7-1 openshift3/ose-haproxy-router:v3.2.1.7-1 All OpenShift Enterprise 3 users are advised to upgrade to these updated packages and images. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat OpenShift Enterprise 3.2: Source: atomic-openshift-3.2.1.7-1.git.0.2702170.el7.src.rpm x86_64: atomic-openshift-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-clients-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-dockerregistry-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-master-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-node-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-pod-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-recycle-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm atomic-openshift-tests-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.2.1.7-1.git.0.2702170.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/cve/CVE-2016-5392 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXh7bBXlSAg2UNWIIRAtCYAJ44s1dYAnVulmArOlo+ezfWQidEqQCfaByX a+gxyTsH7DnlqW7zpqGMRCc= =M8Z3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 18 15:49:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jul 2016 15:49:57 +0000 Subject: [RHSA-2016:1420-01] Important: httpd24-httpd security update Message-ID: <201607181549.u6IFnvTP015652@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd security update Advisory ID: RHSA-2016:1420-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1420 Issue date: 2016-07-18 CVE Names: CVE-2016-4979 CVE-2016-5387 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. * A flaw was found in the way httpd performed client authentication using X.509 client certificates. When the HTTP/2 protocol was enabled, a remote attacker could use this flaw to access resources protected by certificate authentication without providing a valid client certificate. (CVE-2016-4979) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387 and Apache Software Foundation for reporting CVE-2016-4979. Upstream acknowledges Erki Aring (Liewenthal Electronics Ltd) as the original reporter of CVE-2016-4979. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1352476 - CVE-2016-4979 httpd: X509 client certificate authentication bypass using HTTP/2 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.18-11.el6.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el6.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el6.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el6.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el6.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el6.x86_64.rpm httpd24-mod_session-2.4.18-11.el6.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: httpd24-httpd-2.4.18-11.el6.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el6.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el6.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el6.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el6.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el6.x86_64.rpm httpd24-mod_session-2.4.18-11.el6.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: httpd24-httpd-2.4.18-11.el6.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el6.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el6.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el6.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el6.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el6.x86_64.rpm httpd24-mod_session-2.4.18-11.el6.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.18-11.el6.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el6.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el6.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el6.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el6.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el6.x86_64.rpm httpd24-mod_session-2.4.18-11.el6.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.18-11.el7.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el7.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el7.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el7.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el7.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el7.x86_64.rpm httpd24-mod_session-2.4.18-11.el7.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: httpd24-httpd-2.4.18-11.el7.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el7.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el7.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el7.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el7.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el7.x86_64.rpm httpd24-mod_session-2.4.18-11.el7.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: httpd24-httpd-2.4.18-11.el7.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el7.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el7.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el7.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el7.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el7.x86_64.rpm httpd24-mod_session-2.4.18-11.el7.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.18-11.el7.src.rpm noarch: httpd24-httpd-manual-2.4.18-11.el7.noarch.rpm x86_64: httpd24-httpd-2.4.18-11.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.18-11.el7.x86_64.rpm httpd24-httpd-devel-2.4.18-11.el7.x86_64.rpm httpd24-httpd-tools-2.4.18-11.el7.x86_64.rpm httpd24-mod_ldap-2.4.18-11.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.18-11.el7.x86_64.rpm httpd24-mod_session-2.4.18-11.el7.x86_64.rpm httpd24-mod_ssl-2.4.18-11.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4979 https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/httpoxy https://access.redhat.com/solutions/2435501 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXjPqfXlSAg2UNWIIRAgVvAJ9PN8fc1EVHIFP+915Pi04rE7WRPQCggjRn IzTV/EJp4IUFHLb4E6gkn10= =R+w5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 18 16:53:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jul 2016 16:53:22 +0000 Subject: [RHSA-2016:1422-01] Important: httpd security and bug fix update Message-ID: <201607181653.u6IGrMqB031434@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security and bug fix update Advisory ID: RHSA-2016:1422-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1422 Issue date: 2016-07-18 CVE Names: CVE-2016-5387 ===================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es): * In a caching proxy configuration, the mod_cache module would treat content as stale if the Expires header changed when refreshing a cached response. As a consequence, an origin server returning content without a fixed Expires header would not be treated as cacheable. The mod_cache module has been fixed to ignore changes in the Expires header when refreshing content. As a result, such content is now cacheable, improving performance and reducing load at the origin server. (BZ#1347648) * The HTTP status code 451 "Unavailable For Legal Reasons" was not usable in the httpd configuration. As a consequence, modules such as mod_rewrite could not be configured to return a 451 error if required for legal purposes. The 451 status code has been added to the list of available error codes, and modules can now be configured to return a 451 error if required. (BZ#1353269) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1347648 - Apache can not cache content if Expires header is modified 1353269 - Support sending http 451 status code from RewriteRule 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm ppc64: httpd-2.4.6-40.el7_2.4.ppc64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.ppc64.rpm httpd-devel-2.4.6-40.el7_2.4.ppc64.rpm httpd-tools-2.4.6-40.el7_2.4.ppc64.rpm mod_ssl-2.4.6-40.el7_2.4.ppc64.rpm ppc64le: httpd-2.4.6-40.el7_2.4.ppc64le.rpm httpd-debuginfo-2.4.6-40.el7_2.4.ppc64le.rpm httpd-devel-2.4.6-40.el7_2.4.ppc64le.rpm httpd-tools-2.4.6-40.el7_2.4.ppc64le.rpm mod_ssl-2.4.6-40.el7_2.4.ppc64le.rpm s390x: httpd-2.4.6-40.el7_2.4.s390x.rpm httpd-debuginfo-2.4.6-40.el7_2.4.s390x.rpm httpd-devel-2.4.6-40.el7_2.4.s390x.rpm httpd-tools-2.4.6-40.el7_2.4.s390x.rpm mod_ssl-2.4.6-40.el7_2.4.s390x.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-40.el7_2.4.ppc64.rpm mod_ldap-2.4.6-40.el7_2.4.ppc64.rpm mod_proxy_html-2.4.6-40.el7_2.4.ppc64.rpm mod_session-2.4.6-40.el7_2.4.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-40.el7_2.4.ppc64le.rpm mod_ldap-2.4.6-40.el7_2.4.ppc64le.rpm mod_proxy_html-2.4.6-40.el7_2.4.ppc64le.rpm mod_session-2.4.6-40.el7_2.4.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-40.el7_2.4.s390x.rpm mod_ldap-2.4.6-40.el7_2.4.s390x.rpm mod_proxy_html-2.4.6-40.el7_2.4.s390x.rpm mod_session-2.4.6-40.el7_2.4.s390x.rpm x86_64: httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/httpoxy https://access.redhat.com/solutions/2435501 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXjQl5XlSAg2UNWIIRAog3AJ4kSRr4UhlDqzVRUErGk5a6gH0fSgCgsWe5 aKj6hUMU0+4M7qT61Qr95pE= =UZcq -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 18 17:32:19 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jul 2016 17:32:19 +0000 Subject: [RHSA-2016:1421-01] Important: httpd security update Message-ID: <201607181732.u6IHWJsj008282@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2016:1421-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1421 Issue date: 2016-07-18 CVE Names: CVE-2016-5387 ===================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: httpd-2.2.3-92.el5_11.src.rpm i386: httpd-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.i386.rpm mod_ssl-2.2.3-92.el5_11.i386.rpm x86_64: httpd-2.2.3-92.el5_11.x86_64.rpm httpd-debuginfo-2.2.3-92.el5_11.x86_64.rpm mod_ssl-2.2.3-92.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: httpd-2.2.3-92.el5_11.src.rpm i386: httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-manual-2.2.3-92.el5_11.i386.rpm x86_64: httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.x86_64.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.x86_64.rpm httpd-manual-2.2.3-92.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: httpd-2.2.3-92.el5_11.src.rpm i386: httpd-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-manual-2.2.3-92.el5_11.i386.rpm mod_ssl-2.2.3-92.el5_11.i386.rpm ia64: httpd-2.2.3-92.el5_11.ia64.rpm httpd-debuginfo-2.2.3-92.el5_11.ia64.rpm httpd-devel-2.2.3-92.el5_11.ia64.rpm httpd-manual-2.2.3-92.el5_11.ia64.rpm mod_ssl-2.2.3-92.el5_11.ia64.rpm ppc: httpd-2.2.3-92.el5_11.ppc.rpm httpd-debuginfo-2.2.3-92.el5_11.ppc.rpm httpd-debuginfo-2.2.3-92.el5_11.ppc64.rpm httpd-devel-2.2.3-92.el5_11.ppc.rpm httpd-devel-2.2.3-92.el5_11.ppc64.rpm httpd-manual-2.2.3-92.el5_11.ppc.rpm mod_ssl-2.2.3-92.el5_11.ppc.rpm s390x: httpd-2.2.3-92.el5_11.s390x.rpm httpd-debuginfo-2.2.3-92.el5_11.s390.rpm httpd-debuginfo-2.2.3-92.el5_11.s390x.rpm httpd-devel-2.2.3-92.el5_11.s390.rpm httpd-devel-2.2.3-92.el5_11.s390x.rpm httpd-manual-2.2.3-92.el5_11.s390x.rpm mod_ssl-2.2.3-92.el5_11.s390x.rpm x86_64: httpd-2.2.3-92.el5_11.x86_64.rpm httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.x86_64.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.x86_64.rpm httpd-manual-2.2.3-92.el5_11.x86_64.rpm mod_ssl-2.2.3-92.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: httpd-2.2.15-54.el6_8.src.rpm i386: httpd-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-tools-2.2.15-54.el6_8.i686.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm mod_ssl-2.2.15-54.el6_8.i686.rpm noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm x86_64: httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: httpd-2.2.15-54.el6_8.src.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm x86_64: httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: httpd-2.2.15-54.el6_8.src.rpm i386: httpd-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-tools-2.2.15-54.el6_8.i686.rpm mod_ssl-2.2.15-54.el6_8.i686.rpm noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm ppc64: httpd-2.2.15-54.el6_8.ppc64.rpm httpd-debuginfo-2.2.15-54.el6_8.ppc.rpm httpd-debuginfo-2.2.15-54.el6_8.ppc64.rpm httpd-devel-2.2.15-54.el6_8.ppc.rpm httpd-devel-2.2.15-54.el6_8.ppc64.rpm httpd-tools-2.2.15-54.el6_8.ppc64.rpm mod_ssl-2.2.15-54.el6_8.ppc64.rpm s390x: httpd-2.2.15-54.el6_8.s390x.rpm httpd-debuginfo-2.2.15-54.el6_8.s390.rpm httpd-debuginfo-2.2.15-54.el6_8.s390x.rpm httpd-devel-2.2.15-54.el6_8.s390.rpm httpd-devel-2.2.15-54.el6_8.s390x.rpm httpd-tools-2.2.15-54.el6_8.s390x.rpm mod_ssl-2.2.15-54.el6_8.s390x.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: httpd-2.2.15-54.el6_8.src.rpm i386: httpd-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-tools-2.2.15-54.el6_8.i686.rpm mod_ssl-2.2.15-54.el6_8.i686.rpm noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/httpoxy https://access.redhat.com/solutions/2435501 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXjRKWXlSAg2UNWIIRAuYFAKCbMane2A8RGeMttlhWN5oOqEalVACfcpO0 mucqLyROq2uEzvYACbvy2Pg= =6fzs -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 20 12:17:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jul 2016 12:17:27 +0000 Subject: [RHSA-2016:1458-01] Critical: java-1.8.0-openjdk security update Message-ID: <201607201217.u6KCHRUY023807@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: RHSA-2016:1458-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1458 Issue date: 2016-07-20 CVE Names: CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356963 - CVE-2016-3606 OpenJDK: insufficient bytecode verification (Hotspot, 8155981) 1356971 - CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) 1356987 - CVE-2016-3587 OpenJDK: insufficient protection of MethodHandle.invokeBasic() (Hotspot, 8154475) 1356994 - CVE-2016-3610 OpenJDK: insufficient value count check in MethodHandles.filterReturnValue() (Libraries, 8158571) 1357008 - CVE-2016-3500 OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872) 1357015 - CVE-2016-3508 OpenJDK: missing entity replacement limits (JAXP, 8149962) 1357494 - CVE-2016-3458 OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718) 1357506 - CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el7_2.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el7_2.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el7_2.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el7_2.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.101-3.b13.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el7_2.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.101-3.b13.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el7_2.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.101-3.b13.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el7_2.s390x.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.101-3.b13.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.101-3.b13.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.101-3.b13.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3458 https://access.redhat.com/security/cve/CVE-2016-3500 https://access.redhat.com/security/cve/CVE-2016-3508 https://access.redhat.com/security/cve/CVE-2016-3550 https://access.redhat.com/security/cve/CVE-2016-3587 https://access.redhat.com/security/cve/CVE-2016-3598 https://access.redhat.com/security/cve/CVE-2016-3606 https://access.redhat.com/security/cve/CVE-2016-3610 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXj2urXlSAg2UNWIIRAiWYAKCzXvQijZKQ3D6XWB/DxGbb0Y1UuQCfdg9i uvaANDNfeTSm8bDMMEcUroQ= =1qpu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 00:32:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2016 00:32:40 +0000 Subject: [RHSA-2016:1473-01] Low: openstack-neutron security and bug fix update Message-ID: <201607210032.u6L0We1D026141@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-neutron security and bug fix update Advisory ID: RHSA-2016:1473-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2016:1473 Issue date: 2016-07-20 CVE Names: CVE-2015-8914 CVE-2016-5362 CVE-2016-5363 ===================================================================== 1. Summary: An update for openstack-neutron is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix(es): * Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests. (CVE-2015-8914, CVE-2016-5362, CVE-2016-5363) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1330778 - Deadlock occurs when we turn on syslog and forking a process 1345889 - CVE-2016-5362 openstack-neutron: DHCP spoofing vulnerability 1345891 - CVE-2016-5363 openstack-neutron: MAC source address spoofing vulnerability 1345892 - CVE-2015-8914 openstack-neutron: ICMPv6 source address spoofing vulnerability 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: openstack-neutron-7.0.4-11.el7ost.src.rpm noarch: openstack-neutron-7.0.4-11.el7ost.noarch.rpm openstack-neutron-bigswitch-7.0.4-11.el7ost.noarch.rpm openstack-neutron-brocade-7.0.4-11.el7ost.noarch.rpm openstack-neutron-cisco-7.0.4-11.el7ost.noarch.rpm openstack-neutron-common-7.0.4-11.el7ost.noarch.rpm openstack-neutron-dev-server-7.0.4-11.el7ost.noarch.rpm openstack-neutron-embrane-7.0.4-11.el7ost.noarch.rpm openstack-neutron-linuxbridge-7.0.4-11.el7ost.noarch.rpm openstack-neutron-mellanox-7.0.4-11.el7ost.noarch.rpm openstack-neutron-metering-agent-7.0.4-11.el7ost.noarch.rpm openstack-neutron-midonet-7.0.4-11.el7ost.noarch.rpm openstack-neutron-ml2-7.0.4-11.el7ost.noarch.rpm openstack-neutron-nuage-7.0.4-11.el7ost.noarch.rpm openstack-neutron-ofagent-7.0.4-11.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-7.0.4-11.el7ost.noarch.rpm openstack-neutron-opencontrail-7.0.4-11.el7ost.noarch.rpm openstack-neutron-openvswitch-7.0.4-11.el7ost.noarch.rpm openstack-neutron-ovsvapp-7.0.4-11.el7ost.noarch.rpm openstack-neutron-rpc-server-7.0.4-11.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-7.0.4-11.el7ost.noarch.rpm python-neutron-7.0.4-11.el7ost.noarch.rpm python-neutron-tests-7.0.4-11.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8914 https://access.redhat.com/security/cve/CVE-2016-5362 https://access.redhat.com/security/cve/CVE-2016-5363 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXkBfnXlSAg2UNWIIRAlLkAKCTpZqN9ExjGvvYKpYNJnmJznYZ1gCgnDwi y2KBYGlObR4QTSFd7c6J4Ik= =qcUJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 00:34:21 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2016 00:34:21 +0000 Subject: [RHSA-2016:1474-01] Low: openstack-neutron security, bug fix, and enhancement update Message-ID: <201607210034.u6L0YLNv015060@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-neutron security, bug fix, and enhancement update Advisory ID: RHSA-2016:1474-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2016:1474 Issue date: 2016-07-20 CVE Names: CVE-2015-8914 CVE-2016-5362 CVE-2016-5363 ===================================================================== 1. Summary: An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. The following packages have been upgraded to a newer upstream version: openstack-neutron Security Fix(es): * Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests. (CVE-2015-8914, CVE-2016-5362, CVE-2016-5363) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1311864 - Neutron L3 Agent shows duplicate ports 1345889 - CVE-2016-5362 openstack-neutron: DHCP spoofing vulnerability 1345891 - CVE-2016-5363 openstack-neutron: MAC source address spoofing vulnerability 1345892 - CVE-2015-8914 openstack-neutron: ICMPv6 source address spoofing vulnerability 1347428 - neutron-meter-agent - makes traffic between internal networks NATed 1350400 - Rebase openstack-neutron to 2015.1.4 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: openstack-neutron-2015.1.4-2.el7ost.src.rpm noarch: openstack-neutron-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-bigswitch-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-brocade-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-cisco-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-common-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-embrane-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-ibm-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-linuxbridge-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-mellanox-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-metaplugin-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-metering-agent-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-midonet-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-ml2-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-nec-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-nuage-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-ofagent-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-opencontrail-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-openvswitch-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-ovsvapp-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-plumgrid-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-2015.1.4-2.el7ost.noarch.rpm openstack-neutron-vmware-2015.1.4-2.el7ost.noarch.rpm python-neutron-2015.1.4-2.el7ost.noarch.rpm python-neutron-tests-2015.1.4-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8914 https://access.redhat.com/security/cve/CVE-2016-5362 https://access.redhat.com/security/cve/CVE-2016-5363 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXkBg5XlSAg2UNWIIRAq/gAJ9T5I7X+hD08u8CdAPArBMYg1cykACfZRdB XFm5cqHHPC4R7TcwtCdR+dg= =J2xH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 11:12:30 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2016 11:12:30 +0000 Subject: [RHSA-2016:1475-01] Critical: java-1.8.0-oracle security update Message-ID: <201607211112.u6LBCVXQ019259@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2016:1475-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1475 Issue date: 2016-07-21 CVE Names: CVE-2016-3458 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 ===================================================================== 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 101. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356963 - CVE-2016-3606 OpenJDK: insufficient bytecode verification (Hotspot, 8155981) 1356971 - CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) 1356987 - CVE-2016-3587 OpenJDK: insufficient protection of MethodHandle.invokeBasic() (Hotspot, 8154475) 1356994 - CVE-2016-3610 OpenJDK: insufficient value count check in MethodHandles.filterReturnValue() (Libraries, 8158571) 1357008 - CVE-2016-3500 OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872) 1357015 - CVE-2016-3508 OpenJDK: missing entity replacement limits (JAXP, 8149962) 1357494 - CVE-2016-3458 OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718) 1357506 - CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479) 1358167 - CVE-2016-3552 Oracle JDK: unspecified vulnerability fixed in 8u101 (Install) 1358168 - CVE-2016-3511 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment) 1358169 - CVE-2016-3503 Oracle JDK: unspecified vulnerability fixed in 6u121, 7u111, and 8u101 (Install) 1358170 - CVE-2016-3498 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (JavaFX) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.8.0-oracle-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.8.0-oracle-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.8.0-oracle-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.8.0-oracle-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3458 https://access.redhat.com/security/cve/CVE-2016-3498 https://access.redhat.com/security/cve/CVE-2016-3500 https://access.redhat.com/security/cve/CVE-2016-3503 https://access.redhat.com/security/cve/CVE-2016-3508 https://access.redhat.com/security/cve/CVE-2016-3511 https://access.redhat.com/security/cve/CVE-2016-3550 https://access.redhat.com/security/cve/CVE-2016-3552 https://access.redhat.com/security/cve/CVE-2016-3587 https://access.redhat.com/security/cve/CVE-2016-3598 https://access.redhat.com/security/cve/CVE-2016-3606 https://access.redhat.com/security/cve/CVE-2016-3610 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA http://www.oracle.com/technetwork/java/javase/8u101-relnotes-3021761.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXkK4GXlSAg2UNWIIRAjW/AJ4vdJMUnCkxHSC9LBYRow2ALH+rrQCgs2j7 atpElY7EnandcSmSGsC6/mY= =k7lx -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 11:13:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2016 11:13:27 +0000 Subject: [RHSA-2016:1476-01] Critical: java-1.7.0-oracle security update Message-ID: <201607211113.u6LBDS6h028574@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2016:1476-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1476 Issue date: 2016-07-21 CVE Names: CVE-2016-3458 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3606 ===================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 111. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3606) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356963 - CVE-2016-3606 OpenJDK: insufficient bytecode verification (Hotspot, 8155981) 1357008 - CVE-2016-3500 OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872) 1357015 - CVE-2016-3508 OpenJDK: missing entity replacement limits (JAXP, 8149962) 1357494 - CVE-2016-3458 OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718) 1357506 - CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479) 1358168 - CVE-2016-3511 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment) 1358169 - CVE-2016-3503 Oracle JDK: unspecified vulnerability fixed in 6u121, 7u111, and 8u101 (Install) 1358170 - CVE-2016-3498 Oracle JDK: unspecified vulnerability fixed in 7u111 and 8u101 (JavaFX) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.7.0-oracle-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.7.0-oracle-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.111-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.111-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3458 https://access.redhat.com/security/cve/CVE-2016-3498 https://access.redhat.com/security/cve/CVE-2016-3500 https://access.redhat.com/security/cve/CVE-2016-3503 https://access.redhat.com/security/cve/CVE-2016-3508 https://access.redhat.com/security/cve/CVE-2016-3511 https://access.redhat.com/security/cve/CVE-2016-3550 https://access.redhat.com/security/cve/CVE-2016-3606 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_111 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXkK4zXlSAg2UNWIIRAi7mAJ9IimFvQwoSeCiVNuIF12MwjgmMdgCgsA9w r7hurGFHsKetnJBc/g011f8= =agOj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 11:14:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2016 11:14:17 +0000 Subject: [RHSA-2016:1477-01] Moderate: java-1.6.0-sun security update Message-ID: <201607211114.u6LBEHlw014078@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.6.0-sun security update Advisory ID: RHSA-2016:1477-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1477 Issue date: 2016-07-21 CVE Names: CVE-2016-3458 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3550 ===================================================================== 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 121. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3550) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1357008 - CVE-2016-3500 OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872) 1357015 - CVE-2016-3508 OpenJDK: missing entity replacement limits (JAXP, 8149962) 1357494 - CVE-2016-3458 OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718) 1357506 - CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479) 1358169 - CVE-2016-3503 Oracle JDK: unspecified vulnerability fixed in 6u121, 7u111, and 8u101 (Install) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.6.0-sun-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.121-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.121-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3458 https://access.redhat.com/security/cve/CVE-2016-3500 https://access.redhat.com/security/cve/CVE-2016-3503 https://access.redhat.com/security/cve/CVE-2016-3508 https://access.redhat.com/security/cve/CVE-2016-3550 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_121 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFXkK5uXlSAg2UNWIIRAhgwAJjv23OUWDG9tMx+qcxzCBvazFegAKCroGio QcFd/mAziXDi8D0ttaQ0AQ== =YztN -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 25 09:11:56 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Jul 2016 09:11:56 +0000 Subject: [RHSA-2016:1480-01] Important: mysql55-mysql security update Message-ID: <201607250911.u6P9Bvke009183@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql55-mysql security update Advisory ID: RHSA-2016:1480-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1480.html Issue date: 2016-07-25 CVE Names: CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0666 CVE-2016-2047 CVE-2016-3452 CVE-2016-3471 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5444 ===================================================================== 1. Summary: An update for mysql55-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql (5.5.50). Security Fix(es): * This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0666, CVE-2016-2047, CVE-2016-3452, CVE-2016-3471, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1274752 - CVE-2015-4792 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274756 - CVE-2015-4802 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274759 - CVE-2015-4815 mysql: unspecified vulnerability related to Server:DDL (CPU October 2015) 1274766 - CVE-2015-4826 mysql: unspecified vulnerability related to Server:Types (CPU October 2015) 1274767 - CVE-2015-4830 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015) 1274771 - CVE-2015-4836 mysql: unspecified vulnerability related to Server:SP (CPU October 2015) 1274773 - CVE-2015-4858 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274776 - CVE-2015-4861 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274781 - CVE-2015-4870 mysql: unspecified vulnerability related to Server:Parser (CPU October 2015) 1274794 - CVE-2015-4913 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1301492 - CVE-2016-0505 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU January 2016) 1301493 - CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016) 1301496 - CVE-2016-0596 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301497 - CVE-2016-0597 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301498 - CVE-2016-0598 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301501 - CVE-2016-0600 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016) 1301504 - CVE-2016-0606 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016) 1301506 - CVE-2016-0608 mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016) 1301507 - CVE-2016-0609 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU January 2016) 1301510 - CVE-2016-0616 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301874 - CVE-2016-2047 mysql: ssl-validate-cert incorrect hostname check 1329239 - CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329241 - CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016) 1329243 - CVE-2016-0642 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016) 1329245 - CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329247 - CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016) 1329248 - CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329249 - CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016) 1329251 - CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329252 - CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329253 - CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016) 1329254 - CVE-2016-0651 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU April 2016) 1329270 - CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016) 1358201 - CVE-2016-3452 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016) 1358203 - CVE-2016-3471 mysql: unspecified vulnerability in subcomponent: Server: Option (CPU July 2016) 1358205 - CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) 1358209 - CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) 1358212 - CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) 1358218 - CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) 1358223 - CVE-2016-5444 mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: mysql55-mysql-5.5.50-1.el6.src.rpm x86_64: mysql55-mysql-5.5.50-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el6.x86_64.rpm mysql55-mysql-server-5.5.50-1.el6.x86_64.rpm mysql55-mysql-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mysql55-mysql-5.5.50-1.el6.src.rpm x86_64: mysql55-mysql-5.5.50-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el6.x86_64.rpm mysql55-mysql-server-5.5.50-1.el6.x86_64.rpm mysql55-mysql-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: mysql55-mysql-5.5.50-1.el6.src.rpm x86_64: mysql55-mysql-5.5.50-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el6.x86_64.rpm mysql55-mysql-server-5.5.50-1.el6.x86_64.rpm mysql55-mysql-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: mysql55-mysql-5.5.50-1.el6.src.rpm x86_64: mysql55-mysql-5.5.50-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el6.x86_64.rpm mysql55-mysql-server-5.5.50-1.el6.x86_64.rpm mysql55-mysql-test-5.5.50-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: mysql55-mysql-5.5.50-1.el7.src.rpm x86_64: mysql55-mysql-5.5.50-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el7.x86_64.rpm mysql55-mysql-server-5.5.50-1.el7.x86_64.rpm mysql55-mysql-test-5.5.50-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: mysql55-mysql-5.5.50-1.el7.src.rpm x86_64: mysql55-mysql-5.5.50-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el7.x86_64.rpm mysql55-mysql-server-5.5.50-1.el7.x86_64.rpm mysql55-mysql-test-5.5.50-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: mysql55-mysql-5.5.50-1.el7.src.rpm x86_64: mysql55-mysql-5.5.50-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el7.x86_64.rpm mysql55-mysql-server-5.5.50-1.el7.x86_64.rpm mysql55-mysql-test-5.5.50-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: mysql55-mysql-5.5.50-1.el7.src.rpm x86_64: mysql55-mysql-5.5.50-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.50-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.50-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.50-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.50-1.el7.x86_64.rpm mysql55-mysql-server-5.5.50-1.el7.x86_64.rpm mysql55-mysql-test-5.5.50-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4792 https://access.redhat.com/security/cve/CVE-2015-4802 https://access.redhat.com/security/cve/CVE-2015-4815 https://access.redhat.com/security/cve/CVE-2015-4826 https://access.redhat.com/security/cve/CVE-2015-4830 https://access.redhat.com/security/cve/CVE-2015-4836 https://access.redhat.com/security/cve/CVE-2015-4858 https://access.redhat.com/security/cve/CVE-2015-4861 https://access.redhat.com/security/cve/CVE-2015-4870 https://access.redhat.com/security/cve/CVE-2015-4913 https://access.redhat.com/security/cve/CVE-2016-0505 https://access.redhat.com/security/cve/CVE-2016-0546 https://access.redhat.com/security/cve/CVE-2016-0596 https://access.redhat.com/security/cve/CVE-2016-0597 https://access.redhat.com/security/cve/CVE-2016-0598 https://access.redhat.com/security/cve/CVE-2016-0600 https://access.redhat.com/security/cve/CVE-2016-0606 https://access.redhat.com/security/cve/CVE-2016-0608 https://access.redhat.com/security/cve/CVE-2016-0609 https://access.redhat.com/security/cve/CVE-2016-0616 https://access.redhat.com/security/cve/CVE-2016-0640 https://access.redhat.com/security/cve/CVE-2016-0641 https://access.redhat.com/security/cve/CVE-2016-0642 https://access.redhat.com/security/cve/CVE-2016-0643 https://access.redhat.com/security/cve/CVE-2016-0644 https://access.redhat.com/security/cve/CVE-2016-0646 https://access.redhat.com/security/cve/CVE-2016-0647 https://access.redhat.com/security/cve/CVE-2016-0648 https://access.redhat.com/security/cve/CVE-2016-0649 https://access.redhat.com/security/cve/CVE-2016-0650 https://access.redhat.com/security/cve/CVE-2016-0651 https://access.redhat.com/security/cve/CVE-2016-0666 https://access.redhat.com/security/cve/CVE-2016-2047 https://access.redhat.com/security/cve/CVE-2016-3452 https://access.redhat.com/security/cve/CVE-2016-3471 https://access.redhat.com/security/cve/CVE-2016-3477 https://access.redhat.com/security/cve/CVE-2016-3521 https://access.redhat.com/security/cve/CVE-2016-3615 https://access.redhat.com/security/cve/CVE-2016-5440 https://access.redhat.com/security/cve/CVE-2016-5444 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXldXlXlSAg2UNWIIRAkJ4AJ0bP0tGYsDHtfMVokekaUz6j3M1xgCfd4Cj 5cGIM0LEN9PAfI6wHwWQD2Y= =/zx2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 25 09:12:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Jul 2016 09:12:32 +0000 Subject: [RHSA-2016:1481-01] Moderate: mariadb55-mariadb security update Message-ID: <201607250912.u6P9CW5M009569@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb55-mariadb security update Advisory ID: RHSA-2016:1481-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1481.html Issue date: 2016-07-25 CVE Names: CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0666 CVE-2016-2047 CVE-2016-3452 CVE-2016-3471 CVE-2016-5444 ===================================================================== 1. Summary: An update for mariadb55-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb (5.5.49). Security Fix(es): * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0666, CVE-2016-3452, CVE-2016-3471, CVE-2016-5444) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1274752 - CVE-2015-4792 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274756 - CVE-2015-4802 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274759 - CVE-2015-4815 mysql: unspecified vulnerability related to Server:DDL (CPU October 2015) 1274761 - CVE-2015-4816 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274764 - CVE-2015-4819 mysql: unspecified vulnerability related to Client programs (CPU October 2015) 1274766 - CVE-2015-4826 mysql: unspecified vulnerability related to Server:Types (CPU October 2015) 1274767 - CVE-2015-4830 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015) 1274771 - CVE-2015-4836 mysql: unspecified vulnerability related to Server:SP (CPU October 2015) 1274773 - CVE-2015-4858 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274776 - CVE-2015-4861 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274781 - CVE-2015-4870 mysql: unspecified vulnerability related to Server:Parser (CPU October 2015) 1274783 - CVE-2015-4879 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274794 - CVE-2015-4913 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1301492 - CVE-2016-0505 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU January 2016) 1301493 - CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016) 1301496 - CVE-2016-0596 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301497 - CVE-2016-0597 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301498 - CVE-2016-0598 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301501 - CVE-2016-0600 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016) 1301504 - CVE-2016-0606 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016) 1301506 - CVE-2016-0608 mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016) 1301507 - CVE-2016-0609 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU January 2016) 1301510 - CVE-2016-0616 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301874 - CVE-2016-2047 mysql: ssl-validate-cert incorrect hostname check 1329239 - CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329241 - CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016) 1329243 - CVE-2016-0642 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016) 1329245 - CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329247 - CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016) 1329248 - CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329249 - CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016) 1329251 - CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329252 - CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329253 - CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016) 1329254 - CVE-2016-0651 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU April 2016) 1329270 - CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016) 1358201 - CVE-2016-3452 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016) 1358203 - CVE-2016-3471 mysql: unspecified vulnerability in subcomponent: Server: Option (CPU July 2016) 1358223 - CVE-2016-5444 mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: mariadb55-mariadb-5.5.49-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mariadb55-mariadb-5.5.49-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: mariadb55-mariadb-5.5.49-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: mariadb55-mariadb-5.5.49-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: mariadb55-mariadb-5.5.49-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: mariadb55-mariadb-5.5.49-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: mariadb55-mariadb-5.5.49-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb55-mariadb-5.5.49-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.49-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.49-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4792 https://access.redhat.com/security/cve/CVE-2015-4802 https://access.redhat.com/security/cve/CVE-2015-4815 https://access.redhat.com/security/cve/CVE-2015-4816 https://access.redhat.com/security/cve/CVE-2015-4819 https://access.redhat.com/security/cve/CVE-2015-4826 https://access.redhat.com/security/cve/CVE-2015-4830 https://access.redhat.com/security/cve/CVE-2015-4836 https://access.redhat.com/security/cve/CVE-2015-4858 https://access.redhat.com/security/cve/CVE-2015-4861 https://access.redhat.com/security/cve/CVE-2015-4870 https://access.redhat.com/security/cve/CVE-2015-4879 https://access.redhat.com/security/cve/CVE-2015-4913 https://access.redhat.com/security/cve/CVE-2016-0505 https://access.redhat.com/security/cve/CVE-2016-0546 https://access.redhat.com/security/cve/CVE-2016-0596 https://access.redhat.com/security/cve/CVE-2016-0597 https://access.redhat.com/security/cve/CVE-2016-0598 https://access.redhat.com/security/cve/CVE-2016-0600 https://access.redhat.com/security/cve/CVE-2016-0606 https://access.redhat.com/security/cve/CVE-2016-0608 https://access.redhat.com/security/cve/CVE-2016-0609 https://access.redhat.com/security/cve/CVE-2016-0616 https://access.redhat.com/security/cve/CVE-2016-0640 https://access.redhat.com/security/cve/CVE-2016-0641 https://access.redhat.com/security/cve/CVE-2016-0642 https://access.redhat.com/security/cve/CVE-2016-0643 https://access.redhat.com/security/cve/CVE-2016-0644 https://access.redhat.com/security/cve/CVE-2016-0646 https://access.redhat.com/security/cve/CVE-2016-0647 https://access.redhat.com/security/cve/CVE-2016-0648 https://access.redhat.com/security/cve/CVE-2016-0649 https://access.redhat.com/security/cve/CVE-2016-0650 https://access.redhat.com/security/cve/CVE-2016-0651 https://access.redhat.com/security/cve/CVE-2016-0666 https://access.redhat.com/security/cve/CVE-2016-2047 https://access.redhat.com/security/cve/CVE-2016-3452 https://access.redhat.com/security/cve/CVE-2016-3471 https://access.redhat.com/security/cve/CVE-2016-5444 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5545-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXldfvXlSAg2UNWIIRAnFQAJ4/xBm4yDsH9PfR5scbjRyGCHW3wACfRiqP nzXoZGdTSXmmasSr2IAYBv0= =QzIH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 26 07:26:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Jul 2016 07:26:10 +0000 Subject: [RHSA-2016:1485-01] Important: chromium-browser security update Message-ID: <201607260726.u6Q7QBE3029809@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:1485-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1485.html Issue date: 2016-07-26 CVE Names: CVE-2016-1705 CVE-2016-1706 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 52.0.2743.82. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1705) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1358630 - CVE-2016-1706 chromium-browser: sandbox escape in ppapi 1358632 - CVE-2016-1708 chromium-browser: use-after-free in extensions 1358633 - CVE-2016-1709 chromium-browser: heap-buffer-overflow in sfntly 1358634 - CVE-2016-1710 chromium-browser: same-origin bypass in blink 1358636 - CVE-2016-1711 chromium-browser: same-origin bypass in blink 1358637 - CVE-2016-5127 chromium-browser: use-after-free in blink 1358638 - CVE-2016-5128 chromium-browser: same-origin bypass in v8 1358639 - CVE-2016-5129 chromium-browser: memory corruption in v8 1358640 - CVE-2016-5130 chromium-browser: url spoofing 1358641 - CVE-2016-5131 chromium-browser: use-after-free in libxml 1358642 - CVE-2016-5132 chromium-browser: limited same-origin bypass in service workers 1358643 - CVE-2016-5133 chromium-browser: origin confusion in proxy authentication 1358645 - CVE-2016-5134 chromium-browser: url leakage via pac script 1358646 - CVE-2016-5135 chromium-browser: content-security-policy bypass 1358647 - CVE-2016-5136 chromium-browser: use after free in extensions 1358648 - CVE-2016-5137 chromium-browser: history sniffing with hsts and csp 1358649 - CVE-2016-1705 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-52.0.2743.82-1.el6.i686.rpm chromium-browser-debuginfo-52.0.2743.82-1.el6.i686.rpm x86_64: chromium-browser-52.0.2743.82-1.el6.x86_64.rpm chromium-browser-debuginfo-52.0.2743.82-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-52.0.2743.82-1.el6.i686.rpm chromium-browser-debuginfo-52.0.2743.82-1.el6.i686.rpm x86_64: chromium-browser-52.0.2743.82-1.el6.x86_64.rpm chromium-browser-debuginfo-52.0.2743.82-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-52.0.2743.82-1.el6.i686.rpm chromium-browser-debuginfo-52.0.2743.82-1.el6.i686.rpm x86_64: chromium-browser-52.0.2743.82-1.el6.x86_64.rpm chromium-browser-debuginfo-52.0.2743.82-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1705 https://access.redhat.com/security/cve/CVE-2016-1706 https://access.redhat.com/security/cve/CVE-2016-1708 https://access.redhat.com/security/cve/CVE-2016-1709 https://access.redhat.com/security/cve/CVE-2016-1710 https://access.redhat.com/security/cve/CVE-2016-1711 https://access.redhat.com/security/cve/CVE-2016-5127 https://access.redhat.com/security/cve/CVE-2016-5128 https://access.redhat.com/security/cve/CVE-2016-5129 https://access.redhat.com/security/cve/CVE-2016-5130 https://access.redhat.com/security/cve/CVE-2016-5131 https://access.redhat.com/security/cve/CVE-2016-5132 https://access.redhat.com/security/cve/CVE-2016-5133 https://access.redhat.com/security/cve/CVE-2016-5134 https://access.redhat.com/security/cve/CVE-2016-5135 https://access.redhat.com/security/cve/CVE-2016-5136 https://access.redhat.com/security/cve/CVE-2016-5137 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXlw9EXlSAg2UNWIIRAmFPAJ95cSuFWs85Rij0mkzmnycHXDcB7QCgp9/A 3gz8MeLuFVxqv1GOIN/1kqU= =lzZh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 26 07:29:46 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Jul 2016 07:29:46 +0000 Subject: [RHSA-2016:1486-01] Moderate: samba security and bug fix update Message-ID: <201607260729.u6Q7Tk1p001971@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security and bug fix update Advisory ID: RHSA-2016:1486-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1486.html Issue date: 2016-07-26 CVE Names: CVE-2016-2119 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter. Bug Fix(es): * Previously, the "net" command in some cases failed to join the client to Active Directory (AD) because the permissions setting prevented modification of the supported Kerberos encryption type LDAP attribute. With this update, Samba has been fixed to allow joining an AD domain as a user. In addition, Samba now uses the machine account credentials to set up the Kerberos encryption types within AD for the joined machine. As a result, using "net" to join a domain now works more reliably. (BZ#1351260) * Previously, the idmap_hash module worked incorrectly when it was used together with other modules. As a consequence, user and group IDs were not mapped properly. A patch has been applied to skip already configured modules. Now, the hash module can be used as the default idmap configuration back end and IDs are resolved correctly. (BZ#1350759) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1350759 - idmap_hash module works incorrectly when used with other backend modules 1351260 - net ads join throws "Failed to join domain: failed to set machine kerberos encryption types: Insufficient access" 1351955 - CVE-2016-2119 samba: Client side SMB2/3 required signing can be downgraded 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.2.10-7.el7_2.src.rpm noarch: samba-common-4.2.10-7.el7_2.noarch.rpm x86_64: libsmbclient-4.2.10-7.el7_2.i686.rpm libsmbclient-4.2.10-7.el7_2.x86_64.rpm libwbclient-4.2.10-7.el7_2.i686.rpm libwbclient-4.2.10-7.el7_2.x86_64.rpm samba-client-4.2.10-7.el7_2.x86_64.rpm samba-client-libs-4.2.10-7.el7_2.i686.rpm samba-client-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-tools-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-libs-4.2.10-7.el7_2.i686.rpm samba-libs-4.2.10-7.el7_2.x86_64.rpm samba-winbind-4.2.10-7.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-7.el7_2.i686.rpm samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: samba-pidl-4.2.10-7.el7_2.noarch.rpm x86_64: libsmbclient-devel-4.2.10-7.el7_2.i686.rpm libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpm libwbclient-devel-4.2.10-7.el7_2.i686.rpm libwbclient-devel-4.2.10-7.el7_2.x86_64.rpm samba-4.2.10-7.el7_2.x86_64.rpm samba-dc-4.2.10-7.el7_2.x86_64.rpm samba-dc-libs-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-devel-4.2.10-7.el7_2.i686.rpm samba-devel-4.2.10-7.el7_2.x86_64.rpm samba-python-4.2.10-7.el7_2.x86_64.rpm samba-test-4.2.10-7.el7_2.x86_64.rpm samba-test-devel-4.2.10-7.el7_2.x86_64.rpm samba-test-libs-4.2.10-7.el7_2.i686.rpm samba-test-libs-4.2.10-7.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: samba-4.2.10-7.el7_2.src.rpm noarch: samba-common-4.2.10-7.el7_2.noarch.rpm x86_64: libsmbclient-4.2.10-7.el7_2.i686.rpm libsmbclient-4.2.10-7.el7_2.x86_64.rpm libwbclient-4.2.10-7.el7_2.i686.rpm libwbclient-4.2.10-7.el7_2.x86_64.rpm samba-client-4.2.10-7.el7_2.x86_64.rpm samba-client-libs-4.2.10-7.el7_2.i686.rpm samba-client-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-tools-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-libs-4.2.10-7.el7_2.i686.rpm samba-libs-4.2.10-7.el7_2.x86_64.rpm samba-winbind-4.2.10-7.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-7.el7_2.i686.rpm samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: samba-pidl-4.2.10-7.el7_2.noarch.rpm x86_64: libsmbclient-devel-4.2.10-7.el7_2.i686.rpm libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpm libwbclient-devel-4.2.10-7.el7_2.i686.rpm libwbclient-devel-4.2.10-7.el7_2.x86_64.rpm samba-4.2.10-7.el7_2.x86_64.rpm samba-dc-4.2.10-7.el7_2.x86_64.rpm samba-dc-libs-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-devel-4.2.10-7.el7_2.i686.rpm samba-devel-4.2.10-7.el7_2.x86_64.rpm samba-python-4.2.10-7.el7_2.x86_64.rpm samba-test-4.2.10-7.el7_2.x86_64.rpm samba-test-devel-4.2.10-7.el7_2.x86_64.rpm samba-test-libs-4.2.10-7.el7_2.i686.rpm samba-test-libs-4.2.10-7.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: samba-4.2.10-7.el7_2.src.rpm noarch: samba-common-4.2.10-7.el7_2.noarch.rpm ppc64: libsmbclient-4.2.10-7.el7_2.ppc.rpm libsmbclient-4.2.10-7.el7_2.ppc64.rpm libwbclient-4.2.10-7.el7_2.ppc.rpm libwbclient-4.2.10-7.el7_2.ppc64.rpm samba-4.2.10-7.el7_2.ppc64.rpm samba-client-4.2.10-7.el7_2.ppc64.rpm samba-client-libs-4.2.10-7.el7_2.ppc.rpm samba-client-libs-4.2.10-7.el7_2.ppc64.rpm samba-common-libs-4.2.10-7.el7_2.ppc64.rpm samba-common-tools-4.2.10-7.el7_2.ppc64.rpm samba-debuginfo-4.2.10-7.el7_2.ppc.rpm samba-debuginfo-4.2.10-7.el7_2.ppc64.rpm samba-libs-4.2.10-7.el7_2.ppc.rpm samba-libs-4.2.10-7.el7_2.ppc64.rpm samba-winbind-4.2.10-7.el7_2.ppc64.rpm samba-winbind-clients-4.2.10-7.el7_2.ppc64.rpm samba-winbind-modules-4.2.10-7.el7_2.ppc.rpm samba-winbind-modules-4.2.10-7.el7_2.ppc64.rpm ppc64le: libsmbclient-4.2.10-7.el7_2.ppc64le.rpm libwbclient-4.2.10-7.el7_2.ppc64le.rpm samba-4.2.10-7.el7_2.ppc64le.rpm samba-client-4.2.10-7.el7_2.ppc64le.rpm samba-client-libs-4.2.10-7.el7_2.ppc64le.rpm samba-common-libs-4.2.10-7.el7_2.ppc64le.rpm samba-common-tools-4.2.10-7.el7_2.ppc64le.rpm samba-debuginfo-4.2.10-7.el7_2.ppc64le.rpm samba-libs-4.2.10-7.el7_2.ppc64le.rpm samba-winbind-4.2.10-7.el7_2.ppc64le.rpm samba-winbind-clients-4.2.10-7.el7_2.ppc64le.rpm samba-winbind-modules-4.2.10-7.el7_2.ppc64le.rpm s390x: libsmbclient-4.2.10-7.el7_2.s390.rpm libsmbclient-4.2.10-7.el7_2.s390x.rpm libwbclient-4.2.10-7.el7_2.s390.rpm libwbclient-4.2.10-7.el7_2.s390x.rpm samba-4.2.10-7.el7_2.s390x.rpm samba-client-4.2.10-7.el7_2.s390x.rpm samba-client-libs-4.2.10-7.el7_2.s390.rpm samba-client-libs-4.2.10-7.el7_2.s390x.rpm samba-common-libs-4.2.10-7.el7_2.s390x.rpm samba-common-tools-4.2.10-7.el7_2.s390x.rpm samba-debuginfo-4.2.10-7.el7_2.s390.rpm samba-debuginfo-4.2.10-7.el7_2.s390x.rpm samba-libs-4.2.10-7.el7_2.s390.rpm samba-libs-4.2.10-7.el7_2.s390x.rpm samba-winbind-4.2.10-7.el7_2.s390x.rpm samba-winbind-clients-4.2.10-7.el7_2.s390x.rpm samba-winbind-modules-4.2.10-7.el7_2.s390.rpm samba-winbind-modules-4.2.10-7.el7_2.s390x.rpm x86_64: libsmbclient-4.2.10-7.el7_2.i686.rpm libsmbclient-4.2.10-7.el7_2.x86_64.rpm libwbclient-4.2.10-7.el7_2.i686.rpm libwbclient-4.2.10-7.el7_2.x86_64.rpm samba-4.2.10-7.el7_2.x86_64.rpm samba-client-4.2.10-7.el7_2.x86_64.rpm samba-client-libs-4.2.10-7.el7_2.i686.rpm samba-client-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-tools-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-libs-4.2.10-7.el7_2.i686.rpm samba-libs-4.2.10-7.el7_2.x86_64.rpm samba-python-4.2.10-7.el7_2.x86_64.rpm samba-winbind-4.2.10-7.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-7.el7_2.i686.rpm samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): x86_64: ctdb-4.2.10-7.el7_2.x86_64.rpm ctdb-devel-4.2.10-7.el7_2.i686.rpm ctdb-devel-4.2.10-7.el7_2.x86_64.rpm ctdb-tests-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: samba-pidl-4.2.10-7.el7_2.noarch.rpm ppc64: libsmbclient-devel-4.2.10-7.el7_2.ppc.rpm libsmbclient-devel-4.2.10-7.el7_2.ppc64.rpm libwbclient-devel-4.2.10-7.el7_2.ppc.rpm libwbclient-devel-4.2.10-7.el7_2.ppc64.rpm samba-dc-4.2.10-7.el7_2.ppc64.rpm samba-dc-libs-4.2.10-7.el7_2.ppc64.rpm samba-debuginfo-4.2.10-7.el7_2.ppc.rpm samba-debuginfo-4.2.10-7.el7_2.ppc64.rpm samba-devel-4.2.10-7.el7_2.ppc.rpm samba-devel-4.2.10-7.el7_2.ppc64.rpm samba-python-4.2.10-7.el7_2.ppc64.rpm samba-test-4.2.10-7.el7_2.ppc64.rpm samba-test-devel-4.2.10-7.el7_2.ppc64.rpm samba-test-libs-4.2.10-7.el7_2.ppc.rpm samba-test-libs-4.2.10-7.el7_2.ppc64.rpm samba-winbind-krb5-locator-4.2.10-7.el7_2.ppc64.rpm ppc64le: libsmbclient-devel-4.2.10-7.el7_2.ppc64le.rpm libwbclient-devel-4.2.10-7.el7_2.ppc64le.rpm samba-dc-4.2.10-7.el7_2.ppc64le.rpm samba-dc-libs-4.2.10-7.el7_2.ppc64le.rpm samba-debuginfo-4.2.10-7.el7_2.ppc64le.rpm samba-devel-4.2.10-7.el7_2.ppc64le.rpm samba-python-4.2.10-7.el7_2.ppc64le.rpm samba-test-4.2.10-7.el7_2.ppc64le.rpm samba-test-devel-4.2.10-7.el7_2.ppc64le.rpm samba-test-libs-4.2.10-7.el7_2.ppc64le.rpm samba-winbind-krb5-locator-4.2.10-7.el7_2.ppc64le.rpm s390x: libsmbclient-devel-4.2.10-7.el7_2.s390.rpm libsmbclient-devel-4.2.10-7.el7_2.s390x.rpm libwbclient-devel-4.2.10-7.el7_2.s390.rpm libwbclient-devel-4.2.10-7.el7_2.s390x.rpm samba-dc-4.2.10-7.el7_2.s390x.rpm samba-dc-libs-4.2.10-7.el7_2.s390x.rpm samba-debuginfo-4.2.10-7.el7_2.s390.rpm samba-debuginfo-4.2.10-7.el7_2.s390x.rpm samba-devel-4.2.10-7.el7_2.s390.rpm samba-devel-4.2.10-7.el7_2.s390x.rpm samba-python-4.2.10-7.el7_2.s390x.rpm samba-test-4.2.10-7.el7_2.s390x.rpm samba-test-devel-4.2.10-7.el7_2.s390x.rpm samba-test-libs-4.2.10-7.el7_2.s390.rpm samba-test-libs-4.2.10-7.el7_2.s390x.rpm samba-winbind-krb5-locator-4.2.10-7.el7_2.s390x.rpm x86_64: libsmbclient-devel-4.2.10-7.el7_2.i686.rpm libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpm libwbclient-devel-4.2.10-7.el7_2.i686.rpm libwbclient-devel-4.2.10-7.el7_2.x86_64.rpm samba-dc-4.2.10-7.el7_2.x86_64.rpm samba-dc-libs-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-devel-4.2.10-7.el7_2.i686.rpm samba-devel-4.2.10-7.el7_2.x86_64.rpm samba-test-4.2.10-7.el7_2.x86_64.rpm samba-test-devel-4.2.10-7.el7_2.x86_64.rpm samba-test-libs-4.2.10-7.el7_2.i686.rpm samba-test-libs-4.2.10-7.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: samba-4.2.10-7.el7_2.src.rpm noarch: samba-common-4.2.10-7.el7_2.noarch.rpm x86_64: libsmbclient-4.2.10-7.el7_2.i686.rpm libsmbclient-4.2.10-7.el7_2.x86_64.rpm libwbclient-4.2.10-7.el7_2.i686.rpm libwbclient-4.2.10-7.el7_2.x86_64.rpm samba-4.2.10-7.el7_2.x86_64.rpm samba-client-4.2.10-7.el7_2.x86_64.rpm samba-client-libs-4.2.10-7.el7_2.i686.rpm samba-client-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-libs-4.2.10-7.el7_2.x86_64.rpm samba-common-tools-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-libs-4.2.10-7.el7_2.i686.rpm samba-libs-4.2.10-7.el7_2.x86_64.rpm samba-python-4.2.10-7.el7_2.x86_64.rpm samba-winbind-4.2.10-7.el7_2.x86_64.rpm samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpm samba-winbind-modules-4.2.10-7.el7_2.i686.rpm samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: samba-pidl-4.2.10-7.el7_2.noarch.rpm x86_64: libsmbclient-devel-4.2.10-7.el7_2.i686.rpm libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpm libwbclient-devel-4.2.10-7.el7_2.i686.rpm libwbclient-devel-4.2.10-7.el7_2.x86_64.rpm samba-dc-4.2.10-7.el7_2.x86_64.rpm samba-dc-libs-4.2.10-7.el7_2.x86_64.rpm samba-debuginfo-4.2.10-7.el7_2.i686.rpm samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm samba-devel-4.2.10-7.el7_2.i686.rpm samba-devel-4.2.10-7.el7_2.x86_64.rpm samba-test-4.2.10-7.el7_2.x86_64.rpm samba-test-devel-4.2.10-7.el7_2.x86_64.rpm samba-test-libs-4.2.10-7.el7_2.i686.rpm samba-test-libs-4.2.10-7.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2119 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXlxEMXlSAg2UNWIIRAlZAAKC1hl0gqvxb7ZKizUAriO5UyAIo7gCdGMK2 8F1JVtz58jP53g1rBc+/mlw= =FQCp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 26 07:30:19 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Jul 2016 07:30:19 +0000 Subject: [RHSA-2016:1487-01] Moderate: samba4 security update Message-ID: <201607260730.u6Q7UKf6032650@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba4 security update Advisory ID: RHSA-2016:1487-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1487.html Issue date: 2016-07-26 CVE Names: CVE-2016-2119 ===================================================================== 1. Summary: An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1351955 - CVE-2016-2119 samba: Client side SMB2/3 required signing can be downgraded 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba4-4.2.10-7.el6_8.src.rpm i386: samba4-4.2.10-7.el6_8.i686.rpm samba4-client-4.2.10-7.el6_8.i686.rpm samba4-common-4.2.10-7.el6_8.i686.rpm samba4-dc-4.2.10-7.el6_8.i686.rpm samba4-dc-libs-4.2.10-7.el6_8.i686.rpm samba4-debuginfo-4.2.10-7.el6_8.i686.rpm samba4-devel-4.2.10-7.el6_8.i686.rpm samba4-libs-4.2.10-7.el6_8.i686.rpm samba4-pidl-4.2.10-7.el6_8.i686.rpm samba4-python-4.2.10-7.el6_8.i686.rpm samba4-test-4.2.10-7.el6_8.i686.rpm samba4-winbind-4.2.10-7.el6_8.i686.rpm samba4-winbind-clients-4.2.10-7.el6_8.i686.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.i686.rpm x86_64: samba4-4.2.10-7.el6_8.x86_64.rpm samba4-client-4.2.10-7.el6_8.x86_64.rpm samba4-common-4.2.10-7.el6_8.x86_64.rpm samba4-dc-4.2.10-7.el6_8.x86_64.rpm samba4-dc-libs-4.2.10-7.el6_8.x86_64.rpm samba4-debuginfo-4.2.10-7.el6_8.x86_64.rpm samba4-devel-4.2.10-7.el6_8.x86_64.rpm samba4-libs-4.2.10-7.el6_8.x86_64.rpm samba4-pidl-4.2.10-7.el6_8.x86_64.rpm samba4-python-4.2.10-7.el6_8.x86_64.rpm samba4-test-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-clients-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba4-4.2.10-7.el6_8.src.rpm x86_64: samba4-4.2.10-7.el6_8.x86_64.rpm samba4-client-4.2.10-7.el6_8.x86_64.rpm samba4-common-4.2.10-7.el6_8.x86_64.rpm samba4-dc-4.2.10-7.el6_8.x86_64.rpm samba4-dc-libs-4.2.10-7.el6_8.x86_64.rpm samba4-debuginfo-4.2.10-7.el6_8.x86_64.rpm samba4-devel-4.2.10-7.el6_8.x86_64.rpm samba4-libs-4.2.10-7.el6_8.x86_64.rpm samba4-pidl-4.2.10-7.el6_8.x86_64.rpm samba4-python-4.2.10-7.el6_8.x86_64.rpm samba4-test-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-clients-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba4-4.2.10-7.el6_8.src.rpm i386: samba4-4.2.10-7.el6_8.i686.rpm samba4-client-4.2.10-7.el6_8.i686.rpm samba4-common-4.2.10-7.el6_8.i686.rpm samba4-dc-4.2.10-7.el6_8.i686.rpm samba4-dc-libs-4.2.10-7.el6_8.i686.rpm samba4-debuginfo-4.2.10-7.el6_8.i686.rpm samba4-devel-4.2.10-7.el6_8.i686.rpm samba4-libs-4.2.10-7.el6_8.i686.rpm samba4-pidl-4.2.10-7.el6_8.i686.rpm samba4-python-4.2.10-7.el6_8.i686.rpm samba4-test-4.2.10-7.el6_8.i686.rpm samba4-winbind-4.2.10-7.el6_8.i686.rpm samba4-winbind-clients-4.2.10-7.el6_8.i686.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.i686.rpm ppc64: samba4-4.2.10-7.el6_8.ppc64.rpm samba4-client-4.2.10-7.el6_8.ppc64.rpm samba4-common-4.2.10-7.el6_8.ppc64.rpm samba4-dc-4.2.10-7.el6_8.ppc64.rpm samba4-dc-libs-4.2.10-7.el6_8.ppc64.rpm samba4-debuginfo-4.2.10-7.el6_8.ppc64.rpm samba4-devel-4.2.10-7.el6_8.ppc64.rpm samba4-libs-4.2.10-7.el6_8.ppc64.rpm samba4-pidl-4.2.10-7.el6_8.ppc64.rpm samba4-python-4.2.10-7.el6_8.ppc64.rpm samba4-test-4.2.10-7.el6_8.ppc64.rpm samba4-winbind-4.2.10-7.el6_8.ppc64.rpm samba4-winbind-clients-4.2.10-7.el6_8.ppc64.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.ppc64.rpm s390x: samba4-4.2.10-7.el6_8.s390x.rpm samba4-client-4.2.10-7.el6_8.s390x.rpm samba4-common-4.2.10-7.el6_8.s390x.rpm samba4-dc-4.2.10-7.el6_8.s390x.rpm samba4-dc-libs-4.2.10-7.el6_8.s390x.rpm samba4-debuginfo-4.2.10-7.el6_8.s390x.rpm samba4-devel-4.2.10-7.el6_8.s390x.rpm samba4-libs-4.2.10-7.el6_8.s390x.rpm samba4-pidl-4.2.10-7.el6_8.s390x.rpm samba4-python-4.2.10-7.el6_8.s390x.rpm samba4-test-4.2.10-7.el6_8.s390x.rpm samba4-winbind-4.2.10-7.el6_8.s390x.rpm samba4-winbind-clients-4.2.10-7.el6_8.s390x.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.s390x.rpm x86_64: samba4-4.2.10-7.el6_8.x86_64.rpm samba4-client-4.2.10-7.el6_8.x86_64.rpm samba4-common-4.2.10-7.el6_8.x86_64.rpm samba4-dc-4.2.10-7.el6_8.x86_64.rpm samba4-dc-libs-4.2.10-7.el6_8.x86_64.rpm samba4-debuginfo-4.2.10-7.el6_8.x86_64.rpm samba4-devel-4.2.10-7.el6_8.x86_64.rpm samba4-libs-4.2.10-7.el6_8.x86_64.rpm samba4-pidl-4.2.10-7.el6_8.x86_64.rpm samba4-python-4.2.10-7.el6_8.x86_64.rpm samba4-test-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-clients-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba4-4.2.10-7.el6_8.src.rpm i386: samba4-4.2.10-7.el6_8.i686.rpm samba4-client-4.2.10-7.el6_8.i686.rpm samba4-common-4.2.10-7.el6_8.i686.rpm samba4-dc-4.2.10-7.el6_8.i686.rpm samba4-dc-libs-4.2.10-7.el6_8.i686.rpm samba4-debuginfo-4.2.10-7.el6_8.i686.rpm samba4-devel-4.2.10-7.el6_8.i686.rpm samba4-libs-4.2.10-7.el6_8.i686.rpm samba4-pidl-4.2.10-7.el6_8.i686.rpm samba4-python-4.2.10-7.el6_8.i686.rpm samba4-test-4.2.10-7.el6_8.i686.rpm samba4-winbind-4.2.10-7.el6_8.i686.rpm samba4-winbind-clients-4.2.10-7.el6_8.i686.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.i686.rpm x86_64: samba4-4.2.10-7.el6_8.x86_64.rpm samba4-client-4.2.10-7.el6_8.x86_64.rpm samba4-common-4.2.10-7.el6_8.x86_64.rpm samba4-dc-4.2.10-7.el6_8.x86_64.rpm samba4-dc-libs-4.2.10-7.el6_8.x86_64.rpm samba4-debuginfo-4.2.10-7.el6_8.x86_64.rpm samba4-devel-4.2.10-7.el6_8.x86_64.rpm samba4-libs-4.2.10-7.el6_8.x86_64.rpm samba4-pidl-4.2.10-7.el6_8.x86_64.rpm samba4-python-4.2.10-7.el6_8.x86_64.rpm samba4-test-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-clients-4.2.10-7.el6_8.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-7.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2119 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXlxGHXlSAg2UNWIIRAvTZAJ9CFQidtzAooI2MzwkSKXtUrJvisQCgkqI+ cy4OmqwbhZymiI5+JB4InEM= =YQm3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 26 15:53:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Jul 2016 15:53:27 +0000 Subject: [RHSA-2016:1489-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201607261553.u6QFrSI5016446@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:1489-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1489.html Issue date: 2016-07-26 CVE Names: CVE-2016-4565 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) Red Hat would like to thank Jann Horn for reporting this issue. Bug Fix(es): * When providing some services and using the Integrated Services Digital Network (ISDN), the system could terminate unexpectedly due to the call of the tty_ldisc_flush() function. The provided patch removes this call and the system no longer hangs in the described scenario. (BZ#1337442) * After upgrading the kernel, CPU load average increased compared to the prior kernel version due to the modification of the scheduler. The provided patchset makes the calculation algorithm of this load average roll back to the status of the previous system version thus resulting in relatively lower values in the same system load. (BZ#1343014) Enhancement(s): * With this update, a patchset has been applied which adds support for Intel Xeon v4 processors. (BZ#1334809) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: kernel-2.6.32-573.32.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.32.1.el6.noarch.rpm kernel-doc-2.6.32-573.32.1.el6.noarch.rpm kernel-firmware-2.6.32-573.32.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.32.1.el6.x86_64.rpm kernel-debug-2.6.32-573.32.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.32.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.32.1.el6.x86_64.rpm kernel-devel-2.6.32-573.32.1.el6.x86_64.rpm kernel-headers-2.6.32-573.32.1.el6.x86_64.rpm perf-2.6.32-573.32.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.32.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm python-perf-2.6.32-573.32.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: kernel-2.6.32-573.32.1.el6.src.rpm i386: kernel-2.6.32-573.32.1.el6.i686.rpm kernel-debug-2.6.32-573.32.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.32.1.el6.i686.rpm kernel-devel-2.6.32-573.32.1.el6.i686.rpm kernel-headers-2.6.32-573.32.1.el6.i686.rpm perf-2.6.32-573.32.1.el6.i686.rpm perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.32.1.el6.noarch.rpm kernel-doc-2.6.32-573.32.1.el6.noarch.rpm kernel-firmware-2.6.32-573.32.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.32.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.32.1.el6.ppc64.rpm kernel-debug-2.6.32-573.32.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.32.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.32.1.el6.ppc64.rpm kernel-devel-2.6.32-573.32.1.el6.ppc64.rpm kernel-headers-2.6.32-573.32.1.el6.ppc64.rpm perf-2.6.32-573.32.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.32.1.el6.s390x.rpm kernel-debug-2.6.32-573.32.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.32.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.32.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.32.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.32.1.el6.s390x.rpm kernel-devel-2.6.32-573.32.1.el6.s390x.rpm kernel-headers-2.6.32-573.32.1.el6.s390x.rpm kernel-kdump-2.6.32-573.32.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.32.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.32.1.el6.s390x.rpm perf-2.6.32-573.32.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.32.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.32.1.el6.x86_64.rpm kernel-debug-2.6.32-573.32.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.32.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.32.1.el6.x86_64.rpm kernel-devel-2.6.32-573.32.1.el6.x86_64.rpm kernel-headers-2.6.32-573.32.1.el6.x86_64.rpm perf-2.6.32-573.32.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: kernel-debug-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.32.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.32.1.el6.i686.rpm perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm python-perf-2.6.32-573.32.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.32.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm python-perf-2.6.32-573.32.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.32.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.32.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.32.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.32.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.32.1.el6.s390x.rpm python-perf-2.6.32-573.32.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.32.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm python-perf-2.6.32-573.32.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.32.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4565 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXl4dsXlSAg2UNWIIRAqnWAJ0XAT42cINic4lpf/NH1281xPLnnQCeOCUy CXZ/820Q5aX+G1vTfLfMq3g= =Dchn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 27 12:04:18 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jul 2016 12:04:18 +0000 Subject: [RHSA-2016:1504-01] Important: java-1.7.0-openjdk security update Message-ID: <201607271204.u6RC4IJo032122@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2016:1504-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1504.html Issue date: 2016-07-27 CVE Names: CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 ===================================================================== 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1356963 - CVE-2016-3606 OpenJDK: insufficient bytecode verification (Hotspot, 8155981) 1356971 - CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) 1356994 - CVE-2016-3610 OpenJDK: insufficient value count check in MethodHandles.filterReturnValue() (Libraries, 8158571) 1357008 - CVE-2016-3500 OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872) 1357015 - CVE-2016-3508 OpenJDK: missing entity replacement limits (JAXP, 8149962) 1357494 - CVE-2016-3458 OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718) 1357506 - CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.1.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.1.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.1.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.src.rpm i386: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el6_8.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el6_8.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.src.rpm i386: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el6_8.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el6_8.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.src.rpm i386: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el6_8.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el6_8.i686.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el6_8.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm ppc64le: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm s390x: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el7_2.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el7_2.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el7_2.ppc64.rpm ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.111-2.6.7.2.el7_2.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el7_2.s390x.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el7_2.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.111-2.6.7.2.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.111-2.6.7.2.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3458 https://access.redhat.com/security/cve/CVE-2016-3500 https://access.redhat.com/security/cve/CVE-2016-3508 https://access.redhat.com/security/cve/CVE-2016-3550 https://access.redhat.com/security/cve/CVE-2016-3598 https://access.redhat.com/security/cve/CVE-2016-3606 https://access.redhat.com/security/cve/CVE-2016-3610 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXmJ/AXlSAg2UNWIIRAl1hAKCWaFOVHMoiA53xUQQNTee/Kbq4JACfYFcD nPk/zVVVMZj9ds3ITpBmKs8= =7XbA -----END PGP SIGNATURE-----