From bugzilla at redhat.com Tue Mar 1 16:17:15 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2016 16:17:15 +0000 Subject: [RHSA-2016:0301-01] Important: openssl security update Message-ID: <201603011617.u21GHGTf013378@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0301-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0301.html Issue date: 2016-03-01 CVE Names: CVE-2015-3197 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0800 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-42.el6_7.4.src.rpm i386: openssl-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm x86_64: openssl-1.0.1e-42.el6_7.4.i686.rpm openssl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-devel-1.0.1e-42.el6_7.4.i686.rpm openssl-perl-1.0.1e-42.el6_7.4.i686.rpm openssl-static-1.0.1e-42.el6_7.4.i686.rpm x86_64: openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.4.i686.rpm openssl-devel-1.0.1e-42.el6_7.4.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-static-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-42.el6_7.4.src.rpm x86_64: openssl-1.0.1e-42.el6_7.4.i686.rpm openssl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.4.i686.rpm openssl-devel-1.0.1e-42.el6_7.4.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-static-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-42.el6_7.4.src.rpm i386: openssl-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-devel-1.0.1e-42.el6_7.4.i686.rpm ppc64: openssl-1.0.1e-42.el6_7.4.ppc.rpm openssl-1.0.1e-42.el6_7.4.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.4.ppc.rpm openssl-devel-1.0.1e-42.el6_7.4.ppc64.rpm s390x: openssl-1.0.1e-42.el6_7.4.s390.rpm openssl-1.0.1e-42.el6_7.4.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.s390x.rpm openssl-devel-1.0.1e-42.el6_7.4.s390.rpm openssl-devel-1.0.1e-42.el6_7.4.s390x.rpm x86_64: openssl-1.0.1e-42.el6_7.4.i686.rpm openssl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.4.i686.rpm openssl-devel-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-perl-1.0.1e-42.el6_7.4.i686.rpm openssl-static-1.0.1e-42.el6_7.4.i686.rpm ppc64: openssl-debuginfo-1.0.1e-42.el6_7.4.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.4.ppc64.rpm openssl-static-1.0.1e-42.el6_7.4.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-42.el6_7.4.s390x.rpm openssl-perl-1.0.1e-42.el6_7.4.s390x.rpm openssl-static-1.0.1e-42.el6_7.4.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-static-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-42.el6_7.4.src.rpm i386: openssl-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-devel-1.0.1e-42.el6_7.4.i686.rpm x86_64: openssl-1.0.1e-42.el6_7.4.i686.rpm openssl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.4.i686.rpm openssl-devel-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-42.el6_7.4.i686.rpm openssl-perl-1.0.1e-42.el6_7.4.i686.rpm openssl-static-1.0.1e-42.el6_7.4.i686.rpm x86_64: openssl-debuginfo-1.0.1e-42.el6_7.4.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.4.x86_64.rpm openssl-static-1.0.1e-42.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-51.el7_2.4.src.rpm x86_64: openssl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.4.i686.rpm openssl-libs-1.0.1e-51.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.4.i686.rpm openssl-devel-1.0.1e-51.el7_2.4.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-static-1.0.1e-51.el7_2.4.i686.rpm openssl-static-1.0.1e-51.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-51.el7_2.4.src.rpm x86_64: openssl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.4.i686.rpm openssl-libs-1.0.1e-51.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.4.i686.rpm openssl-devel-1.0.1e-51.el7_2.4.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-static-1.0.1e-51.el7_2.4.i686.rpm openssl-static-1.0.1e-51.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-51.el7_2.4.src.rpm ppc64: openssl-1.0.1e-51.el7_2.4.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.4.ppc.rpm openssl-devel-1.0.1e-51.el7_2.4.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.4.ppc.rpm openssl-libs-1.0.1e-51.el7_2.4.ppc64.rpm ppc64le: openssl-1.0.1e-51.el7_2.4.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.4.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.4.ppc64le.rpm s390x: openssl-1.0.1e-51.el7_2.4.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.s390x.rpm openssl-devel-1.0.1e-51.el7_2.4.s390.rpm openssl-devel-1.0.1e-51.el7_2.4.s390x.rpm openssl-libs-1.0.1e-51.el7_2.4.s390.rpm openssl-libs-1.0.1e-51.el7_2.4.s390x.rpm x86_64: openssl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.4.i686.rpm openssl-devel-1.0.1e-51.el7_2.4.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.4.i686.rpm openssl-libs-1.0.1e-51.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-51.el7_2.4.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.4.ppc64.rpm openssl-static-1.0.1e-51.el7_2.4.ppc.rpm openssl-static-1.0.1e-51.el7_2.4.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.4.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.4.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.4.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-51.el7_2.4.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.s390x.rpm openssl-perl-1.0.1e-51.el7_2.4.s390x.rpm openssl-static-1.0.1e-51.el7_2.4.s390.rpm openssl-static-1.0.1e-51.el7_2.4.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-static-1.0.1e-51.el7_2.4.i686.rpm openssl-static-1.0.1e-51.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-51.el7_2.4.src.rpm x86_64: openssl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.4.i686.rpm openssl-devel-1.0.1e-51.el7_2.4.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.4.i686.rpm openssl-libs-1.0.1e-51.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.4.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.4.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.4.x86_64.rpm openssl-static-1.0.1e-51.el7_2.4.i686.rpm openssl-static-1.0.1e-51.el7_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0702 https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2016-0797 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ http://cachebleed.info/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW1cCGXlSAg2UNWIIRAorHAKChVpnVB6Gpd8xZP0iwtVrS2A0ZUACgsKbz L7tzxRcDJUDUTN4/LCedKTE= =loec -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 16:19:49 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2016 16:19:49 +0000 Subject: [RHSA-2016:0302-01] Important: openssl security update Message-ID: <201603011619.u21GJoI9014869@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0302-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0302.html Issue date: 2016-03-01 CVE Names: CVE-2015-3197 CVE-2016-0797 CVE-2016-0800 ===================================================================== 1. Summary: Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: openssl-0.9.8e-39.el5_11.src.rpm i386: openssl-0.9.8e-39.el5_11.i386.rpm openssl-0.9.8e-39.el5_11.i686.rpm openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm openssl-perl-0.9.8e-39.el5_11.i386.rpm x86_64: openssl-0.9.8e-39.el5_11.i686.rpm openssl-0.9.8e-39.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm openssl-perl-0.9.8e-39.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: openssl-0.9.8e-39.el5_11.src.rpm i386: openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm openssl-devel-0.9.8e-39.el5_11.i386.rpm x86_64: openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm openssl-devel-0.9.8e-39.el5_11.i386.rpm openssl-devel-0.9.8e-39.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: openssl-0.9.8e-39.el5_11.src.rpm i386: openssl-0.9.8e-39.el5_11.i386.rpm openssl-0.9.8e-39.el5_11.i686.rpm openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm openssl-devel-0.9.8e-39.el5_11.i386.rpm openssl-perl-0.9.8e-39.el5_11.i386.rpm ia64: openssl-0.9.8e-39.el5_11.i686.rpm openssl-0.9.8e-39.el5_11.ia64.rpm openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm openssl-debuginfo-0.9.8e-39.el5_11.ia64.rpm openssl-devel-0.9.8e-39.el5_11.ia64.rpm openssl-perl-0.9.8e-39.el5_11.ia64.rpm ppc: openssl-0.9.8e-39.el5_11.ppc.rpm openssl-0.9.8e-39.el5_11.ppc64.rpm openssl-debuginfo-0.9.8e-39.el5_11.ppc.rpm openssl-debuginfo-0.9.8e-39.el5_11.ppc64.rpm openssl-devel-0.9.8e-39.el5_11.ppc.rpm openssl-devel-0.9.8e-39.el5_11.ppc64.rpm openssl-perl-0.9.8e-39.el5_11.ppc.rpm s390x: openssl-0.9.8e-39.el5_11.s390.rpm openssl-0.9.8e-39.el5_11.s390x.rpm openssl-debuginfo-0.9.8e-39.el5_11.s390.rpm openssl-debuginfo-0.9.8e-39.el5_11.s390x.rpm openssl-devel-0.9.8e-39.el5_11.s390.rpm openssl-devel-0.9.8e-39.el5_11.s390x.rpm openssl-perl-0.9.8e-39.el5_11.s390x.rpm x86_64: openssl-0.9.8e-39.el5_11.i686.rpm openssl-0.9.8e-39.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm openssl-devel-0.9.8e-39.el5_11.i386.rpm openssl-devel-0.9.8e-39.el5_11.x86_64.rpm openssl-perl-0.9.8e-39.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0797 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW1cD2XlSAg2UNWIIRArcmAJ4tcIkNCGO6ZYkFJDJBDVy+3uXdWQCgvehG wS2aBpJ2mRkB3LA++ho1F6w= =bSuG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 16:20:41 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2016 16:20:41 +0000 Subject: [RHSA-2016:0303-01] Important: openssl security update Message-ID: <201603011620.u21GKgBq021556@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0303-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0303.html Issue date: 2016-03-01 CVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia K?sper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: openssl-1.0.0-20.el6_2.8.src.rpm x86_64: openssl-1.0.0-20.el6_2.8.i686.rpm openssl-1.0.0-20.el6_2.8.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.8.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.8.x86_64.rpm openssl-devel-1.0.0-20.el6_2.8.i686.rpm openssl-devel-1.0.0-20.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: openssl-1.0.0-27.el6_4.5.src.rpm x86_64: openssl-1.0.0-27.el6_4.5.i686.rpm openssl-1.0.0-27.el6_4.5.x86_64.rpm openssl-debuginfo-1.0.0-27.el6_4.5.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.5.x86_64.rpm openssl-devel-1.0.0-27.el6_4.5.i686.rpm openssl-devel-1.0.0-27.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: openssl-1.0.1e-16.el6_5.16.src.rpm x86_64: openssl-1.0.1e-16.el6_5.16.i686.rpm openssl-1.0.1e-16.el6_5.16.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.16.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.16.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.16.i686.rpm openssl-devel-1.0.1e-16.el6_5.16.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: openssl-1.0.0-20.el6_2.8.src.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.8.x86_64.rpm openssl-perl-1.0.0-20.el6_2.8.x86_64.rpm openssl-static-1.0.0-20.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: openssl-1.0.0-27.el6_4.5.src.rpm x86_64: openssl-debuginfo-1.0.0-27.el6_4.5.x86_64.rpm openssl-perl-1.0.0-27.el6_4.5.x86_64.rpm openssl-static-1.0.0-27.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: openssl-1.0.1e-16.el6_5.16.src.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.16.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.16.x86_64.rpm openssl-static-1.0.1e-16.el6_5.16.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0703 https://access.redhat.com/security/cve/CVE-2016-0704 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW1cFVXlSAg2UNWIIRAiHFAKCv4By3YintGgRYJJyhA7n3FrUn1wCfZHLr V2xviZUG2H9rWZyjayig0oY= =rw6Q -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 16:21:45 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2016 16:21:45 +0000 Subject: [RHSA-2016:0304-01] Important: openssl security update Message-ID: <201603011621.u21GLkj7017685@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0304-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0304.html Issue date: 2016-03-01 CVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux LL (v. 5.9 server) - i386, ia64, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia K?sper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers 6. Package List: Red Hat Enterprise Linux LL (v. 5.6 server): Source: openssl-0.9.8e-12.el5_6.13.src.rpm i386: openssl-0.9.8e-12.el5_6.13.i386.rpm openssl-0.9.8e-12.el5_6.13.i686.rpm openssl-debuginfo-0.9.8e-12.el5_6.13.i386.rpm openssl-debuginfo-0.9.8e-12.el5_6.13.i686.rpm openssl-devel-0.9.8e-12.el5_6.13.i386.rpm openssl-perl-0.9.8e-12.el5_6.13.i386.rpm ia64: openssl-0.9.8e-12.el5_6.13.i686.rpm openssl-0.9.8e-12.el5_6.13.ia64.rpm openssl-debuginfo-0.9.8e-12.el5_6.13.i686.rpm openssl-debuginfo-0.9.8e-12.el5_6.13.ia64.rpm openssl-devel-0.9.8e-12.el5_6.13.ia64.rpm openssl-perl-0.9.8e-12.el5_6.13.ia64.rpm x86_64: openssl-0.9.8e-12.el5_6.13.i686.rpm openssl-0.9.8e-12.el5_6.13.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5_6.13.i386.rpm openssl-debuginfo-0.9.8e-12.el5_6.13.i686.rpm openssl-debuginfo-0.9.8e-12.el5_6.13.x86_64.rpm openssl-devel-0.9.8e-12.el5_6.13.i386.rpm openssl-devel-0.9.8e-12.el5_6.13.x86_64.rpm openssl-perl-0.9.8e-12.el5_6.13.x86_64.rpm Red Hat Enterprise Linux LL (v. 5.9 server): Source: openssl-0.9.8e-26.el5_9.5.src.rpm i386: openssl-0.9.8e-26.el5_9.5.i386.rpm openssl-0.9.8e-26.el5_9.5.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.5.i386.rpm openssl-debuginfo-0.9.8e-26.el5_9.5.i686.rpm openssl-devel-0.9.8e-26.el5_9.5.i386.rpm openssl-perl-0.9.8e-26.el5_9.5.i386.rpm ia64: openssl-0.9.8e-26.el5_9.5.i686.rpm openssl-0.9.8e-26.el5_9.5.ia64.rpm openssl-debuginfo-0.9.8e-26.el5_9.5.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.5.ia64.rpm openssl-devel-0.9.8e-26.el5_9.5.ia64.rpm openssl-perl-0.9.8e-26.el5_9.5.ia64.rpm x86_64: openssl-0.9.8e-26.el5_9.5.i686.rpm openssl-0.9.8e-26.el5_9.5.x86_64.rpm openssl-debuginfo-0.9.8e-26.el5_9.5.i386.rpm openssl-debuginfo-0.9.8e-26.el5_9.5.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.5.x86_64.rpm openssl-devel-0.9.8e-26.el5_9.5.i386.rpm openssl-devel-0.9.8e-26.el5_9.5.x86_64.rpm openssl-perl-0.9.8e-26.el5_9.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0703 https://access.redhat.com/security/cve/CVE-2016-0704 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW1cGEXlSAg2UNWIIRAvMbAKCPnx5mhF4tJAohhZCrYDiyY47zxQCcDUD7 PfUxlPEcXX+LdGBCojAvlHk= =iFlz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 16:26:25 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2016 16:26:25 +0000 Subject: [RHSA-2016:0305-01] Important: openssl security update Message-ID: <201603011626.u21GQQuF005921@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0305-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0305.html Issue date: 2016-03-01 CVE Names: CVE-2015-3197 CVE-2016-0800 ===================================================================== 1. Summary: Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: openssl-1.0.1e-30.el6_6.12.src.rpm x86_64: openssl-1.0.1e-30.el6_6.12.i686.rpm openssl-1.0.1e-30.el6_6.12.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: openssl-debuginfo-1.0.1e-30.el6_6.12.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.12.i686.rpm openssl-devel-1.0.1e-30.el6_6.12.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.12.x86_64.rpm openssl-static-1.0.1e-30.el6_6.12.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: openssl-1.0.1e-30.el6_6.12.src.rpm i386: openssl-1.0.1e-30.el6_6.12.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.i686.rpm openssl-devel-1.0.1e-30.el6_6.12.i686.rpm ppc64: openssl-1.0.1e-30.el6_6.12.ppc.rpm openssl-1.0.1e-30.el6_6.12.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.12.ppc.rpm openssl-devel-1.0.1e-30.el6_6.12.ppc64.rpm s390x: openssl-1.0.1e-30.el6_6.12.s390.rpm openssl-1.0.1e-30.el6_6.12.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.s390x.rpm openssl-devel-1.0.1e-30.el6_6.12.s390.rpm openssl-devel-1.0.1e-30.el6_6.12.s390x.rpm x86_64: openssl-1.0.1e-30.el6_6.12.i686.rpm openssl-1.0.1e-30.el6_6.12.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.12.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.12.i686.rpm openssl-devel-1.0.1e-30.el6_6.12.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: openssl-debuginfo-1.0.1e-30.el6_6.12.i686.rpm openssl-perl-1.0.1e-30.el6_6.12.i686.rpm openssl-static-1.0.1e-30.el6_6.12.i686.rpm ppc64: openssl-debuginfo-1.0.1e-30.el6_6.12.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.12.ppc64.rpm openssl-static-1.0.1e-30.el6_6.12.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-30.el6_6.12.s390x.rpm openssl-perl-1.0.1e-30.el6_6.12.s390x.rpm openssl-static-1.0.1e-30.el6_6.12.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-30.el6_6.12.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.12.x86_64.rpm openssl-static-1.0.1e-30.el6_6.12.x86_64.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: openssl-1.0.1e-42.el7_1.10.src.rpm x86_64: openssl-1.0.1e-42.el7_1.10.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.10.i686.rpm openssl-libs-1.0.1e-42.el7_1.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: openssl-debuginfo-1.0.1e-42.el7_1.10.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.10.i686.rpm openssl-devel-1.0.1e-42.el7_1.10.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.10.x86_64.rpm openssl-static-1.0.1e-42.el7_1.10.i686.rpm openssl-static-1.0.1e-42.el7_1.10.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: openssl-1.0.1e-42.el7_1.10.src.rpm ppc64: openssl-1.0.1e-42.el7_1.10.ppc64.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.ppc64.rpm openssl-devel-1.0.1e-42.el7_1.10.ppc.rpm openssl-devel-1.0.1e-42.el7_1.10.ppc64.rpm openssl-libs-1.0.1e-42.el7_1.10.ppc.rpm openssl-libs-1.0.1e-42.el7_1.10.ppc64.rpm s390x: openssl-1.0.1e-42.el7_1.10.s390x.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.s390x.rpm openssl-devel-1.0.1e-42.el7_1.10.s390.rpm openssl-devel-1.0.1e-42.el7_1.10.s390x.rpm openssl-libs-1.0.1e-42.el7_1.10.s390.rpm openssl-libs-1.0.1e-42.el7_1.10.s390x.rpm x86_64: openssl-1.0.1e-42.el7_1.10.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.10.i686.rpm openssl-devel-1.0.1e-42.el7_1.10.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.10.i686.rpm openssl-libs-1.0.1e-42.el7_1.10.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: openssl-1.0.1e-42.ael7b_1.10.src.rpm ppc64le: openssl-1.0.1e-42.ael7b_1.10.ppc64le.rpm openssl-debuginfo-1.0.1e-42.ael7b_1.10.ppc64le.rpm openssl-devel-1.0.1e-42.ael7b_1.10.ppc64le.rpm openssl-libs-1.0.1e-42.ael7b_1.10.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: openssl-debuginfo-1.0.1e-42.el7_1.10.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.ppc64.rpm openssl-perl-1.0.1e-42.el7_1.10.ppc64.rpm openssl-static-1.0.1e-42.el7_1.10.ppc.rpm openssl-static-1.0.1e-42.el7_1.10.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-42.el7_1.10.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.s390x.rpm openssl-perl-1.0.1e-42.el7_1.10.s390x.rpm openssl-static-1.0.1e-42.el7_1.10.s390.rpm openssl-static-1.0.1e-42.el7_1.10.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-42.el7_1.10.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.10.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.10.x86_64.rpm openssl-static-1.0.1e-42.el7_1.10.i686.rpm openssl-static-1.0.1e-42.el7_1.10.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: openssl-debuginfo-1.0.1e-42.ael7b_1.10.ppc64le.rpm openssl-perl-1.0.1e-42.ael7b_1.10.ppc64le.rpm openssl-static-1.0.1e-42.ael7b_1.10.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW1cKJXlSAg2UNWIIRAvEbAKCjEgYyIk4LLd+D90N9p8H+1R+GmACfWjVT QT6RoMNlqziq9pzdSbPTfk4= =2KJ2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 16:27:59 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2016 16:27:59 +0000 Subject: [RHSA-2016:0306-01] Important: openssl security update Message-ID: <201603011628.u21GS1BR001316@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0306-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0306.html Issue date: 2016-03-01 CVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extended Lifecycle Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia K?sper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: openssl-0.9.7a-43.23.el4.src.rpm i386: openssl-0.9.7a-43.23.el4.i386.rpm openssl-0.9.7a-43.23.el4.i686.rpm openssl-debuginfo-0.9.7a-43.23.el4.i386.rpm openssl-debuginfo-0.9.7a-43.23.el4.i686.rpm openssl-devel-0.9.7a-43.23.el4.i386.rpm openssl-perl-0.9.7a-43.23.el4.i386.rpm ia64: openssl-0.9.7a-43.23.el4.i686.rpm openssl-0.9.7a-43.23.el4.ia64.rpm openssl-debuginfo-0.9.7a-43.23.el4.i686.rpm openssl-debuginfo-0.9.7a-43.23.el4.ia64.rpm openssl-devel-0.9.7a-43.23.el4.ia64.rpm openssl-perl-0.9.7a-43.23.el4.ia64.rpm x86_64: openssl-0.9.7a-43.23.el4.i686.rpm openssl-0.9.7a-43.23.el4.x86_64.rpm openssl-debuginfo-0.9.7a-43.23.el4.i386.rpm openssl-debuginfo-0.9.7a-43.23.el4.i686.rpm openssl-debuginfo-0.9.7a-43.23.el4.x86_64.rpm openssl-devel-0.9.7a-43.23.el4.i386.rpm openssl-devel-0.9.7a-43.23.el4.x86_64.rpm openssl-perl-0.9.7a-43.23.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: openssl-0.9.7a-43.23.el4.src.rpm i386: openssl-0.9.7a-43.23.el4.i386.rpm openssl-0.9.7a-43.23.el4.i686.rpm openssl-debuginfo-0.9.7a-43.23.el4.i386.rpm openssl-debuginfo-0.9.7a-43.23.el4.i686.rpm openssl-devel-0.9.7a-43.23.el4.i386.rpm openssl-perl-0.9.7a-43.23.el4.i386.rpm x86_64: openssl-0.9.7a-43.23.el4.i686.rpm openssl-0.9.7a-43.23.el4.x86_64.rpm openssl-debuginfo-0.9.7a-43.23.el4.i386.rpm openssl-debuginfo-0.9.7a-43.23.el4.i686.rpm openssl-debuginfo-0.9.7a-43.23.el4.x86_64.rpm openssl-devel-0.9.7a-43.23.el4.i386.rpm openssl-devel-0.9.7a-43.23.el4.x86_64.rpm openssl-perl-0.9.7a-43.23.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0703 https://access.redhat.com/security/cve/CVE-2016-0704 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW1cMAXlSAg2UNWIIRAho2AJ90ZmeRdG0ZG0fwEk7LS8xcn81iqwCfcEKp O4ApRfTR31lmgraKkolN4LQ= =mj9p -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 19:49:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Mar 2016 19:49:32 +0000 Subject: [RHSA-2016:0346-01] Important: postgresql security update Message-ID: <201603021949.u22JnW7T017258@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: postgresql security update Advisory ID: RHSA-2016:0346-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0346.html Issue date: 2016-03-02 CVE Names: CVE-2016-0773 ===================================================================== 1. Summary: Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. This update upgrades PostgreSQL to version 9.2.15. Refer to the Release Notes linked to in the References section for a detailed list of changes since the previous version. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303832 - CVE-2016-0773 postgresql: case insensitive range handling integer overflow leading to buffer overflow 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: postgresql-9.2.15-1.el7_2.src.rpm x86_64: postgresql-9.2.15-1.el7_2.i686.rpm postgresql-9.2.15-1.el7_2.x86_64.rpm postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm postgresql-debuginfo-9.2.15-1.el7_2.i686.rpm postgresql-debuginfo-9.2.15-1.el7_2.x86_64.rpm postgresql-devel-9.2.15-1.el7_2.i686.rpm postgresql-devel-9.2.15-1.el7_2.x86_64.rpm postgresql-docs-9.2.15-1.el7_2.x86_64.rpm postgresql-libs-9.2.15-1.el7_2.i686.rpm postgresql-libs-9.2.15-1.el7_2.x86_64.rpm postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm postgresql-server-9.2.15-1.el7_2.x86_64.rpm postgresql-test-9.2.15-1.el7_2.x86_64.rpm postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: postgresql-9.2.15-1.el7_2.src.rpm x86_64: postgresql-9.2.15-1.el7_2.x86_64.rpm postgresql-debuginfo-9.2.15-1.el7_2.i686.rpm postgresql-debuginfo-9.2.15-1.el7_2.x86_64.rpm postgresql-libs-9.2.15-1.el7_2.i686.rpm postgresql-libs-9.2.15-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: postgresql-9.2.15-1.el7_2.i686.rpm postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm postgresql-debuginfo-9.2.15-1.el7_2.i686.rpm postgresql-debuginfo-9.2.15-1.el7_2.x86_64.rpm postgresql-devel-9.2.15-1.el7_2.i686.rpm postgresql-devel-9.2.15-1.el7_2.x86_64.rpm postgresql-docs-9.2.15-1.el7_2.x86_64.rpm postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm postgresql-server-9.2.15-1.el7_2.x86_64.rpm postgresql-test-9.2.15-1.el7_2.x86_64.rpm postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: postgresql-9.2.15-1.el7_2.src.rpm ppc64: postgresql-9.2.15-1.el7_2.ppc.rpm postgresql-9.2.15-1.el7_2.ppc64.rpm postgresql-contrib-9.2.15-1.el7_2.ppc64.rpm postgresql-debuginfo-9.2.15-1.el7_2.ppc.rpm postgresql-debuginfo-9.2.15-1.el7_2.ppc64.rpm postgresql-devel-9.2.15-1.el7_2.ppc.rpm postgresql-devel-9.2.15-1.el7_2.ppc64.rpm postgresql-docs-9.2.15-1.el7_2.ppc64.rpm postgresql-libs-9.2.15-1.el7_2.ppc.rpm postgresql-libs-9.2.15-1.el7_2.ppc64.rpm postgresql-plperl-9.2.15-1.el7_2.ppc64.rpm postgresql-plpython-9.2.15-1.el7_2.ppc64.rpm postgresql-pltcl-9.2.15-1.el7_2.ppc64.rpm postgresql-server-9.2.15-1.el7_2.ppc64.rpm postgresql-test-9.2.15-1.el7_2.ppc64.rpm ppc64le: postgresql-9.2.15-1.el7_2.ppc64le.rpm postgresql-contrib-9.2.15-1.el7_2.ppc64le.rpm postgresql-debuginfo-9.2.15-1.el7_2.ppc64le.rpm postgresql-devel-9.2.15-1.el7_2.ppc64le.rpm postgresql-docs-9.2.15-1.el7_2.ppc64le.rpm postgresql-libs-9.2.15-1.el7_2.ppc64le.rpm postgresql-plperl-9.2.15-1.el7_2.ppc64le.rpm postgresql-plpython-9.2.15-1.el7_2.ppc64le.rpm postgresql-pltcl-9.2.15-1.el7_2.ppc64le.rpm postgresql-server-9.2.15-1.el7_2.ppc64le.rpm postgresql-test-9.2.15-1.el7_2.ppc64le.rpm s390x: postgresql-9.2.15-1.el7_2.s390.rpm postgresql-9.2.15-1.el7_2.s390x.rpm postgresql-contrib-9.2.15-1.el7_2.s390x.rpm postgresql-debuginfo-9.2.15-1.el7_2.s390.rpm postgresql-debuginfo-9.2.15-1.el7_2.s390x.rpm postgresql-devel-9.2.15-1.el7_2.s390.rpm postgresql-devel-9.2.15-1.el7_2.s390x.rpm postgresql-docs-9.2.15-1.el7_2.s390x.rpm postgresql-libs-9.2.15-1.el7_2.s390.rpm postgresql-libs-9.2.15-1.el7_2.s390x.rpm postgresql-plperl-9.2.15-1.el7_2.s390x.rpm postgresql-plpython-9.2.15-1.el7_2.s390x.rpm postgresql-pltcl-9.2.15-1.el7_2.s390x.rpm postgresql-server-9.2.15-1.el7_2.s390x.rpm postgresql-test-9.2.15-1.el7_2.s390x.rpm x86_64: postgresql-9.2.15-1.el7_2.i686.rpm postgresql-9.2.15-1.el7_2.x86_64.rpm postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm postgresql-debuginfo-9.2.15-1.el7_2.i686.rpm postgresql-debuginfo-9.2.15-1.el7_2.x86_64.rpm postgresql-devel-9.2.15-1.el7_2.i686.rpm postgresql-devel-9.2.15-1.el7_2.x86_64.rpm postgresql-docs-9.2.15-1.el7_2.x86_64.rpm postgresql-libs-9.2.15-1.el7_2.i686.rpm postgresql-libs-9.2.15-1.el7_2.x86_64.rpm postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm postgresql-server-9.2.15-1.el7_2.x86_64.rpm postgresql-test-9.2.15-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: postgresql-debuginfo-9.2.15-1.el7_2.ppc64.rpm postgresql-upgrade-9.2.15-1.el7_2.ppc64.rpm ppc64le: postgresql-debuginfo-9.2.15-1.el7_2.ppc64le.rpm postgresql-upgrade-9.2.15-1.el7_2.ppc64le.rpm s390x: postgresql-debuginfo-9.2.15-1.el7_2.s390x.rpm postgresql-upgrade-9.2.15-1.el7_2.s390x.rpm x86_64: postgresql-debuginfo-9.2.15-1.el7_2.x86_64.rpm postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: postgresql-9.2.15-1.el7_2.src.rpm x86_64: postgresql-9.2.15-1.el7_2.i686.rpm postgresql-9.2.15-1.el7_2.x86_64.rpm postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm postgresql-debuginfo-9.2.15-1.el7_2.i686.rpm postgresql-debuginfo-9.2.15-1.el7_2.x86_64.rpm postgresql-devel-9.2.15-1.el7_2.i686.rpm postgresql-devel-9.2.15-1.el7_2.x86_64.rpm postgresql-docs-9.2.15-1.el7_2.x86_64.rpm postgresql-libs-9.2.15-1.el7_2.i686.rpm postgresql-libs-9.2.15-1.el7_2.x86_64.rpm postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm postgresql-server-9.2.15-1.el7_2.x86_64.rpm postgresql-test-9.2.15-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: postgresql-debuginfo-9.2.15-1.el7_2.x86_64.rpm postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0773 https://access.redhat.com/security/updates/classification/#important http://www.postgresql.org/about/news/1644/ http://www.postgresql.org/docs/current/static/release-9-2-15.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW10OtXlSAg2UNWIIRAtJ6AJ9IHgTHwJnOylXgvWWU85wBESnOswCePPwu W4+fYNq8Ty6aCfNIjuEkwP8= =y3lO -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 19:50:31 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Mar 2016 19:50:31 +0000 Subject: [RHSA-2016:0347-01] Important: postgresql security update Message-ID: <201603021950.u22JoVfO002121@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: postgresql security update Advisory ID: RHSA-2016:0347-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0347.html Issue date: 2016-03-02 CVE Names: CVE-2016-0773 ===================================================================== 1. Summary: Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303832 - CVE-2016-0773 postgresql: case insensitive range handling integer overflow leading to buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: postgresql-8.4.20-5.el6_7.src.rpm i386: postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-libs-8.4.20-5.el6_7.i686.rpm x86_64: postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.x86_64.rpm postgresql-libs-8.4.20-5.el6_7.i686.rpm postgresql-libs-8.4.20-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: postgresql-8.4.20-5.el6_7.i686.rpm postgresql-contrib-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-devel-8.4.20-5.el6_7.i686.rpm postgresql-docs-8.4.20-5.el6_7.i686.rpm postgresql-plperl-8.4.20-5.el6_7.i686.rpm postgresql-plpython-8.4.20-5.el6_7.i686.rpm postgresql-pltcl-8.4.20-5.el6_7.i686.rpm postgresql-server-8.4.20-5.el6_7.i686.rpm postgresql-test-8.4.20-5.el6_7.i686.rpm x86_64: postgresql-8.4.20-5.el6_7.i686.rpm postgresql-8.4.20-5.el6_7.x86_64.rpm postgresql-contrib-8.4.20-5.el6_7.x86_64.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.x86_64.rpm postgresql-devel-8.4.20-5.el6_7.i686.rpm postgresql-devel-8.4.20-5.el6_7.x86_64.rpm postgresql-docs-8.4.20-5.el6_7.x86_64.rpm postgresql-plperl-8.4.20-5.el6_7.x86_64.rpm postgresql-plpython-8.4.20-5.el6_7.x86_64.rpm postgresql-pltcl-8.4.20-5.el6_7.x86_64.rpm postgresql-server-8.4.20-5.el6_7.x86_64.rpm postgresql-test-8.4.20-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: postgresql-8.4.20-5.el6_7.src.rpm x86_64: postgresql-8.4.20-5.el6_7.i686.rpm postgresql-8.4.20-5.el6_7.x86_64.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.x86_64.rpm postgresql-libs-8.4.20-5.el6_7.i686.rpm postgresql-libs-8.4.20-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: postgresql-contrib-8.4.20-5.el6_7.x86_64.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.x86_64.rpm postgresql-devel-8.4.20-5.el6_7.i686.rpm postgresql-devel-8.4.20-5.el6_7.x86_64.rpm postgresql-docs-8.4.20-5.el6_7.x86_64.rpm postgresql-plperl-8.4.20-5.el6_7.x86_64.rpm postgresql-plpython-8.4.20-5.el6_7.x86_64.rpm postgresql-pltcl-8.4.20-5.el6_7.x86_64.rpm postgresql-server-8.4.20-5.el6_7.x86_64.rpm postgresql-test-8.4.20-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: postgresql-8.4.20-5.el6_7.src.rpm i386: postgresql-8.4.20-5.el6_7.i686.rpm postgresql-contrib-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-devel-8.4.20-5.el6_7.i686.rpm postgresql-docs-8.4.20-5.el6_7.i686.rpm postgresql-libs-8.4.20-5.el6_7.i686.rpm postgresql-plperl-8.4.20-5.el6_7.i686.rpm postgresql-plpython-8.4.20-5.el6_7.i686.rpm postgresql-pltcl-8.4.20-5.el6_7.i686.rpm postgresql-server-8.4.20-5.el6_7.i686.rpm postgresql-test-8.4.20-5.el6_7.i686.rpm ppc64: postgresql-8.4.20-5.el6_7.ppc.rpm postgresql-8.4.20-5.el6_7.ppc64.rpm postgresql-contrib-8.4.20-5.el6_7.ppc64.rpm postgresql-debuginfo-8.4.20-5.el6_7.ppc.rpm postgresql-debuginfo-8.4.20-5.el6_7.ppc64.rpm postgresql-devel-8.4.20-5.el6_7.ppc.rpm postgresql-devel-8.4.20-5.el6_7.ppc64.rpm postgresql-docs-8.4.20-5.el6_7.ppc64.rpm postgresql-libs-8.4.20-5.el6_7.ppc.rpm postgresql-libs-8.4.20-5.el6_7.ppc64.rpm postgresql-plperl-8.4.20-5.el6_7.ppc64.rpm postgresql-plpython-8.4.20-5.el6_7.ppc64.rpm postgresql-pltcl-8.4.20-5.el6_7.ppc64.rpm postgresql-server-8.4.20-5.el6_7.ppc64.rpm postgresql-test-8.4.20-5.el6_7.ppc64.rpm s390x: postgresql-8.4.20-5.el6_7.s390.rpm postgresql-8.4.20-5.el6_7.s390x.rpm postgresql-contrib-8.4.20-5.el6_7.s390x.rpm postgresql-debuginfo-8.4.20-5.el6_7.s390.rpm postgresql-debuginfo-8.4.20-5.el6_7.s390x.rpm postgresql-devel-8.4.20-5.el6_7.s390.rpm postgresql-devel-8.4.20-5.el6_7.s390x.rpm postgresql-docs-8.4.20-5.el6_7.s390x.rpm postgresql-libs-8.4.20-5.el6_7.s390.rpm postgresql-libs-8.4.20-5.el6_7.s390x.rpm postgresql-plperl-8.4.20-5.el6_7.s390x.rpm postgresql-plpython-8.4.20-5.el6_7.s390x.rpm postgresql-pltcl-8.4.20-5.el6_7.s390x.rpm postgresql-server-8.4.20-5.el6_7.s390x.rpm postgresql-test-8.4.20-5.el6_7.s390x.rpm x86_64: postgresql-8.4.20-5.el6_7.i686.rpm postgresql-8.4.20-5.el6_7.x86_64.rpm postgresql-contrib-8.4.20-5.el6_7.x86_64.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.x86_64.rpm postgresql-devel-8.4.20-5.el6_7.i686.rpm postgresql-devel-8.4.20-5.el6_7.x86_64.rpm postgresql-docs-8.4.20-5.el6_7.x86_64.rpm postgresql-libs-8.4.20-5.el6_7.i686.rpm postgresql-libs-8.4.20-5.el6_7.x86_64.rpm postgresql-plperl-8.4.20-5.el6_7.x86_64.rpm postgresql-plpython-8.4.20-5.el6_7.x86_64.rpm postgresql-pltcl-8.4.20-5.el6_7.x86_64.rpm postgresql-server-8.4.20-5.el6_7.x86_64.rpm postgresql-test-8.4.20-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: postgresql-8.4.20-5.el6_7.src.rpm i386: postgresql-8.4.20-5.el6_7.i686.rpm postgresql-contrib-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-devel-8.4.20-5.el6_7.i686.rpm postgresql-docs-8.4.20-5.el6_7.i686.rpm postgresql-libs-8.4.20-5.el6_7.i686.rpm postgresql-plperl-8.4.20-5.el6_7.i686.rpm postgresql-plpython-8.4.20-5.el6_7.i686.rpm postgresql-pltcl-8.4.20-5.el6_7.i686.rpm postgresql-server-8.4.20-5.el6_7.i686.rpm postgresql-test-8.4.20-5.el6_7.i686.rpm x86_64: postgresql-8.4.20-5.el6_7.i686.rpm postgresql-8.4.20-5.el6_7.x86_64.rpm postgresql-contrib-8.4.20-5.el6_7.x86_64.rpm postgresql-debuginfo-8.4.20-5.el6_7.i686.rpm postgresql-debuginfo-8.4.20-5.el6_7.x86_64.rpm postgresql-devel-8.4.20-5.el6_7.i686.rpm postgresql-devel-8.4.20-5.el6_7.x86_64.rpm postgresql-docs-8.4.20-5.el6_7.x86_64.rpm postgresql-libs-8.4.20-5.el6_7.i686.rpm postgresql-libs-8.4.20-5.el6_7.x86_64.rpm postgresql-plperl-8.4.20-5.el6_7.x86_64.rpm postgresql-plpython-8.4.20-5.el6_7.x86_64.rpm postgresql-pltcl-8.4.20-5.el6_7.x86_64.rpm postgresql-server-8.4.20-5.el6_7.x86_64.rpm postgresql-test-8.4.20-5.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0773 https://access.redhat.com/security/updates/classification/#important http://www.postgresql.org/about/news/1644/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW10PzXlSAg2UNWIIRAsHdAJsHyTWCGqfywQ3ULTCKKmGrTFOI+QCgtGgL HHaF2kWANv9hKOHxzLB2MIs= =x07l -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 19:51:49 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Mar 2016 19:51:49 +0000 Subject: [RHSA-2016:0348-01] Important: rh-postgresql94-postgresql security update Message-ID: <201603021951.u22Jpogh004627@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-postgresql94-postgresql security update Advisory ID: RHSA-2016:0348-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0348.html Issue date: 2016-03-02 CVE Names: CVE-2016-0773 ===================================================================== 1. Summary: Updated rh-postgresql94-postgresql packages that fix one security issue are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. This update upgrades PostgreSQL to version 9.4.6. Refer to the Release Notes linked to in the References section for a detailed list of changes since the previous version. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the rh-postgresql94-postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303832 - CVE-2016-0773 postgresql: case insensitive range handling integer overflow leading to buffer overflow 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-postgresql94-postgresql-9.4.6-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-postgresql94-postgresql-9.4.6-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-postgresql94-postgresql-9.4.6-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-postgresql94-postgresql-9.4.6-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-postgresql94-postgresql-9.4.6-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-postgresql94-postgresql-9.4.6-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-postgresql94-postgresql-9.4.6-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-postgresql94-postgresql-9.4.6-1.el7.src.rpm x86_64: rh-postgresql94-postgresql-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-server-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-test-9.4.6-1.el7.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.6-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0773 https://access.redhat.com/security/updates/classification/#important http://www.postgresql.org/about/news/1644/ http://www.postgresql.org/docs/current/static/release-9-4-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW10QdXlSAg2UNWIIRAo/bAJ9tTLB7GUtz/N1+zdH0zi25DsNaXACgigFY iBtv6Z7q/g9HLwKDwkz2aOY= =rJSQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 19:52:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Mar 2016 19:52:40 +0000 Subject: [RHSA-2016:0349-01] Important: postgresql92-postgresql security update Message-ID: <201603021952.u22Jqe2D014531@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: postgresql92-postgresql security update Advisory ID: RHSA-2016:0349-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0349.html Issue date: 2016-03-02 CVE Names: CVE-2016-0773 ===================================================================== 1. Summary: Updated postgresql92-postgresql packages that fix one security issue are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. This update upgrades PostgreSQL to version 9.2.15. Refer to the Release Notes linked to in the References section for a detailed list of changes since the previous version. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql92-postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303832 - CVE-2016-0773 postgresql: case insensitive range handling integer overflow leading to buffer overflow 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: postgresql92-postgresql-9.2.15-1.el6.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: postgresql92-postgresql-9.2.15-1.el6.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: postgresql92-postgresql-9.2.15-1.el6.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: postgresql92-postgresql-9.2.15-1.el6.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el6.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: postgresql92-postgresql-9.2.15-1.el7.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: postgresql92-postgresql-9.2.15-1.el7.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: postgresql92-postgresql-9.2.15-1.el7.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: postgresql92-postgresql-9.2.15-1.el7.src.rpm x86_64: postgresql92-postgresql-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-contrib-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-debuginfo-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-devel-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-docs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-libs-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plperl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-plpython-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-pltcl-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-server-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-test-9.2.15-1.el7.x86_64.rpm postgresql92-postgresql-upgrade-9.2.15-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0773 https://access.redhat.com/security/updates/classification/#important http://www.postgresql.org/about/news/1644/ http://www.postgresql.org/docs/current/static/release-9-2-15.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW10RsXlSAg2UNWIIRAl+gAKDC/56UFPRhPNahmJGaMQRRYgF/igCfUb6n BmylpETsw9VvojUhjqKYMl8= =+5x9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 3 16:23:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Mar 2016 16:23:57 +0000 Subject: [RHSA-2016:0351-01] Moderate: kubernetes security update Message-ID: <201603031623.u23GNvi4026200@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kubernetes security update Advisory ID: RHSA-2016:0351-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:0351 Issue date: 2016-03-03 CVE Names: CVE-2016-1905 CVE-2016-1906 ===================================================================== 1. Summary: Updated kubernetes packages that fix two security issues are now available for Red Hat OpenShift Enterprise 3.0.2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.0 - x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. (CVE-2016-1905) An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation. (CVE-2016-1906) All OpenShift Enterprise 3.0 users are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1297910 - CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control 1297916 - CVE-2016-1906 Kubernetes api server: build config to a strategy that isn't allowed by policy 6. Package List: Red Hat OpenShift Enterprise 3.0: Source: openshift-3.0.2.0-0.git.45.423f434.el7ose.src.rpm x86_64: openshift-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm openshift-clients-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm openshift-master-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm openshift-sdn-ovs-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm tuned-profiles-openshift-node-3.0.2.0-0.git.45.423f434.el7ose.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1905 https://access.redhat.com/security/cve/CVE-2016-1906 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW2GUYXlSAg2UNWIIRAhVcAJ9pouTBC24b/B7g8UHV5NB12SR3fACeMRU4 ul3KiiKQ9EEg6WDTBWbNn0w= =Mn5B -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 3 21:33:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Mar 2016 21:33:17 +0000 Subject: [RHSA-2016:0352-01] Low: openstack-glance security update Message-ID: <201603032133.u23LXH2Q016559@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2016:0352-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0352.html Issue date: 2016-03-03 CVE Names: CVE-2016-0757 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected. (CVE-2016-0757) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Erno Kuvaja of HPE as the original reporter. All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1302607 - CVE-2016-0757 openstack-glance: Glance image status manipulation through locations 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-glance-2015.1.2-2.el7ost.src.rpm noarch: openstack-glance-2015.1.2-2.el7ost.noarch.rpm openstack-glance-doc-2015.1.2-2.el7ost.noarch.rpm python-glance-2015.1.2-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0757 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW2K2PXlSAg2UNWIIRAmL4AJ0YQ40iVjS88nBfAlatUNyV7LQWagCfZnN0 eA24SAtAThw/bLoWVlzATW0= =cT4M -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 3 21:34:08 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Mar 2016 21:34:08 +0000 Subject: [RHSA-2016:0354-01] Low: openstack-glance security update Message-ID: <201603032134.u23LY9bV017174@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2016:0354-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0354.html Issue date: 2016-03-03 CVE Names: CVE-2016-0757 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected. (CVE-2016-0757) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Erno Kuvaja of HPE as the original reporter. All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1302607 - CVE-2016-0757 openstack-glance: Glance image status manipulation through locations 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-glance-2014.1.5-5.el7ost.src.rpm noarch: openstack-glance-2014.1.5-5.el7ost.noarch.rpm openstack-glance-doc-2014.1.5-5.el7ost.noarch.rpm python-glance-2014.1.5-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0757 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW2K27XlSAg2UNWIIRAhu/AJ4ssaUMrH3z3273/elSP64YLx/tcACdERVf lL1U3ayPsHXmu0c4dtIeZPM= =bhfU -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 7 01:11:03 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Mar 2016 01:11:03 +0000 Subject: [RHSA-2016:0358-01] Low: openstack-glance security update Message-ID: <201603070111.u271B4Pv032131@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2016:0358-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0358.html Issue date: 2016-03-07 CVE Names: CVE-2016-0757 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected. (CVE-2016-0757) Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Erno Kuvaja of HPE as the original reporter. All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1302607 - CVE-2016-0757 openstack-glance: Glance image status manipulation through locations 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-glance-2014.1.5-5.el6ost.src.rpm noarch: openstack-glance-2014.1.5-5.el6ost.noarch.rpm openstack-glance-doc-2014.1.5-5.el6ost.noarch.rpm python-glance-2014.1.5-5.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0757 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3NUeXlSAg2UNWIIRAsKIAKCwhM/HF+291NlEluTeIZPrz39ZGgCgv0wY qdguIcnjwhOJPVMm1DFG1ZE= =bL9d -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 7 03:45:44 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Mar 2016 03:45:44 +0000 Subject: [RHSA-2016:0359-01] Important: chromium-browser security update Message-ID: <201603070345.u273jjY5007066@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:0359-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0359.html Issue date: 2016-03-07 CVE Names: CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1630, CVE-2016-1631, CVE-2016-1632, CVE-2016-1633, CVE-2016-1634, CVE-2016-1635, CVE-2016-1636, CVE-2016-1637, CVE-2016-1638, CVE-2016-1639, CVE-2016-1640, CVE-2016-1641, CVE-2016-1642) All Chromium users should upgrade to these updated packages, which contain Chromium version 49.0.2623.75, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1314214 - CVE-2016-1630 chromium-browser: same-origin bypass in Blink 1314215 - CVE-2016-1631 chromium-browser: same-origin bypass in Pepper Plugin 1314216 - CVE-2016-1632 chromium-browser: bad cast in Extensions 1314217 - CVE-2016-1633 chromium-browser: use-after-free in Blink 1314218 - CVE-2016-1634 chromium-browser: use-after-free in Blink 1314219 - CVE-2016-1635 chromium-browser: use-after-free in Blink 1314220 - CVE-2016-1636 chromium-browser: SRI Validation Bypass 1314221 - CVE-2016-1637 chromium-browser: information leak in Skia 1314222 - CVE-2016-1638 chromium-browser: WebAPI Bypass 1314224 - CVE-2016-1639 chromium-browser: use-after-free in WebRTC 1314225 - CVE-2016-1640 chromium-browser: origin confusion in Extensions UI 1314226 - CVE-2016-1641 chromium-browser: use-after-free in Favicon 1314227 - CVE-2016-1642 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-49.0.2623.75-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.75-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.75-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.75-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-49.0.2623.75-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.75-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.75-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.75-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-49.0.2623.75-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.75-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.75-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.75-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1630 https://access.redhat.com/security/cve/CVE-2016-1631 https://access.redhat.com/security/cve/CVE-2016-1632 https://access.redhat.com/security/cve/CVE-2016-1633 https://access.redhat.com/security/cve/CVE-2016-1634 https://access.redhat.com/security/cve/CVE-2016-1635 https://access.redhat.com/security/cve/CVE-2016-1636 https://access.redhat.com/security/cve/CVE-2016-1637 https://access.redhat.com/security/cve/CVE-2016-1638 https://access.redhat.com/security/cve/CVE-2016-1639 https://access.redhat.com/security/cve/CVE-2016-1640 https://access.redhat.com/security/cve/CVE-2016-1641 https://access.redhat.com/security/cve/CVE-2016-1642 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3Pk6XlSAg2UNWIIRAu0dAJ9FnOV+sdW6CbR+Z/HTQYnVuiIMVACfbQnf PBknhwz3aSsj39TqYvJRakg= =QEVs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 06:50:00 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 06:50:00 +0000 Subject: [RHSA-2016:0360-01] Moderate: python-django security update Message-ID: <201603080650.u286o0rs017832@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0360-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0360.html Issue date: 2016-03-08 CVE Names: CVE-2015-8213 ===================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. (CVE-2015-8213) Red Hat would like to thank the Django project for reporting this issue. Upstream acknowledges Ryan Butterfield as the original reporter. All python-django users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1283553 - CVE-2015-8213 python-django: Information leak through date template filter 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7: Source: python-django-1.6.11-4.el7ost.src.rpm noarch: python-django-1.6.11-4.el7ost.noarch.rpm python-django-bash-completion-1.6.11-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8213 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3nXtXlSAg2UNWIIRAl4MAJ9KgmLtGvhJ3EGj4UZ6oMqtWUMJVwCgn9WC pswgISyMJ9Tln5RAyjwzvv8= =w2jc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 23:03:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 23:03:22 +0000 Subject: [RHSA-2016:0363-01] Important: openstack-nova security update Message-ID: <201603082303.u28N3MW4019874@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security update Advisory ID: RHSA-2016:0363-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0363.html Issue date: 2016-03-08 CVE Names: CVE-2016-2140 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. (CVE-2016-2140) This issue was discovered by Matthew Booth of Red Hat. All openstack-nova users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-nova-2015.1.2-18.1.el7ost.src.rpm noarch: openstack-nova-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-api-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-cells-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-cert-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-common-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-compute-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-conductor-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-console-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-doc-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-network-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-novncproxy-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-objectstore-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-scheduler-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-serialproxy-2015.1.2-18.1.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-2015.1.2-18.1.el7ost.noarch.rpm python-nova-2015.1.2-18.1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2140 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW31ouXlSAg2UNWIIRAqhDAKCnkMm+kVzYyb1oqsYHs9jg0QbsUACfRAb7 +QawqYQjBjVcyWPsRdC5so4= =8kV8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 23:03:42 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 23:03:42 +0000 Subject: [RHSA-2016:0364-01] Important: openstack-nova security update Message-ID: <201603082303.u28N3h23017582@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security update Advisory ID: RHSA-2016:0364-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0364.html Issue date: 2016-03-08 CVE Names: CVE-2016-2140 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. (CVE-2016-2140) This issue was discovered by Matthew Booth of Red Hat. All openstack-nova users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-nova-2014.2.3-54.1.el7ost.src.rpm noarch: openstack-nova-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-api-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-cells-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-cert-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-common-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-compute-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-conductor-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-console-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-doc-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-network-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-novncproxy-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-objectstore-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-scheduler-2014.2.3-54.1.el7ost.noarch.rpm openstack-nova-serialproxy-2014.2.3-54.1.el7ost.noarch.rpm python-nova-2014.2.3-54.1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2140 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW31pEXlSAg2UNWIIRApePAKCM6Jvx0KG5Nrg7d5OZlorN58Yn8ACfQ3EJ vzaNzoCqyYIYHYW7uZWBjAQ= =0cNH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 23:04:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 23:04:04 +0000 Subject: [RHSA-2016:0365-01] Important: openstack-nova security update Message-ID: <201603082304.u28N44jS003359@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security update Advisory ID: RHSA-2016:0365-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0365.html Issue date: 2016-03-08 CVE Names: CVE-2016-2140 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. (CVE-2016-2140) This issue was discovered by Matthew Booth of Red Hat. All openstack-nova users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-nova-2014.1.5-28.el7ost.src.rpm noarch: openstack-nova-2014.1.5-28.el7ost.noarch.rpm openstack-nova-api-2014.1.5-28.el7ost.noarch.rpm openstack-nova-cells-2014.1.5-28.el7ost.noarch.rpm openstack-nova-cert-2014.1.5-28.el7ost.noarch.rpm openstack-nova-common-2014.1.5-28.el7ost.noarch.rpm openstack-nova-compute-2014.1.5-28.el7ost.noarch.rpm openstack-nova-conductor-2014.1.5-28.el7ost.noarch.rpm openstack-nova-console-2014.1.5-28.el7ost.noarch.rpm openstack-nova-doc-2014.1.5-28.el7ost.noarch.rpm openstack-nova-network-2014.1.5-28.el7ost.noarch.rpm openstack-nova-novncproxy-2014.1.5-28.el7ost.noarch.rpm openstack-nova-objectstore-2014.1.5-28.el7ost.noarch.rpm openstack-nova-scheduler-2014.1.5-28.el7ost.noarch.rpm openstack-nova-serialproxy-2014.1.5-28.el7ost.noarch.rpm python-nova-2014.1.5-28.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2140 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW31pZXlSAg2UNWIIRAoWMAKCAmLww7E3qfXngOpj1p6pk0KMBYACbBJO0 Cd1mfwPzmsvUa7MG6X2I41U= =lyxJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 23:04:54 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 23:04:54 +0000 Subject: [RHSA-2016:0366-01] Important: openstack-nova security update Message-ID: <201603082304.u28N4sZe013847@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security update Advisory ID: RHSA-2016:0366-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0366.html Issue date: 2016-03-08 CVE Names: CVE-2016-2140 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. (CVE-2016-2140) This issue was discovered by Matthew Booth of Red Hat. All openstack-nova users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-nova-2014.1.5-28.el6ost.src.rpm noarch: openstack-nova-2014.1.5-28.el6ost.noarch.rpm openstack-nova-api-2014.1.5-28.el6ost.noarch.rpm openstack-nova-cells-2014.1.5-28.el6ost.noarch.rpm openstack-nova-cert-2014.1.5-28.el6ost.noarch.rpm openstack-nova-common-2014.1.5-28.el6ost.noarch.rpm openstack-nova-compute-2014.1.5-28.el6ost.noarch.rpm openstack-nova-conductor-2014.1.5-28.el6ost.noarch.rpm openstack-nova-console-2014.1.5-28.el6ost.noarch.rpm openstack-nova-doc-2014.1.5-28.el6ost.noarch.rpm openstack-nova-network-2014.1.5-28.el6ost.noarch.rpm openstack-nova-novncproxy-2014.1.5-28.el6ost.noarch.rpm openstack-nova-objectstore-2014.1.5-28.el6ost.noarch.rpm openstack-nova-scheduler-2014.1.5-28.el6ost.noarch.rpm openstack-nova-serialproxy-2014.1.5-28.el6ost.noarch.rpm python-nova-2014.1.5-28.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2140 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW31qMXlSAg2UNWIIRAkvoAJ4//4jX001lbBU08TAGw6TULk/b0ACggjyw bL4FzHR3HecIF0rx7aLXjMI= =OxdZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 23:05:19 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 23:05:19 +0000 Subject: [RHSA-2016:0367-01] Moderate: rabbitmq-server security and bugfix update Message-ID: <201603082305.u28N5JIP018509@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rabbitmq-server security and bugfix update Advisory ID: RHSA-2016:0367-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0367.html Issue date: 2016-03-08 CVE Names: CVE-2014-9649 CVE-2014-9650 ===================================================================== 1. Summary: Updated rabbitmq-server packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL (not escaped). (CVE-2014-9649) A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data. (CVE-2014-9650) All rabbitmq-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185514 - CVE-2014-9649 RabbitMQ: /api/... XSS vulnerability 1185515 - CVE-2014-9650 RabbitMQ: /api/definitions response splitting vulnerability 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: rabbitmq-server-3.3.5-18.el7ost.src.rpm noarch: rabbitmq-server-3.3.5-18.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9649 https://access.redhat.com/security/cve/CVE-2014-9650 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW31qgXlSAg2UNWIIRAiJrAKCjU0rgckFY9EkOkEGvfC3pXpPp3ACgjrlt xdlWLEBogGyus/vzl5bSAOs= =fkb9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 23:05:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 23:05:35 +0000 Subject: [RHSA-2016:0368-01] Moderate: rabbitmq-server security update Message-ID: <201603082305.u28N5Z8i000506@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rabbitmq-server security update Advisory ID: RHSA-2016:0368-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0368.html Issue date: 2016-03-08 CVE Names: CVE-2014-9649 CVE-2014-9650 ===================================================================== 1. Summary: Updated rabbitmq-server packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL (not escaped). (CVE-2014-9649) A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data. (CVE-2014-9650) All rabbitmq-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185514 - CVE-2014-9649 RabbitMQ: /api/... XSS vulnerability 1185515 - CVE-2014-9650 RabbitMQ: /api/definitions response splitting vulnerability 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: rabbitmq-server-3.1.5-6.1.el6ost.src.rpm noarch: rabbitmq-server-3.1.5-6.1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9649 https://access.redhat.com/security/cve/CVE-2014-9650 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW31q3XlSAg2UNWIIRAoZKAJwMMjXJCwwc0UEibJkQLzVGm5zevwCght51 xE8c/TBrdNotlibCkKlIF/A= =YdBh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 23:06:12 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2016 23:06:12 +0000 Subject: [RHSA-2016:0369-01] Moderate: rabbitmq-server security and bug fix update Message-ID: <201603082306.u28N6CWK000759@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rabbitmq-server security and bug fix update Advisory ID: RHSA-2016:0369-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0369.html Issue date: 2016-03-08 CVE Names: CVE-2014-9649 CVE-2014-9650 ===================================================================== 1. Summary: Updated rabbitmq-server packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL (not escaped). (CVE-2014-9649) A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data. (CVE-2014-9650) This update also fixes the following bug: * Previously, if the rabbit_mirror_queue_master did not return when using HA and 'auto_delete' queues, the RabbitMQ server blocked channels during termination. These channels would then have no associated connections and were displayed as 'unknown'. This issue has been resolved. (BZ#1303748) All rabbitmq-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185514 - CVE-2014-9649 RabbitMQ: /api/... XSS vulnerability 1185515 - CVE-2014-9650 RabbitMQ: /api/definitions response splitting vulnerability 1303748 - Blocked channels and queues using HA 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: rabbitmq-server-3.3.5-18.el7ost.src.rpm noarch: rabbitmq-server-3.3.5-18.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9649 https://access.redhat.com/security/cve/CVE-2014-9650 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW31rIXlSAg2UNWIIRAjdPAJ0fUKzs8LLSgcU8c88sbTRQ73jt8ACbBPzH guBG3UJRN1ejmepjcXyntdU= =g/pj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 03:57:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2016 03:57:51 +0000 Subject: [RHSA-2016:0370-01] Critical: nss-util security update Message-ID: <201603090357.u293vpEJ031797@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0370-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0370.html Issue date: 2016-03-09 CVE Names: CVE-2016-1950 ===================================================================== 1. Summary: Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm ppc64: nss-util-3.19.1-5.el6_7.ppc.rpm nss-util-3.19.1-5.el6_7.ppc64.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc64.rpm nss-util-devel-3.19.1-5.el6_7.ppc.rpm nss-util-devel-3.19.1-5.el6_7.ppc64.rpm s390x: nss-util-3.19.1-5.el6_7.s390.rpm nss-util-3.19.1-5.el6_7.s390x.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390x.rpm nss-util-devel-3.19.1-5.el6_7.s390.rpm nss-util-devel-3.19.1-5.el6_7.s390x.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm ppc64: nss-util-3.19.1-9.el7_2.ppc.rpm nss-util-3.19.1-9.el7_2.ppc64.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64.rpm nss-util-devel-3.19.1-9.el7_2.ppc.rpm nss-util-devel-3.19.1-9.el7_2.ppc64.rpm ppc64le: nss-util-3.19.1-9.el7_2.ppc64le.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64le.rpm nss-util-devel-3.19.1-9.el7_2.ppc64le.rpm s390x: nss-util-3.19.1-9.el7_2.s390.rpm nss-util-3.19.1-9.el7_2.s390x.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390x.rpm nss-util-devel-3.19.1-9.el7_2.s390.rpm nss-util-devel-3.19.1-9.el7_2.s390x.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3580XlSAg2UNWIIRAovDAJwKx54WxiK95+n4U/9G+nDl0wRlYwCeM1lR iGa2ZA5NBkpEYzNEuWdBT74= =dxl7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 03:58:30 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2016 03:58:30 +0000 Subject: [RHSA-2016:0371-01] Critical: nss security update Message-ID: <201603090358.u293wVZv011261@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: nss security update Advisory ID: RHSA-2016:0371-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0371.html Issue date: 2016-03-09 CVE Names: CVE-2016-1950 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: nss-3.19.1-4.el5_11.src.rpm i386: nss-3.19.1-4.el5_11.i386.rpm nss-debuginfo-3.19.1-4.el5_11.i386.rpm nss-tools-3.19.1-4.el5_11.i386.rpm x86_64: nss-3.19.1-4.el5_11.i386.rpm nss-3.19.1-4.el5_11.x86_64.rpm nss-debuginfo-3.19.1-4.el5_11.i386.rpm nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm nss-tools-3.19.1-4.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: nss-3.19.1-4.el5_11.src.rpm i386: nss-debuginfo-3.19.1-4.el5_11.i386.rpm nss-devel-3.19.1-4.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm x86_64: nss-debuginfo-3.19.1-4.el5_11.i386.rpm nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm nss-devel-3.19.1-4.el5_11.i386.rpm nss-devel-3.19.1-4.el5_11.x86_64.rpm nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-4.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: nss-3.19.1-4.el5_11.src.rpm i386: nss-3.19.1-4.el5_11.i386.rpm nss-debuginfo-3.19.1-4.el5_11.i386.rpm nss-devel-3.19.1-4.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm nss-tools-3.19.1-4.el5_11.i386.rpm ia64: nss-3.19.1-4.el5_11.i386.rpm nss-3.19.1-4.el5_11.ia64.rpm nss-debuginfo-3.19.1-4.el5_11.i386.rpm nss-debuginfo-3.19.1-4.el5_11.ia64.rpm nss-devel-3.19.1-4.el5_11.ia64.rpm nss-pkcs11-devel-3.19.1-4.el5_11.ia64.rpm nss-tools-3.19.1-4.el5_11.ia64.rpm ppc: nss-3.19.1-4.el5_11.ppc.rpm nss-3.19.1-4.el5_11.ppc64.rpm nss-debuginfo-3.19.1-4.el5_11.ppc.rpm nss-debuginfo-3.19.1-4.el5_11.ppc64.rpm nss-devel-3.19.1-4.el5_11.ppc.rpm nss-devel-3.19.1-4.el5_11.ppc64.rpm nss-pkcs11-devel-3.19.1-4.el5_11.ppc.rpm nss-pkcs11-devel-3.19.1-4.el5_11.ppc64.rpm nss-tools-3.19.1-4.el5_11.ppc.rpm s390x: nss-3.19.1-4.el5_11.s390.rpm nss-3.19.1-4.el5_11.s390x.rpm nss-debuginfo-3.19.1-4.el5_11.s390.rpm nss-debuginfo-3.19.1-4.el5_11.s390x.rpm nss-devel-3.19.1-4.el5_11.s390.rpm nss-devel-3.19.1-4.el5_11.s390x.rpm nss-pkcs11-devel-3.19.1-4.el5_11.s390.rpm nss-pkcs11-devel-3.19.1-4.el5_11.s390x.rpm nss-tools-3.19.1-4.el5_11.s390x.rpm x86_64: nss-3.19.1-4.el5_11.i386.rpm nss-3.19.1-4.el5_11.x86_64.rpm nss-debuginfo-3.19.1-4.el5_11.i386.rpm nss-debuginfo-3.19.1-4.el5_11.x86_64.rpm nss-devel-3.19.1-4.el5_11.i386.rpm nss-devel-3.19.1-4.el5_11.x86_64.rpm nss-pkcs11-devel-3.19.1-4.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-4.el5_11.x86_64.rpm nss-tools-3.19.1-4.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW359gXlSAg2UNWIIRAhDFAKCj8k3y/O++dRJZBO19kKgCEiP8ewCeNwSO JbuBwayp9maqdfcwxwlzrxM= =74nU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 04:16:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2016 04:16:04 +0000 Subject: [RHSA-2016:0372-01] Important: openssl098e security update Message-ID: <201603090416.u294G5do001064@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl098e security update Advisory ID: RHSA-2016:0372-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0372.html Issue date: 2016-03-09 CVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 ===================================================================== 1. Summary: Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia K?sper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm ppc64: openssl098e-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-0.9.8e-20.el6_7.1.ppc64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc64.rpm s390x: openssl098e-0.9.8e-20.el6_7.1.s390.rpm openssl098e-0.9.8e-20.el6_7.1.s390x.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390x.rpm x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm ppc64: openssl098e-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-0.9.8e-29.el7_2.3.ppc64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc64.rpm s390x: openssl098e-0.9.8e-29.el7_2.3.s390.rpm openssl098e-0.9.8e-29.el7_2.3.s390x.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390x.rpm x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0703 https://access.redhat.com/security/cve/CVE-2016-0704 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW36N0XlSAg2UNWIIRAqYBAJ98/98OOTx9c6LlkPHMl7SfneXccQCfX2LY BQ+47lH1uQT1a3RxlYkETOk= =TqD1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 05:26:36 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2016 05:26:36 +0000 Subject: [RHSA-2016:0373-01] Critical: firefox security update Message-ID: <201603090527.u295RHMH003066@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:0373-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0373.html Issue date: 2016-03-09 CVE Names: CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1973 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi, ca0nguyen, lokihardt, Dominique Haza?l-Massieux, Nicolas Gr?goire, Tsubasa Iinuma, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1315566 - CVE-2016-1952 Mozilla: Miscellaneous memory safety hazards (rv:38.7) (MFSA 2016-16) 1315569 - CVE-2016-1954 Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17) 1315573 - CVE-2016-1957 Mozilla: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20) 1315574 - CVE-2016-1958 Mozilla: Displayed page address can be overridden (MFSA 2016-21) 1315576 - CVE-2016-1960 Mozilla: Use-after-free in HTML5 string parser (MFSA 2016-23) 1315577 - CVE-2016-1961 Mozilla: Use-after-free in SetBody (MFSA 2016-24) 1315578 - CVE-2016-1962 Mozilla: Use-after-free when using multiple WebRTC data channels (MFSA 2016-25) 1315774 - CVE-2016-1964 Mozilla: Use-after-free during XML transformations (MFSA 2016-27) 1315775 - CVE-2016-1965 Mozilla: Addressbar spoofing though history navigation and Location protocol property (MFSA 2016-28) 1315778 - CVE-2016-1966 Mozilla: Memory corruption with malicious NPAPI plugin (MFSA 2016-31) 1315782 - CVE-2016-1973 Mozilla: Use-after-free in GetStaticInstance in WebRTC (MFSA 2016-33) 1315785 - CVE-2016-1974 Mozilla: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34) 1315795 - Mozilla: Font vulnerabilities in the Graphite 2 library (MFSA 2016-37) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-38.7.0-1.el5_11.src.rpm i386: firefox-38.7.0-1.el5_11.i386.rpm firefox-debuginfo-38.7.0-1.el5_11.i386.rpm x86_64: firefox-38.7.0-1.el5_11.i386.rpm firefox-38.7.0-1.el5_11.x86_64.rpm firefox-debuginfo-38.7.0-1.el5_11.i386.rpm firefox-debuginfo-38.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-38.7.0-1.el5_11.src.rpm i386: firefox-38.7.0-1.el5_11.i386.rpm firefox-debuginfo-38.7.0-1.el5_11.i386.rpm ppc: firefox-38.7.0-1.el5_11.ppc64.rpm firefox-debuginfo-38.7.0-1.el5_11.ppc64.rpm s390x: firefox-38.7.0-1.el5_11.s390.rpm firefox-38.7.0-1.el5_11.s390x.rpm firefox-debuginfo-38.7.0-1.el5_11.s390.rpm firefox-debuginfo-38.7.0-1.el5_11.s390x.rpm x86_64: firefox-38.7.0-1.el5_11.i386.rpm firefox-38.7.0-1.el5_11.x86_64.rpm firefox-debuginfo-38.7.0-1.el5_11.i386.rpm firefox-debuginfo-38.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-38.7.0-1.el6_7.src.rpm i386: firefox-38.7.0-1.el6_7.i686.rpm firefox-debuginfo-38.7.0-1.el6_7.i686.rpm x86_64: firefox-38.7.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.7.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-38.7.0-1.el6_7.i686.rpm firefox-debuginfo-38.7.0-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-38.7.0-1.el6_7.src.rpm x86_64: firefox-38.7.0-1.el6_7.i686.rpm firefox-38.7.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.7.0-1.el6_7.i686.rpm firefox-debuginfo-38.7.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-38.7.0-1.el6_7.src.rpm i386: firefox-38.7.0-1.el6_7.i686.rpm firefox-debuginfo-38.7.0-1.el6_7.i686.rpm ppc64: firefox-38.7.0-1.el6_7.ppc64.rpm firefox-debuginfo-38.7.0-1.el6_7.ppc64.rpm s390x: firefox-38.7.0-1.el6_7.s390x.rpm firefox-debuginfo-38.7.0-1.el6_7.s390x.rpm x86_64: firefox-38.7.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.7.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-38.7.0-1.el6_7.ppc.rpm firefox-debuginfo-38.7.0-1.el6_7.ppc.rpm s390x: firefox-38.7.0-1.el6_7.s390.rpm firefox-debuginfo-38.7.0-1.el6_7.s390.rpm x86_64: firefox-38.7.0-1.el6_7.i686.rpm firefox-debuginfo-38.7.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-38.7.0-1.el6_7.src.rpm i386: firefox-38.7.0-1.el6_7.i686.rpm firefox-debuginfo-38.7.0-1.el6_7.i686.rpm x86_64: firefox-38.7.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.7.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-38.7.0-1.el6_7.i686.rpm firefox-debuginfo-38.7.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-38.7.0-1.el7_2.src.rpm x86_64: firefox-38.7.0-1.el7_2.x86_64.rpm firefox-debuginfo-38.7.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-38.7.0-1.el7_2.i686.rpm firefox-debuginfo-38.7.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.7.0-1.el7_2.src.rpm ppc64: firefox-38.7.0-1.el7_2.ppc64.rpm firefox-debuginfo-38.7.0-1.el7_2.ppc64.rpm ppc64le: firefox-38.7.0-1.el7_2.ppc64le.rpm firefox-debuginfo-38.7.0-1.el7_2.ppc64le.rpm s390x: firefox-38.7.0-1.el7_2.s390x.rpm firefox-debuginfo-38.7.0-1.el7_2.s390x.rpm x86_64: firefox-38.7.0-1.el7_2.x86_64.rpm firefox-debuginfo-38.7.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-38.7.0-1.el7_2.ppc.rpm firefox-debuginfo-38.7.0-1.el7_2.ppc.rpm s390x: firefox-38.7.0-1.el7_2.s390.rpm firefox-debuginfo-38.7.0-1.el7_2.s390.rpm x86_64: firefox-38.7.0-1.el7_2.i686.rpm firefox-debuginfo-38.7.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-38.7.0-1.el7_2.src.rpm x86_64: firefox-38.7.0-1.el7_2.x86_64.rpm firefox-debuginfo-38.7.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-38.7.0-1.el7_2.i686.rpm firefox-debuginfo-38.7.0-1.el7_2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1952 https://access.redhat.com/security/cve/CVE-2016-1954 https://access.redhat.com/security/cve/CVE-2016-1957 https://access.redhat.com/security/cve/CVE-2016-1958 https://access.redhat.com/security/cve/CVE-2016-1960 https://access.redhat.com/security/cve/CVE-2016-1961 https://access.redhat.com/security/cve/CVE-2016-1962 https://access.redhat.com/security/cve/CVE-2016-1964 https://access.redhat.com/security/cve/CVE-2016-1965 https://access.redhat.com/security/cve/CVE-2016-1966 https://access.redhat.com/security/cve/CVE-2016-1973 https://access.redhat.com/security/cve/CVE-2016-1974 https://access.redhat.com/security/cve/CVE-2016-1977 https://access.redhat.com/security/cve/CVE-2016-2790 https://access.redhat.com/security/cve/CVE-2016-2791 https://access.redhat.com/security/cve/CVE-2016-2792 https://access.redhat.com/security/cve/CVE-2016-2793 https://access.redhat.com/security/cve/CVE-2016-2794 https://access.redhat.com/security/cve/CVE-2016-2795 https://access.redhat.com/security/cve/CVE-2016-2796 https://access.redhat.com/security/cve/CVE-2016-2797 https://access.redhat.com/security/cve/CVE-2016-2798 https://access.redhat.com/security/cve/CVE-2016-2799 https://access.redhat.com/security/cve/CVE-2016-2800 https://access.redhat.com/security/cve/CVE-2016-2801 https://access.redhat.com/security/cve/CVE-2016-2802 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.7 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW37PNXlSAg2UNWIIRAkEeAKC+U3ddRqxnAKSIJiWqprAYi/NXbgCdGXYX czOpiopD4F8/xT1+Pnm+TzA= =qfo5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 10 07:49:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2016 07:49:40 +0000 Subject: [RHSA-2016:0428-01] Moderate: libssh2 security update Message-ID: <201603100749.u2A7neGP019559@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libssh2 security update Advisory ID: RHSA-2016:0428-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0428.html Issue date: 2016-03-10 CVE Names: CVE-2016-0787 ===================================================================== 1. Summary: Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787) Red Hat would like to thank Aris Adamantiadis for reporting this issue. All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1306021 - CVE-2016-0787 libssh2: bits/bytes confusion resulting in truncated Diffie-Hellman secret length 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libssh2-1.4.2-2.el6_7.1.src.rpm i386: libssh2-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm x86_64: libssh2-1.4.2-2.el6_7.1.i686.rpm libssh2-1.4.2-2.el6_7.1.x86_64.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-devel-1.4.2-2.el6_7.1.i686.rpm libssh2-docs-1.4.2-2.el6_7.1.i686.rpm x86_64: libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm libssh2-devel-1.4.2-2.el6_7.1.i686.rpm libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libssh2-1.4.2-2.el6_7.1.src.rpm x86_64: libssh2-1.4.2-2.el6_7.1.i686.rpm libssh2-1.4.2-2.el6_7.1.x86_64.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm libssh2-devel-1.4.2-2.el6_7.1.i686.rpm libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libssh2-1.4.2-2.el6_7.1.src.rpm i386: libssh2-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm ppc64: libssh2-1.4.2-2.el6_7.1.ppc.rpm libssh2-1.4.2-2.el6_7.1.ppc64.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.ppc.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.ppc64.rpm s390x: libssh2-1.4.2-2.el6_7.1.s390.rpm libssh2-1.4.2-2.el6_7.1.s390x.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.s390.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.s390x.rpm x86_64: libssh2-1.4.2-2.el6_7.1.i686.rpm libssh2-1.4.2-2.el6_7.1.x86_64.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-devel-1.4.2-2.el6_7.1.i686.rpm libssh2-docs-1.4.2-2.el6_7.1.i686.rpm ppc64: libssh2-debuginfo-1.4.2-2.el6_7.1.ppc.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.ppc64.rpm libssh2-devel-1.4.2-2.el6_7.1.ppc.rpm libssh2-devel-1.4.2-2.el6_7.1.ppc64.rpm libssh2-docs-1.4.2-2.el6_7.1.ppc64.rpm s390x: libssh2-debuginfo-1.4.2-2.el6_7.1.s390.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.s390x.rpm libssh2-devel-1.4.2-2.el6_7.1.s390.rpm libssh2-devel-1.4.2-2.el6_7.1.s390x.rpm libssh2-docs-1.4.2-2.el6_7.1.s390x.rpm x86_64: libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm libssh2-devel-1.4.2-2.el6_7.1.i686.rpm libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libssh2-1.4.2-2.el6_7.1.src.rpm i386: libssh2-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm x86_64: libssh2-1.4.2-2.el6_7.1.i686.rpm libssh2-1.4.2-2.el6_7.1.x86_64.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-devel-1.4.2-2.el6_7.1.i686.rpm libssh2-docs-1.4.2-2.el6_7.1.i686.rpm x86_64: libssh2-debuginfo-1.4.2-2.el6_7.1.i686.rpm libssh2-debuginfo-1.4.2-2.el6_7.1.x86_64.rpm libssh2-devel-1.4.2-2.el6_7.1.i686.rpm libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libssh2-1.4.3-10.el7_2.1.src.rpm x86_64: libssh2-1.4.3-10.el7_2.1.i686.rpm libssh2-1.4.3-10.el7_2.1.x86_64.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: libssh2-docs-1.4.3-10.el7_2.1.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm libssh2-devel-1.4.3-10.el7_2.1.i686.rpm libssh2-devel-1.4.3-10.el7_2.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libssh2-1.4.3-10.el7_2.1.src.rpm x86_64: libssh2-1.4.3-10.el7_2.1.i686.rpm libssh2-1.4.3-10.el7_2.1.x86_64.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: libssh2-docs-1.4.3-10.el7_2.1.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm libssh2-devel-1.4.3-10.el7_2.1.i686.rpm libssh2-devel-1.4.3-10.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libssh2-1.4.3-10.el7_2.1.src.rpm ppc64: libssh2-1.4.3-10.el7_2.1.ppc.rpm libssh2-1.4.3-10.el7_2.1.ppc64.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.ppc.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.ppc64.rpm ppc64le: libssh2-1.4.3-10.el7_2.1.ppc64le.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.ppc64le.rpm s390x: libssh2-1.4.3-10.el7_2.1.s390.rpm libssh2-1.4.3-10.el7_2.1.s390x.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.s390.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.s390x.rpm x86_64: libssh2-1.4.3-10.el7_2.1.i686.rpm libssh2-1.4.3-10.el7_2.1.x86_64.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: libssh2-docs-1.4.3-10.el7_2.1.noarch.rpm ppc64: libssh2-debuginfo-1.4.3-10.el7_2.1.ppc.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.ppc64.rpm libssh2-devel-1.4.3-10.el7_2.1.ppc.rpm libssh2-devel-1.4.3-10.el7_2.1.ppc64.rpm ppc64le: libssh2-debuginfo-1.4.3-10.el7_2.1.ppc64le.rpm libssh2-devel-1.4.3-10.el7_2.1.ppc64le.rpm s390x: libssh2-debuginfo-1.4.3-10.el7_2.1.s390.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.s390x.rpm libssh2-devel-1.4.3-10.el7_2.1.s390.rpm libssh2-devel-1.4.3-10.el7_2.1.s390x.rpm x86_64: libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm libssh2-devel-1.4.3-10.el7_2.1.i686.rpm libssh2-devel-1.4.3-10.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libssh2-1.4.3-10.el7_2.1.src.rpm x86_64: libssh2-1.4.3-10.el7_2.1.i686.rpm libssh2-1.4.3-10.el7_2.1.x86_64.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: libssh2-docs-1.4.3-10.el7_2.1.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-10.el7_2.1.i686.rpm libssh2-debuginfo-1.4.3-10.el7_2.1.x86_64.rpm libssh2-devel-1.4.3-10.el7_2.1.i686.rpm libssh2-devel-1.4.3-10.el7_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0787 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW4ScQXlSAg2UNWIIRApTzAKCuG+NNHVGaHtn04tpEPJ0rnc9yfACdEpra Kw20KeBvdIa4xswaYD0iOPg= =G//Z -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 10 07:50:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2016 07:50:22 +0000 Subject: [RHSA-2016:0429-01] Important: chromium-browser security update Message-ID: <201603100750.u2A7oNnt011997@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:0429-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0429.html Issue date: 2016-03-10 CVE Names: CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1643, CVE-2016-1644, CVE-2016-1645) All Chromium users should upgrade to these updated packages, which contain Chromium version 49.0.2623.87, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1315997 - CVE-2016-1643 chromium-browser: type confusion in Blink 1315998 - CVE-2016-1644 chromium-browser: use-after-free in Blink 1315999 - CVE-2016-1645 chromium-browser: out-of-bounds write in PDFium 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-49.0.2623.87-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.87-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.87-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.87-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-49.0.2623.87-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.87-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.87-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.87-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-49.0.2623.87-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.87-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.87-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.87-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1643 https://access.redhat.com/security/cve/CVE-2016-1644 https://access.redhat.com/security/cve/CVE-2016-1645 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW4ScwXlSAg2UNWIIRApv8AJ969yflUXGNztV52/oynwou1btiXwCgv5TR 5R8jmsMa7CUfW/8ZHj9281o= =RXi7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 10 16:10:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2016 11:10:13 -0500 Subject: [RHSA-2016:0430-01] Important: xerces-c security update Message-ID: <201603101610.u2AGADul024322@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xerces-c security update Advisory ID: RHSA-2016:0430-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0430.html Issue date: 2016-03-10 CVE Names: CVE-2016-0729 ===================================================================== 1. Summary: Updated xerces-c packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2016-0729) Red Hat would like to thank Gustavo Grieco for reporting this issue. All xerces-c users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using Xerces-C must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1312231 - CVE-2016-0729 xerces-c: parser crashes on malformed input 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: xerces-c-3.1.1-8.el7_2.src.rpm noarch: xerces-c-doc-3.1.1-8.el7_2.noarch.rpm x86_64: xerces-c-3.1.1-8.el7_2.i686.rpm xerces-c-3.1.1-8.el7_2.x86_64.rpm xerces-c-debuginfo-3.1.1-8.el7_2.i686.rpm xerces-c-debuginfo-3.1.1-8.el7_2.x86_64.rpm xerces-c-devel-3.1.1-8.el7_2.i686.rpm xerces-c-devel-3.1.1-8.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xerces-c-3.1.1-8.el7_2.src.rpm noarch: xerces-c-doc-3.1.1-8.el7_2.noarch.rpm x86_64: xerces-c-3.1.1-8.el7_2.x86_64.rpm xerces-c-debuginfo-3.1.1-8.el7_2.i686.rpm xerces-c-debuginfo-3.1.1-8.el7_2.x86_64.rpm xerces-c-devel-3.1.1-8.el7_2.i686.rpm xerces-c-devel-3.1.1-8.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: xerces-c-3.1.1-8.el7_2.src.rpm ppc64: xerces-c-3.1.1-8.el7_2.ppc.rpm xerces-c-3.1.1-8.el7_2.ppc64.rpm xerces-c-debuginfo-3.1.1-8.el7_2.ppc.rpm xerces-c-debuginfo-3.1.1-8.el7_2.ppc64.rpm ppc64le: xerces-c-3.1.1-8.el7_2.ppc64le.rpm xerces-c-debuginfo-3.1.1-8.el7_2.ppc64le.rpm s390x: xerces-c-3.1.1-8.el7_2.s390.rpm xerces-c-3.1.1-8.el7_2.s390x.rpm xerces-c-debuginfo-3.1.1-8.el7_2.s390.rpm xerces-c-debuginfo-3.1.1-8.el7_2.s390x.rpm x86_64: xerces-c-3.1.1-8.el7_2.i686.rpm xerces-c-3.1.1-8.el7_2.x86_64.rpm xerces-c-debuginfo-3.1.1-8.el7_2.i686.rpm xerces-c-debuginfo-3.1.1-8.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: xerces-c-doc-3.1.1-8.el7_2.noarch.rpm ppc64: xerces-c-debuginfo-3.1.1-8.el7_2.ppc.rpm xerces-c-debuginfo-3.1.1-8.el7_2.ppc64.rpm xerces-c-devel-3.1.1-8.el7_2.ppc.rpm xerces-c-devel-3.1.1-8.el7_2.ppc64.rpm ppc64le: xerces-c-debuginfo-3.1.1-8.el7_2.ppc64le.rpm xerces-c-devel-3.1.1-8.el7_2.ppc64le.rpm s390x: xerces-c-debuginfo-3.1.1-8.el7_2.s390.rpm xerces-c-debuginfo-3.1.1-8.el7_2.s390x.rpm xerces-c-devel-3.1.1-8.el7_2.s390.rpm xerces-c-devel-3.1.1-8.el7_2.s390x.rpm x86_64: xerces-c-debuginfo-3.1.1-8.el7_2.i686.rpm xerces-c-debuginfo-3.1.1-8.el7_2.x86_64.rpm xerces-c-devel-3.1.1-8.el7_2.i686.rpm xerces-c-devel-3.1.1-8.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: xerces-c-3.1.1-8.el7_2.src.rpm x86_64: xerces-c-3.1.1-8.el7_2.i686.rpm xerces-c-3.1.1-8.el7_2.x86_64.rpm xerces-c-debuginfo-3.1.1-8.el7_2.i686.rpm xerces-c-debuginfo-3.1.1-8.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: xerces-c-doc-3.1.1-8.el7_2.noarch.rpm x86_64: xerces-c-debuginfo-3.1.1-8.el7_2.i686.rpm xerces-c-debuginfo-3.1.1-8.el7_2.x86_64.rpm xerces-c-devel-3.1.1-8.el7_2.i686.rpm xerces-c-devel-3.1.1-8.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0729 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW4ZxjXlSAg2UNWIIRArLuAJ9072MPLn2eGdsyVi0J673JKl2edwCgl+wA vhGGevksGqNsLZXoytsbJPA= =qSt/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 11 18:38:00 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 11 Mar 2016 18:38:00 +0000 Subject: [RHSA-2016:0438-01] Critical: flash-plugin security update Message-ID: <201603111838.u2BIc0gF025274@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0438-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0438.html Issue date: 2016-03-11 CVE Names: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1316809 - flash-plugin: multiple code execution issues fixed in APSB16-08 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.577-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.577-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.577-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.577-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.577-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-08.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW4xBVXlSAg2UNWIIRAkCgAKCHw64puWPWdM5cVPU2vBI1mHZyFgCeI2Rx fg/pDiOCh9x1HJhk/a+BDeA= =4hyN -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 14 09:39:54 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 14 Mar 2016 09:39:54 +0000 Subject: [RHSA-2016:0440-01] Moderate: openstack-heat bug fix and security advisory Message-ID: <201603140939.u2E9dthx021672@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-heat bug fix and security advisory Advisory ID: RHSA-2016:0440-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0440.html Issue date: 2016-03-14 CVE Names: CVE-2015-5295 ===================================================================== 1. Summary: Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server. (CVE-2015-5295) This issue was discovered by Steven Hardy of Red Hat. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298295 - CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leading to DoS 1304075 - [heat] oslo.messaging holds connections when replies fail 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-heat-2014.1.5-7.el6ost.src.rpm noarch: openstack-heat-api-2014.1.5-7.el6ost.noarch.rpm openstack-heat-api-cfn-2014.1.5-7.el6ost.noarch.rpm openstack-heat-api-cloudwatch-2014.1.5-7.el6ost.noarch.rpm openstack-heat-common-2014.1.5-7.el6ost.noarch.rpm openstack-heat-engine-2014.1.5-7.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5295 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW5obeXlSAg2UNWIIRApCzAJ0bLYiKtDSVaZQIE92ZeyUPQH5QrwCfaF15 E4DtypR/OCWWalIsXxNqkeE= =7QPe -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 14 09:40:46 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 14 Mar 2016 09:40:46 +0000 Subject: [RHSA-2016:0441-01] Moderate: openstack-heat bug fix and security advisory Message-ID: <201603140940.u2E9ekHR012150@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-heat bug fix and security advisory Advisory ID: RHSA-2016:0441-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0441.html Issue date: 2016-03-14 CVE Names: CVE-2015-5295 ===================================================================== 1. Summary: Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server. (CVE-2015-5295) This issue was discovered by Steven Hardy of Red Hat. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298295 - CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leading to DoS 1304073 - [heat] oslo.messaging holds connections when replies fail 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-heat-2014.1.5-7.el7ost.src.rpm noarch: openstack-heat-api-2014.1.5-7.el7ost.noarch.rpm openstack-heat-api-cfn-2014.1.5-7.el7ost.noarch.rpm openstack-heat-api-cloudwatch-2014.1.5-7.el7ost.noarch.rpm openstack-heat-common-2014.1.5-7.el7ost.noarch.rpm openstack-heat-engine-2014.1.5-7.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5295 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW5ocCXlSAg2UNWIIRAiURAJ0UaOsdGZoDh8a9YYW0UCdMtVnqtwCgvR+N AOEzsMvFZBeKRUe+Y6Wq864= =Fw8D -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 14 09:42:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 14 Mar 2016 09:42:16 +0000 Subject: [RHSA-2016:0442-01] Moderate: openstack-heat security advisory Message-ID: <201603140942.u2E9gHup030105@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-heat security advisory Advisory ID: RHSA-2016:0442-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0442.html Issue date: 2016-03-14 CVE Names: CVE-2015-5295 ===================================================================== 1. Summary: Updated OpenStack Orchestration packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server. (CVE-2015-5295) This issue was discovered by Steven Hardy of Red Hat. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298295 - CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leading to DoS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-heat-2014.2.3-11.el7ost.src.rpm noarch: openstack-heat-api-2014.2.3-11.el7ost.noarch.rpm openstack-heat-api-cfn-2014.2.3-11.el7ost.noarch.rpm openstack-heat-api-cloudwatch-2014.2.3-11.el7ost.noarch.rpm openstack-heat-common-2014.2.3-11.el7ost.noarch.rpm openstack-heat-engine-2014.2.3-11.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5295 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW5odeXlSAg2UNWIIRAth8AKDABdxDPE6ceJ+y/jcD1YpxPvQ7NACghRsI 3IDjPS44a4N5Q8nqCob080M= =61Ao -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 15 13:26:58 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Mar 2016 13:26:58 +0000 Subject: [RHSA-2016:0448-01] Moderate: samba security update Message-ID: <201603151327.u2FDQxBb026558@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security update Advisory ID: RHSA-2016:0448-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0448.html Issue date: 2016-03-15 CVE Names: CVE-2015-7560 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1309992 - CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba-3.6.23-25.el6_7.src.rpm i386: libsmbclient-3.6.23-25.el6_7.i686.rpm samba-client-3.6.23-25.el6_7.i686.rpm samba-common-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-winbind-3.6.23-25.el6_7.i686.rpm samba-winbind-clients-3.6.23-25.el6_7.i686.rpm x86_64: libsmbclient-3.6.23-25.el6_7.i686.rpm libsmbclient-3.6.23-25.el6_7.x86_64.rpm samba-client-3.6.23-25.el6_7.x86_64.rpm samba-common-3.6.23-25.el6_7.i686.rpm samba-common-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-winbind-3.6.23-25.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-25.el6_7.i686.rpm samba-winbind-clients-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libsmbclient-devel-3.6.23-25.el6_7.i686.rpm samba-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-doc-3.6.23-25.el6_7.i686.rpm samba-domainjoin-gui-3.6.23-25.el6_7.i686.rpm samba-swat-3.6.23-25.el6_7.i686.rpm samba-winbind-devel-3.6.23-25.el6_7.i686.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.i686.rpm x86_64: libsmbclient-devel-3.6.23-25.el6_7.i686.rpm libsmbclient-devel-3.6.23-25.el6_7.x86_64.rpm samba-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-doc-3.6.23-25.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-25.el6_7.x86_64.rpm samba-glusterfs-3.6.23-25.el6_7.x86_64.rpm samba-swat-3.6.23-25.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-25.el6_7.i686.rpm samba-winbind-devel-3.6.23-25.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba-3.6.23-25.el6_7.src.rpm x86_64: samba-client-3.6.23-25.el6_7.x86_64.rpm samba-common-3.6.23-25.el6_7.i686.rpm samba-common-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-winbind-3.6.23-25.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-25.el6_7.i686.rpm samba-winbind-clients-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libsmbclient-3.6.23-25.el6_7.i686.rpm libsmbclient-3.6.23-25.el6_7.x86_64.rpm libsmbclient-devel-3.6.23-25.el6_7.i686.rpm libsmbclient-devel-3.6.23-25.el6_7.x86_64.rpm samba-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-doc-3.6.23-25.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-25.el6_7.x86_64.rpm samba-glusterfs-3.6.23-25.el6_7.x86_64.rpm samba-swat-3.6.23-25.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-25.el6_7.i686.rpm samba-winbind-devel-3.6.23-25.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba-3.6.23-25.el6_7.src.rpm i386: libsmbclient-3.6.23-25.el6_7.i686.rpm samba-3.6.23-25.el6_7.i686.rpm samba-client-3.6.23-25.el6_7.i686.rpm samba-common-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-winbind-3.6.23-25.el6_7.i686.rpm samba-winbind-clients-3.6.23-25.el6_7.i686.rpm ppc64: libsmbclient-3.6.23-25.el6_7.ppc.rpm libsmbclient-3.6.23-25.el6_7.ppc64.rpm samba-3.6.23-25.el6_7.ppc64.rpm samba-client-3.6.23-25.el6_7.ppc64.rpm samba-common-3.6.23-25.el6_7.ppc.rpm samba-common-3.6.23-25.el6_7.ppc64.rpm samba-debuginfo-3.6.23-25.el6_7.ppc.rpm samba-debuginfo-3.6.23-25.el6_7.ppc64.rpm samba-winbind-3.6.23-25.el6_7.ppc64.rpm samba-winbind-clients-3.6.23-25.el6_7.ppc.rpm samba-winbind-clients-3.6.23-25.el6_7.ppc64.rpm s390x: libsmbclient-3.6.23-25.el6_7.s390.rpm libsmbclient-3.6.23-25.el6_7.s390x.rpm samba-3.6.23-25.el6_7.s390x.rpm samba-client-3.6.23-25.el6_7.s390x.rpm samba-common-3.6.23-25.el6_7.s390.rpm samba-common-3.6.23-25.el6_7.s390x.rpm samba-debuginfo-3.6.23-25.el6_7.s390.rpm samba-debuginfo-3.6.23-25.el6_7.s390x.rpm samba-winbind-3.6.23-25.el6_7.s390x.rpm samba-winbind-clients-3.6.23-25.el6_7.s390.rpm samba-winbind-clients-3.6.23-25.el6_7.s390x.rpm x86_64: libsmbclient-3.6.23-25.el6_7.i686.rpm libsmbclient-3.6.23-25.el6_7.x86_64.rpm samba-3.6.23-25.el6_7.x86_64.rpm samba-client-3.6.23-25.el6_7.x86_64.rpm samba-common-3.6.23-25.el6_7.i686.rpm samba-common-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-winbind-3.6.23-25.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-25.el6_7.i686.rpm samba-winbind-clients-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libsmbclient-devel-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-doc-3.6.23-25.el6_7.i686.rpm samba-domainjoin-gui-3.6.23-25.el6_7.i686.rpm samba-swat-3.6.23-25.el6_7.i686.rpm samba-winbind-devel-3.6.23-25.el6_7.i686.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.i686.rpm ppc64: libsmbclient-devel-3.6.23-25.el6_7.ppc.rpm libsmbclient-devel-3.6.23-25.el6_7.ppc64.rpm samba-debuginfo-3.6.23-25.el6_7.ppc.rpm samba-debuginfo-3.6.23-25.el6_7.ppc64.rpm samba-doc-3.6.23-25.el6_7.ppc64.rpm samba-domainjoin-gui-3.6.23-25.el6_7.ppc64.rpm samba-swat-3.6.23-25.el6_7.ppc64.rpm samba-winbind-devel-3.6.23-25.el6_7.ppc.rpm samba-winbind-devel-3.6.23-25.el6_7.ppc64.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.ppc64.rpm s390x: libsmbclient-devel-3.6.23-25.el6_7.s390.rpm libsmbclient-devel-3.6.23-25.el6_7.s390x.rpm samba-debuginfo-3.6.23-25.el6_7.s390.rpm samba-debuginfo-3.6.23-25.el6_7.s390x.rpm samba-doc-3.6.23-25.el6_7.s390x.rpm samba-domainjoin-gui-3.6.23-25.el6_7.s390x.rpm samba-swat-3.6.23-25.el6_7.s390x.rpm samba-winbind-devel-3.6.23-25.el6_7.s390.rpm samba-winbind-devel-3.6.23-25.el6_7.s390x.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.s390x.rpm x86_64: libsmbclient-devel-3.6.23-25.el6_7.i686.rpm libsmbclient-devel-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-doc-3.6.23-25.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-25.el6_7.x86_64.rpm samba-glusterfs-3.6.23-25.el6_7.x86_64.rpm samba-swat-3.6.23-25.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-25.el6_7.i686.rpm samba-winbind-devel-3.6.23-25.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba-3.6.23-25.el6_7.src.rpm i386: libsmbclient-3.6.23-25.el6_7.i686.rpm samba-3.6.23-25.el6_7.i686.rpm samba-client-3.6.23-25.el6_7.i686.rpm samba-common-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-winbind-3.6.23-25.el6_7.i686.rpm samba-winbind-clients-3.6.23-25.el6_7.i686.rpm x86_64: libsmbclient-3.6.23-25.el6_7.i686.rpm libsmbclient-3.6.23-25.el6_7.x86_64.rpm samba-3.6.23-25.el6_7.x86_64.rpm samba-client-3.6.23-25.el6_7.x86_64.rpm samba-common-3.6.23-25.el6_7.i686.rpm samba-common-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-winbind-3.6.23-25.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-25.el6_7.i686.rpm samba-winbind-clients-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libsmbclient-devel-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-doc-3.6.23-25.el6_7.i686.rpm samba-domainjoin-gui-3.6.23-25.el6_7.i686.rpm samba-swat-3.6.23-25.el6_7.i686.rpm samba-winbind-devel-3.6.23-25.el6_7.i686.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.i686.rpm x86_64: libsmbclient-devel-3.6.23-25.el6_7.i686.rpm libsmbclient-devel-3.6.23-25.el6_7.x86_64.rpm samba-debuginfo-3.6.23-25.el6_7.i686.rpm samba-debuginfo-3.6.23-25.el6_7.x86_64.rpm samba-doc-3.6.23-25.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-25.el6_7.x86_64.rpm samba-glusterfs-3.6.23-25.el6_7.x86_64.rpm samba-swat-3.6.23-25.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-25.el6_7.i686.rpm samba-winbind-devel-3.6.23-25.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-25.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: samba-4.2.3-12.el7_2.src.rpm noarch: samba-common-4.2.3-12.el7_2.noarch.rpm x86_64: libsmbclient-4.2.3-12.el7_2.i686.rpm libsmbclient-4.2.3-12.el7_2.x86_64.rpm libwbclient-4.2.3-12.el7_2.i686.rpm libwbclient-4.2.3-12.el7_2.x86_64.rpm samba-client-4.2.3-12.el7_2.x86_64.rpm samba-client-libs-4.2.3-12.el7_2.i686.rpm samba-client-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-tools-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-libs-4.2.3-12.el7_2.i686.rpm samba-libs-4.2.3-12.el7_2.x86_64.rpm samba-winbind-4.2.3-12.el7_2.x86_64.rpm samba-winbind-clients-4.2.3-12.el7_2.x86_64.rpm samba-winbind-modules-4.2.3-12.el7_2.i686.rpm samba-winbind-modules-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: samba-pidl-4.2.3-12.el7_2.noarch.rpm x86_64: libsmbclient-devel-4.2.3-12.el7_2.i686.rpm libsmbclient-devel-4.2.3-12.el7_2.x86_64.rpm libwbclient-devel-4.2.3-12.el7_2.i686.rpm libwbclient-devel-4.2.3-12.el7_2.x86_64.rpm samba-4.2.3-12.el7_2.x86_64.rpm samba-dc-4.2.3-12.el7_2.x86_64.rpm samba-dc-libs-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-devel-4.2.3-12.el7_2.i686.rpm samba-devel-4.2.3-12.el7_2.x86_64.rpm samba-python-4.2.3-12.el7_2.x86_64.rpm samba-test-4.2.3-12.el7_2.x86_64.rpm samba-test-devel-4.2.3-12.el7_2.x86_64.rpm samba-test-libs-4.2.3-12.el7_2.i686.rpm samba-test-libs-4.2.3-12.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.3-12.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: samba-4.2.3-12.el7_2.src.rpm noarch: samba-common-4.2.3-12.el7_2.noarch.rpm x86_64: libsmbclient-4.2.3-12.el7_2.i686.rpm libsmbclient-4.2.3-12.el7_2.x86_64.rpm libwbclient-4.2.3-12.el7_2.i686.rpm libwbclient-4.2.3-12.el7_2.x86_64.rpm samba-client-4.2.3-12.el7_2.x86_64.rpm samba-client-libs-4.2.3-12.el7_2.i686.rpm samba-client-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-tools-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-libs-4.2.3-12.el7_2.i686.rpm samba-libs-4.2.3-12.el7_2.x86_64.rpm samba-winbind-4.2.3-12.el7_2.x86_64.rpm samba-winbind-clients-4.2.3-12.el7_2.x86_64.rpm samba-winbind-modules-4.2.3-12.el7_2.i686.rpm samba-winbind-modules-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: samba-pidl-4.2.3-12.el7_2.noarch.rpm x86_64: libsmbclient-devel-4.2.3-12.el7_2.i686.rpm libsmbclient-devel-4.2.3-12.el7_2.x86_64.rpm libwbclient-devel-4.2.3-12.el7_2.i686.rpm libwbclient-devel-4.2.3-12.el7_2.x86_64.rpm samba-4.2.3-12.el7_2.x86_64.rpm samba-dc-4.2.3-12.el7_2.x86_64.rpm samba-dc-libs-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-devel-4.2.3-12.el7_2.i686.rpm samba-devel-4.2.3-12.el7_2.x86_64.rpm samba-python-4.2.3-12.el7_2.x86_64.rpm samba-test-4.2.3-12.el7_2.x86_64.rpm samba-test-devel-4.2.3-12.el7_2.x86_64.rpm samba-test-libs-4.2.3-12.el7_2.i686.rpm samba-test-libs-4.2.3-12.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.3-12.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: samba-4.2.3-12.el7_2.src.rpm noarch: samba-common-4.2.3-12.el7_2.noarch.rpm ppc64: libsmbclient-4.2.3-12.el7_2.ppc.rpm libsmbclient-4.2.3-12.el7_2.ppc64.rpm libwbclient-4.2.3-12.el7_2.ppc.rpm libwbclient-4.2.3-12.el7_2.ppc64.rpm samba-4.2.3-12.el7_2.ppc64.rpm samba-client-4.2.3-12.el7_2.ppc64.rpm samba-client-libs-4.2.3-12.el7_2.ppc.rpm samba-client-libs-4.2.3-12.el7_2.ppc64.rpm samba-common-libs-4.2.3-12.el7_2.ppc64.rpm samba-common-tools-4.2.3-12.el7_2.ppc64.rpm samba-debuginfo-4.2.3-12.el7_2.ppc.rpm samba-debuginfo-4.2.3-12.el7_2.ppc64.rpm samba-libs-4.2.3-12.el7_2.ppc.rpm samba-libs-4.2.3-12.el7_2.ppc64.rpm samba-winbind-4.2.3-12.el7_2.ppc64.rpm samba-winbind-clients-4.2.3-12.el7_2.ppc64.rpm samba-winbind-modules-4.2.3-12.el7_2.ppc.rpm samba-winbind-modules-4.2.3-12.el7_2.ppc64.rpm ppc64le: libsmbclient-4.2.3-12.el7_2.ppc64le.rpm libwbclient-4.2.3-12.el7_2.ppc64le.rpm samba-4.2.3-12.el7_2.ppc64le.rpm samba-client-4.2.3-12.el7_2.ppc64le.rpm samba-client-libs-4.2.3-12.el7_2.ppc64le.rpm samba-common-libs-4.2.3-12.el7_2.ppc64le.rpm samba-common-tools-4.2.3-12.el7_2.ppc64le.rpm samba-debuginfo-4.2.3-12.el7_2.ppc64le.rpm samba-libs-4.2.3-12.el7_2.ppc64le.rpm samba-winbind-4.2.3-12.el7_2.ppc64le.rpm samba-winbind-clients-4.2.3-12.el7_2.ppc64le.rpm samba-winbind-modules-4.2.3-12.el7_2.ppc64le.rpm s390x: libsmbclient-4.2.3-12.el7_2.s390.rpm libsmbclient-4.2.3-12.el7_2.s390x.rpm libwbclient-4.2.3-12.el7_2.s390.rpm libwbclient-4.2.3-12.el7_2.s390x.rpm samba-4.2.3-12.el7_2.s390x.rpm samba-client-4.2.3-12.el7_2.s390x.rpm samba-client-libs-4.2.3-12.el7_2.s390.rpm samba-client-libs-4.2.3-12.el7_2.s390x.rpm samba-common-libs-4.2.3-12.el7_2.s390x.rpm samba-common-tools-4.2.3-12.el7_2.s390x.rpm samba-debuginfo-4.2.3-12.el7_2.s390.rpm samba-debuginfo-4.2.3-12.el7_2.s390x.rpm samba-libs-4.2.3-12.el7_2.s390.rpm samba-libs-4.2.3-12.el7_2.s390x.rpm samba-winbind-4.2.3-12.el7_2.s390x.rpm samba-winbind-clients-4.2.3-12.el7_2.s390x.rpm samba-winbind-modules-4.2.3-12.el7_2.s390.rpm samba-winbind-modules-4.2.3-12.el7_2.s390x.rpm x86_64: libsmbclient-4.2.3-12.el7_2.i686.rpm libsmbclient-4.2.3-12.el7_2.x86_64.rpm libwbclient-4.2.3-12.el7_2.i686.rpm libwbclient-4.2.3-12.el7_2.x86_64.rpm samba-4.2.3-12.el7_2.x86_64.rpm samba-client-4.2.3-12.el7_2.x86_64.rpm samba-client-libs-4.2.3-12.el7_2.i686.rpm samba-client-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-tools-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-libs-4.2.3-12.el7_2.i686.rpm samba-libs-4.2.3-12.el7_2.x86_64.rpm samba-python-4.2.3-12.el7_2.x86_64.rpm samba-winbind-4.2.3-12.el7_2.x86_64.rpm samba-winbind-clients-4.2.3-12.el7_2.x86_64.rpm samba-winbind-modules-4.2.3-12.el7_2.i686.rpm samba-winbind-modules-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): x86_64: ctdb-4.2.3-12.el7_2.x86_64.rpm ctdb-devel-4.2.3-12.el7_2.i686.rpm ctdb-devel-4.2.3-12.el7_2.x86_64.rpm ctdb-tests-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: samba-pidl-4.2.3-12.el7_2.noarch.rpm ppc64: libsmbclient-devel-4.2.3-12.el7_2.ppc.rpm libsmbclient-devel-4.2.3-12.el7_2.ppc64.rpm libwbclient-devel-4.2.3-12.el7_2.ppc.rpm libwbclient-devel-4.2.3-12.el7_2.ppc64.rpm samba-dc-4.2.3-12.el7_2.ppc64.rpm samba-dc-libs-4.2.3-12.el7_2.ppc64.rpm samba-debuginfo-4.2.3-12.el7_2.ppc.rpm samba-debuginfo-4.2.3-12.el7_2.ppc64.rpm samba-devel-4.2.3-12.el7_2.ppc.rpm samba-devel-4.2.3-12.el7_2.ppc64.rpm samba-python-4.2.3-12.el7_2.ppc64.rpm samba-test-4.2.3-12.el7_2.ppc64.rpm samba-test-devel-4.2.3-12.el7_2.ppc64.rpm samba-test-libs-4.2.3-12.el7_2.ppc.rpm samba-test-libs-4.2.3-12.el7_2.ppc64.rpm samba-winbind-krb5-locator-4.2.3-12.el7_2.ppc64.rpm ppc64le: libsmbclient-devel-4.2.3-12.el7_2.ppc64le.rpm libwbclient-devel-4.2.3-12.el7_2.ppc64le.rpm samba-dc-4.2.3-12.el7_2.ppc64le.rpm samba-dc-libs-4.2.3-12.el7_2.ppc64le.rpm samba-debuginfo-4.2.3-12.el7_2.ppc64le.rpm samba-devel-4.2.3-12.el7_2.ppc64le.rpm samba-python-4.2.3-12.el7_2.ppc64le.rpm samba-test-4.2.3-12.el7_2.ppc64le.rpm samba-test-devel-4.2.3-12.el7_2.ppc64le.rpm samba-test-libs-4.2.3-12.el7_2.ppc64le.rpm samba-winbind-krb5-locator-4.2.3-12.el7_2.ppc64le.rpm s390x: libsmbclient-devel-4.2.3-12.el7_2.s390.rpm libsmbclient-devel-4.2.3-12.el7_2.s390x.rpm libwbclient-devel-4.2.3-12.el7_2.s390.rpm libwbclient-devel-4.2.3-12.el7_2.s390x.rpm samba-dc-4.2.3-12.el7_2.s390x.rpm samba-dc-libs-4.2.3-12.el7_2.s390x.rpm samba-debuginfo-4.2.3-12.el7_2.s390.rpm samba-debuginfo-4.2.3-12.el7_2.s390x.rpm samba-devel-4.2.3-12.el7_2.s390.rpm samba-devel-4.2.3-12.el7_2.s390x.rpm samba-python-4.2.3-12.el7_2.s390x.rpm samba-test-4.2.3-12.el7_2.s390x.rpm samba-test-devel-4.2.3-12.el7_2.s390x.rpm samba-test-libs-4.2.3-12.el7_2.s390.rpm samba-test-libs-4.2.3-12.el7_2.s390x.rpm samba-winbind-krb5-locator-4.2.3-12.el7_2.s390x.rpm x86_64: libsmbclient-devel-4.2.3-12.el7_2.i686.rpm libsmbclient-devel-4.2.3-12.el7_2.x86_64.rpm libwbclient-devel-4.2.3-12.el7_2.i686.rpm libwbclient-devel-4.2.3-12.el7_2.x86_64.rpm samba-dc-4.2.3-12.el7_2.x86_64.rpm samba-dc-libs-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-devel-4.2.3-12.el7_2.i686.rpm samba-devel-4.2.3-12.el7_2.x86_64.rpm samba-test-4.2.3-12.el7_2.x86_64.rpm samba-test-devel-4.2.3-12.el7_2.x86_64.rpm samba-test-libs-4.2.3-12.el7_2.i686.rpm samba-test-libs-4.2.3-12.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.3-12.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: samba-4.2.3-12.el7_2.src.rpm noarch: samba-common-4.2.3-12.el7_2.noarch.rpm x86_64: libsmbclient-4.2.3-12.el7_2.i686.rpm libsmbclient-4.2.3-12.el7_2.x86_64.rpm libwbclient-4.2.3-12.el7_2.i686.rpm libwbclient-4.2.3-12.el7_2.x86_64.rpm samba-4.2.3-12.el7_2.x86_64.rpm samba-client-4.2.3-12.el7_2.x86_64.rpm samba-client-libs-4.2.3-12.el7_2.i686.rpm samba-client-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-libs-4.2.3-12.el7_2.x86_64.rpm samba-common-tools-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-libs-4.2.3-12.el7_2.i686.rpm samba-libs-4.2.3-12.el7_2.x86_64.rpm samba-python-4.2.3-12.el7_2.x86_64.rpm samba-winbind-4.2.3-12.el7_2.x86_64.rpm samba-winbind-clients-4.2.3-12.el7_2.x86_64.rpm samba-winbind-modules-4.2.3-12.el7_2.i686.rpm samba-winbind-modules-4.2.3-12.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: samba-pidl-4.2.3-12.el7_2.noarch.rpm x86_64: libsmbclient-devel-4.2.3-12.el7_2.i686.rpm libsmbclient-devel-4.2.3-12.el7_2.x86_64.rpm libwbclient-devel-4.2.3-12.el7_2.i686.rpm libwbclient-devel-4.2.3-12.el7_2.x86_64.rpm samba-dc-4.2.3-12.el7_2.x86_64.rpm samba-dc-libs-4.2.3-12.el7_2.x86_64.rpm samba-debuginfo-4.2.3-12.el7_2.i686.rpm samba-debuginfo-4.2.3-12.el7_2.x86_64.rpm samba-devel-4.2.3-12.el7_2.i686.rpm samba-devel-4.2.3-12.el7_2.x86_64.rpm samba-test-4.2.3-12.el7_2.x86_64.rpm samba-test-devel-4.2.3-12.el7_2.x86_64.rpm samba-test-libs-4.2.3-12.el7_2.i686.rpm samba-test-libs-4.2.3-12.el7_2.x86_64.rpm samba-vfs-glusterfs-4.2.3-12.el7_2.x86_64.rpm samba-winbind-krb5-locator-4.2.3-12.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7560 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6A1uXlSAg2UNWIIRAqAtAJ9Me+bIeQm8R4B4+n7I/VbWcblSUQCdFhrm Uz789aK3omJFhFvcGYjVglY= =/CD6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 15 13:30:43 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Mar 2016 13:30:43 +0000 Subject: [RHSA-2016:0449-01] Moderate: samba4 security update Message-ID: <201603151330.u2FDUhrs015633@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba4 security update Advisory ID: RHSA-2016:0449-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0449.html Issue date: 2016-03-15 CVE Names: CVE-2015-7560 ===================================================================== 1. Summary: Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1309992 - CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba4-4.0.0-68.el6_7.rc4.src.rpm i386: samba4-4.0.0-68.el6_7.rc4.i686.rpm samba4-client-4.0.0-68.el6_7.rc4.i686.rpm samba4-common-4.0.0-68.el6_7.rc4.i686.rpm samba4-dc-4.0.0-68.el6_7.rc4.i686.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.i686.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.i686.rpm samba4-devel-4.0.0-68.el6_7.rc4.i686.rpm samba4-libs-4.0.0-68.el6_7.rc4.i686.rpm samba4-pidl-4.0.0-68.el6_7.rc4.i686.rpm samba4-python-4.0.0-68.el6_7.rc4.i686.rpm samba4-swat-4.0.0-68.el6_7.rc4.i686.rpm samba4-test-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.i686.rpm x86_64: samba4-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-client-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-common-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-devel-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-pidl-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-python-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-swat-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-test-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba4-4.0.0-68.el6_7.rc4.src.rpm x86_64: samba4-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-client-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-common-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-devel-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-pidl-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-python-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-swat-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-test-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba4-4.0.0-68.el6_7.rc4.src.rpm i386: samba4-4.0.0-68.el6_7.rc4.i686.rpm samba4-client-4.0.0-68.el6_7.rc4.i686.rpm samba4-common-4.0.0-68.el6_7.rc4.i686.rpm samba4-dc-4.0.0-68.el6_7.rc4.i686.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.i686.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.i686.rpm samba4-devel-4.0.0-68.el6_7.rc4.i686.rpm samba4-libs-4.0.0-68.el6_7.rc4.i686.rpm samba4-pidl-4.0.0-68.el6_7.rc4.i686.rpm samba4-python-4.0.0-68.el6_7.rc4.i686.rpm samba4-swat-4.0.0-68.el6_7.rc4.i686.rpm samba4-test-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.i686.rpm ppc64: samba4-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-client-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-common-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-dc-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-devel-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-libs-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-pidl-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-python-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-swat-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-test-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-winbind-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.ppc64.rpm s390x: samba4-4.0.0-68.el6_7.rc4.s390x.rpm samba4-client-4.0.0-68.el6_7.rc4.s390x.rpm samba4-common-4.0.0-68.el6_7.rc4.s390x.rpm samba4-dc-4.0.0-68.el6_7.rc4.s390x.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.s390x.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.s390x.rpm samba4-devel-4.0.0-68.el6_7.rc4.s390x.rpm samba4-libs-4.0.0-68.el6_7.rc4.s390x.rpm samba4-pidl-4.0.0-68.el6_7.rc4.s390x.rpm samba4-python-4.0.0-68.el6_7.rc4.s390x.rpm samba4-swat-4.0.0-68.el6_7.rc4.s390x.rpm samba4-test-4.0.0-68.el6_7.rc4.s390x.rpm samba4-winbind-4.0.0-68.el6_7.rc4.s390x.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.s390x.rpm x86_64: samba4-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-client-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-common-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-devel-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-pidl-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-python-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-swat-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-test-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba4-4.0.0-68.el6_7.rc4.src.rpm i386: samba4-4.0.0-68.el6_7.rc4.i686.rpm samba4-client-4.0.0-68.el6_7.rc4.i686.rpm samba4-common-4.0.0-68.el6_7.rc4.i686.rpm samba4-dc-4.0.0-68.el6_7.rc4.i686.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.i686.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.i686.rpm samba4-devel-4.0.0-68.el6_7.rc4.i686.rpm samba4-libs-4.0.0-68.el6_7.rc4.i686.rpm samba4-pidl-4.0.0-68.el6_7.rc4.i686.rpm samba4-python-4.0.0-68.el6_7.rc4.i686.rpm samba4-swat-4.0.0-68.el6_7.rc4.i686.rpm samba4-test-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.i686.rpm x86_64: samba4-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-client-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-common-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-dc-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-debuginfo-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-devel-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-libs-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-pidl-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-python-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-swat-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-test-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-68.el6_7.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7560 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6A5iXlSAg2UNWIIRAi5IAJ9VYbldELR/BIK0A4Bsw2AYwXZC+wCfTXaW U9JlVpGWd8SFlVYhxXHrCnE= =7nxU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 15 15:36:58 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Mar 2016 15:36:58 +0000 Subject: [RHSA-2016:0450-01] Important: kernel security update Message-ID: <201603151536.u2FFax9d014755@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:0450-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0450.html Issue date: 2016-03-15 CVE Names: CVE-2013-2596 CVE-2015-2151 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. (CVE-2015-2151, Important) This update also fixes the following bugs: * Previously, the CPU power of a CPU group could be zero. As a consequence, a kernel panic occurred at "find_busiest_group+570" with do_divide_error. The provided patch ensures that the division is only performed if the CPU power is not zero, and the aforementioned panic no longer occurs. (BZ#1209728) * Prior to this update, a bug occurred when performing an online resize of an ext4 file system which had been previously converted from ext3. As a consequence, the kernel crashed. The provided patch fixes online resizing for such file systems by limiting the blockgroup search loop for non-extent files, and the mentioned kernel crash no longer occurs. (BZ#1301100) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1034490 - CVE-2013-2596 kernel: integer overflow in fb_mmap 1196274 - CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-409.el5.src.rpm i386: kernel-2.6.18-409.el5.i686.rpm kernel-PAE-2.6.18-409.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-409.el5.i686.rpm kernel-PAE-devel-2.6.18-409.el5.i686.rpm kernel-debug-2.6.18-409.el5.i686.rpm kernel-debug-debuginfo-2.6.18-409.el5.i686.rpm kernel-debug-devel-2.6.18-409.el5.i686.rpm kernel-debuginfo-2.6.18-409.el5.i686.rpm kernel-debuginfo-common-2.6.18-409.el5.i686.rpm kernel-devel-2.6.18-409.el5.i686.rpm kernel-headers-2.6.18-409.el5.i386.rpm kernel-xen-2.6.18-409.el5.i686.rpm kernel-xen-debuginfo-2.6.18-409.el5.i686.rpm kernel-xen-devel-2.6.18-409.el5.i686.rpm noarch: kernel-doc-2.6.18-409.el5.noarch.rpm x86_64: kernel-2.6.18-409.el5.x86_64.rpm kernel-debug-2.6.18-409.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-debug-devel-2.6.18-409.el5.x86_64.rpm kernel-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-409.el5.x86_64.rpm kernel-devel-2.6.18-409.el5.x86_64.rpm kernel-headers-2.6.18-409.el5.x86_64.rpm kernel-xen-2.6.18-409.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-xen-devel-2.6.18-409.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-409.el5.src.rpm i386: kernel-2.6.18-409.el5.i686.rpm kernel-PAE-2.6.18-409.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-409.el5.i686.rpm kernel-PAE-devel-2.6.18-409.el5.i686.rpm kernel-debug-2.6.18-409.el5.i686.rpm kernel-debug-debuginfo-2.6.18-409.el5.i686.rpm kernel-debug-devel-2.6.18-409.el5.i686.rpm kernel-debuginfo-2.6.18-409.el5.i686.rpm kernel-debuginfo-common-2.6.18-409.el5.i686.rpm kernel-devel-2.6.18-409.el5.i686.rpm kernel-headers-2.6.18-409.el5.i386.rpm kernel-xen-2.6.18-409.el5.i686.rpm kernel-xen-debuginfo-2.6.18-409.el5.i686.rpm kernel-xen-devel-2.6.18-409.el5.i686.rpm ia64: kernel-2.6.18-409.el5.ia64.rpm kernel-debug-2.6.18-409.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-409.el5.ia64.rpm kernel-debug-devel-2.6.18-409.el5.ia64.rpm kernel-debuginfo-2.6.18-409.el5.ia64.rpm kernel-debuginfo-common-2.6.18-409.el5.ia64.rpm kernel-devel-2.6.18-409.el5.ia64.rpm kernel-headers-2.6.18-409.el5.ia64.rpm kernel-xen-2.6.18-409.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-409.el5.ia64.rpm kernel-xen-devel-2.6.18-409.el5.ia64.rpm noarch: kernel-doc-2.6.18-409.el5.noarch.rpm ppc: kernel-2.6.18-409.el5.ppc64.rpm kernel-debug-2.6.18-409.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-409.el5.ppc64.rpm kernel-debug-devel-2.6.18-409.el5.ppc64.rpm kernel-debuginfo-2.6.18-409.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-409.el5.ppc64.rpm kernel-devel-2.6.18-409.el5.ppc64.rpm kernel-headers-2.6.18-409.el5.ppc.rpm kernel-headers-2.6.18-409.el5.ppc64.rpm kernel-kdump-2.6.18-409.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-409.el5.ppc64.rpm kernel-kdump-devel-2.6.18-409.el5.ppc64.rpm s390x: kernel-2.6.18-409.el5.s390x.rpm kernel-debug-2.6.18-409.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-409.el5.s390x.rpm kernel-debug-devel-2.6.18-409.el5.s390x.rpm kernel-debuginfo-2.6.18-409.el5.s390x.rpm kernel-debuginfo-common-2.6.18-409.el5.s390x.rpm kernel-devel-2.6.18-409.el5.s390x.rpm kernel-headers-2.6.18-409.el5.s390x.rpm kernel-kdump-2.6.18-409.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-409.el5.s390x.rpm kernel-kdump-devel-2.6.18-409.el5.s390x.rpm x86_64: kernel-2.6.18-409.el5.x86_64.rpm kernel-debug-2.6.18-409.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-debug-devel-2.6.18-409.el5.x86_64.rpm kernel-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-409.el5.x86_64.rpm kernel-devel-2.6.18-409.el5.x86_64.rpm kernel-headers-2.6.18-409.el5.x86_64.rpm kernel-xen-2.6.18-409.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-xen-devel-2.6.18-409.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2596 https://access.redhat.com/security/cve/CVE-2015-2151 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6CvsXlSAg2UNWIIRAuZbAJ9nlnZuXZsYVxzJ07zibbaG324Q/QCfQUFD BPebW3ti4+F8a3tcAhrvz8M= =UvJe -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 15 21:07:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Mar 2016 21:07:33 +0000 Subject: [RHSA-2016:0454-01] Important: ror40 security update Message-ID: <201603152107.u2FL7XGU004884@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ror40 security update Advisory ID: RHSA-2016:0454-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0454.html Issue date: 2016-03-15 CVE Names: CVE-2015-7576 CVE-2015-7577 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097 CVE-2016-2098 ===================================================================== 1. Summary: Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is a model-view-controller (MVC) framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use these flaws to render unexpected files and, possibly, execute arbitrary code. (CVE-2016-0752, CVE-2016-2097) A code injection flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. (CVE-2016-2098) A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. (CVE-2016-0751) A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service. (CVE-2015-7581) A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. (CVE-2015-7576) The following issue was corrected in rubygem-activerecord: A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. (CVE-2015-7577) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges John Poulin as the original reporter of CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen (Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576, and Justin Coyne as the original reporter of CVE-2015-7577. All ror40 collection rubygem-actionpack and rubygem-activerecord packages users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the ror40 collection must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301933 - CVE-2015-7576 rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller 1301946 - CVE-2016-0751 rubygem-actionpack: possible object leak and denial of service attack in Action Pack 1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record 1301963 - CVE-2016-0752 rubygem-actionview, rubygem-actionpack: directory traversal flaw in Action View 1301981 - CVE-2015-7581 rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack 1310043 - CVE-2016-2097 rubygem-actionview, rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix 1310054 - CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7576 https://access.redhat.com/security/cve/CVE-2015-7577 https://access.redhat.com/security/cve/CVE-2015-7581 https://access.redhat.com/security/cve/CVE-2016-0751 https://access.redhat.com/security/cve/CVE-2016-0752 https://access.redhat.com/security/cve/CVE-2016-2097 https://access.redhat.com/security/cve/CVE-2016-2098 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HlkXlSAg2UNWIIRAindAJ9VP+KYtZilJA/XoZL8FzoQHZJSogCdFN71 YtlQAe+4MAMi7OozuoMEAUM= =4VHy -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 15 21:08:23 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Mar 2016 21:08:23 +0000 Subject: [RHSA-2016:0455-01] Important: ruby193 security update Message-ID: <201603152108.u2FL8OCN008913@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ruby193 security update Advisory ID: RHSA-2016:0455-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0455.html Issue date: 2016-03-15 CVE Names: CVE-2015-7576 CVE-2015-7577 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097 CVE-2016-2098 ===================================================================== 1. Summary: Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails version 3.2. Ruby on Rails is a model-view-controller (MVC) framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use these flaws to render unexpected files and, possibly, execute arbitrary code. (CVE-2016-0752, CVE-2016-2097) A code injection flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. (CVE-2016-2098) A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. (CVE-2016-0751) A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. (CVE-2015-7576) The following issue was corrected in rubygem-activerecord: A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. (CVE-2015-7577) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges John Poulin as the original reporter of CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen (Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576, and Justin Coyne as the original reporter of CVE-2015-7577. All ruby193 collection rubygem-actionpack and rubygem-activerecord packages users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the ruby193 collection must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301933 - CVE-2015-7576 rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller 1301946 - CVE-2016-0751 rubygem-actionpack: possible object leak and denial of service attack in Action Pack 1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record 1301963 - CVE-2016-0752 rubygem-actionview, rubygem-actionpack: directory traversal flaw in Action View 1310043 - CVE-2016-2097 rubygem-actionview, rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix 1310054 - CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7576 https://access.redhat.com/security/cve/CVE-2015-7577 https://access.redhat.com/security/cve/CVE-2016-0751 https://access.redhat.com/security/cve/CVE-2016-0752 https://access.redhat.com/security/cve/CVE-2016-2097 https://access.redhat.com/security/cve/CVE-2016-2098 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HmzXlSAg2UNWIIRAlodAJ4xsvfnvT+4dXQg6k8tXlybsUKMewCdHQ5U VaJQwkO55rBB9+BqLsW72aU= =l7E9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 15 21:09:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Mar 2016 21:09:32 +0000 Subject: [RHSA-2016:0456-01] Important: rh-ror41 security update Message-ID: <201603152109.u2FL9WNS005848@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-ror41 security update Advisory ID: RHSA-2016:0456-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0456.html Issue date: 2016-03-15 CVE Names: CVE-2016-2097 CVE-2016-2098 ===================================================================== 1. Summary: Updated rh-ror41-rubygem-actionview packages that fix two security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller (MVC) framework for web application development. The following issues were corrected in rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code. (CVE-2016-2097) A code injection flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. (CVE-2016-2098) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges Jyoti Singh and Tobias Kraze (makandra) as original reporters of CVE-2016-2097, and Tobias Kraze (makandra) and joernchen (Phenoelit) as original reporters of CVE-2016-2098. All rh-ror41 collection rubygem-actionview packages users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the rh-ror41 collection must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310043 - CVE-2016-2097 rubygem-actionview, rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix 1310054 - CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el6.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el6.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ror41-rubygem-actionpack-4.1.5-4.el7.src.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.src.rpm noarch: rh-ror41-rubygem-actionpack-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionpack-doc-4.1.5-4.el7.noarch.rpm rh-ror41-rubygem-actionview-4.1.5-5.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-5.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2097 https://access.redhat.com/security/cve/CVE-2016-2098 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HnzXlSAg2UNWIIRAgxMAKCR7+/qPcNAVkC4vb58Ju9UWsErmwCeMhcI ytvB5H2ZlgjleYDrUnkCF+U= =kOmc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 15 21:10:47 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Mar 2016 21:10:47 +0000 Subject: [RHSA-2016:0457-01] Moderate: rh-php56-php security update Message-ID: <201603152110.u2FLAlAS025821@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 ===================================================================== 1. Summary: Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-5589, CVE-2015-5590, CVE-2015-6833, CVE-2015-7803, CVE-2015-7804) Two NULL pointer dereference flaws were found in the XSLTProcessor class in PHP. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 16 13:36:39 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Mar 2016 09:36:39 -0400 Subject: [RHSA-2016:0458-01] Important: bind97 security update Message-ID: <201603161336.u2GDadkp018123@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2016:0458-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0458.html Issue date: 2016-03-16 CVE Names: CVE-2016-1285 CVE-2016-1286 ===================================================================== 1. Summary: Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1315674 - CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure 1315680 - CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure 6. Package List: Red Hat Enterprise Linux (v. 5 server): Source: bind97-9.7.0-21.P2.el5_11.6.src.rpm i386: bind97-9.7.0-21.P2.el5_11.6.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.6.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.6.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.6.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.6.i386.rpm ia64: bind97-9.7.0-21.P2.el5_11.6.ia64.rpm bind97-chroot-9.7.0-21.P2.el5_11.6.ia64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.ia64.rpm bind97-devel-9.7.0-21.P2.el5_11.6.ia64.rpm bind97-libs-9.7.0-21.P2.el5_11.6.ia64.rpm bind97-utils-9.7.0-21.P2.el5_11.6.ia64.rpm ppc: bind97-9.7.0-21.P2.el5_11.6.ppc.rpm bind97-chroot-9.7.0-21.P2.el5_11.6.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.ppc64.rpm bind97-devel-9.7.0-21.P2.el5_11.6.ppc.rpm bind97-devel-9.7.0-21.P2.el5_11.6.ppc64.rpm bind97-libs-9.7.0-21.P2.el5_11.6.ppc.rpm bind97-libs-9.7.0-21.P2.el5_11.6.ppc64.rpm bind97-utils-9.7.0-21.P2.el5_11.6.ppc.rpm s390x: bind97-9.7.0-21.P2.el5_11.6.s390x.rpm bind97-chroot-9.7.0-21.P2.el5_11.6.s390x.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.s390.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.s390x.rpm bind97-devel-9.7.0-21.P2.el5_11.6.s390.rpm bind97-devel-9.7.0-21.P2.el5_11.6.s390x.rpm bind97-libs-9.7.0-21.P2.el5_11.6.s390.rpm bind97-libs-9.7.0-21.P2.el5_11.6.s390x.rpm bind97-utils-9.7.0-21.P2.el5_11.6.s390x.rpm x86_64: bind97-9.7.0-21.P2.el5_11.6.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.6.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.6.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.6.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.6.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.6.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.6.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1285 https://access.redhat.com/security/cve/CVE-2016-1286 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01352 https://kb.isc.org/article/AA-01353 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6WFmXlSAg2UNWIIRAoo4AKC+PCJjjbcietOkWnnAy2tTVXbzJwCggefp /CRIFdSHQ1OZdkQHjsPaSGE= =IPsF -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 16 13:37:28 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Mar 2016 09:37:28 -0400 Subject: [RHSA-2016:0459-01] Important: bind security update Message-ID: <201603161337.u2GDbSoa029530@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:0459-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0459.html Issue date: 2016-03-16 CVE Names: CVE-2016-1285 CVE-2016-1286 ===================================================================== 1. Summary: Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. All bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1315674 - CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure 1315680 - CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.8.src.rpm i386: bind-9.3.6-25.P1.el5_11.8.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.i386.rpm bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.8.i386.rpm bind-utils-9.3.6-25.P1.el5_11.8.i386.rpm x86_64: bind-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm bind-libs-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.8.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.8.src.rpm i386: bind-chroot-9.3.6-25.P1.el5_11.8.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.i386.rpm bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.8.i386.rpm x86_64: bind-chroot-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm bind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind-9.3.6-25.P1.el5_11.8.src.rpm i386: bind-9.3.6-25.P1.el5_11.8.i386.rpm bind-chroot-9.3.6-25.P1.el5_11.8.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.i386.rpm bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.8.i386.rpm bind-utils-9.3.6-25.P1.el5_11.8.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.8.i386.rpm ia64: bind-9.3.6-25.P1.el5_11.8.ia64.rpm bind-chroot-9.3.6-25.P1.el5_11.8.ia64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.ia64.rpm bind-devel-9.3.6-25.P1.el5_11.8.ia64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.ia64.rpm bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm bind-libs-9.3.6-25.P1.el5_11.8.ia64.rpm bind-sdb-9.3.6-25.P1.el5_11.8.ia64.rpm bind-utils-9.3.6-25.P1.el5_11.8.ia64.rpm caching-nameserver-9.3.6-25.P1.el5_11.8.ia64.rpm ppc: bind-9.3.6-25.P1.el5_11.8.ppc.rpm bind-chroot-9.3.6-25.P1.el5_11.8.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.ppc64.rpm bind-devel-9.3.6-25.P1.el5_11.8.ppc.rpm bind-devel-9.3.6-25.P1.el5_11.8.ppc64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.ppc.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.ppc64.rpm bind-libs-9.3.6-25.P1.el5_11.8.ppc.rpm bind-libs-9.3.6-25.P1.el5_11.8.ppc64.rpm bind-sdb-9.3.6-25.P1.el5_11.8.ppc.rpm bind-utils-9.3.6-25.P1.el5_11.8.ppc.rpm caching-nameserver-9.3.6-25.P1.el5_11.8.ppc.rpm s390x: bind-9.3.6-25.P1.el5_11.8.s390x.rpm bind-chroot-9.3.6-25.P1.el5_11.8.s390x.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.s390.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.s390x.rpm bind-devel-9.3.6-25.P1.el5_11.8.s390.rpm bind-devel-9.3.6-25.P1.el5_11.8.s390x.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.s390.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.s390x.rpm bind-libs-9.3.6-25.P1.el5_11.8.s390.rpm bind-libs-9.3.6-25.P1.el5_11.8.s390x.rpm bind-sdb-9.3.6-25.P1.el5_11.8.s390x.rpm bind-utils-9.3.6-25.P1.el5_11.8.s390x.rpm caching-nameserver-9.3.6-25.P1.el5_11.8.s390x.rpm x86_64: bind-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-chroot-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm bind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm bind-libs-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.8.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.8.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.37.rc1.el6_7.7.src.rpm i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.i686.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.i686.rpm x86_64: bind-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.37.rc1.el6_7.7.src.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.37.rc1.el6_7.7.src.rpm i386: bind-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.i686.rpm ppc64: bind-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm s390x: bind-9.8.2-0.37.rc1.el6_7.7.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.s390x.rpm x86_64: bind-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.i686.rpm ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bind-9.8.2-0.37.rc1.el6_7.7.src.rpm i386: bind-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.i686.rpm x86_64: bind-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.i686.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-29.el7_2.3.src.rpm noarch: bind-license-9.9.4-29.el7_2.3.noarch.rpm x86_64: bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-9.9.4-29.el7_2.3.i686.rpm bind-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-lite-9.9.4-29.el7_2.3.i686.rpm bind-libs-lite-9.9.4-29.el7_2.3.x86_64.rpm bind-utils-9.9.4-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-29.el7_2.3.x86_64.rpm bind-chroot-9.9.4-29.el7_2.3.x86_64.rpm bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-devel-9.9.4-29.el7_2.3.i686.rpm bind-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-lite-devel-9.9.4-29.el7_2.3.i686.rpm bind-lite-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-utils-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-chroot-9.9.4-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-29.el7_2.3.src.rpm noarch: bind-license-9.9.4-29.el7_2.3.noarch.rpm x86_64: bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-9.9.4-29.el7_2.3.i686.rpm bind-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-lite-9.9.4-29.el7_2.3.i686.rpm bind-libs-lite-9.9.4-29.el7_2.3.x86_64.rpm bind-utils-9.9.4-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-29.el7_2.3.x86_64.rpm bind-chroot-9.9.4-29.el7_2.3.x86_64.rpm bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-devel-9.9.4-29.el7_2.3.i686.rpm bind-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-lite-devel-9.9.4-29.el7_2.3.i686.rpm bind-lite-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-utils-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-chroot-9.9.4-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-29.el7_2.3.src.rpm noarch: bind-license-9.9.4-29.el7_2.3.noarch.rpm ppc64: bind-9.9.4-29.el7_2.3.ppc64.rpm bind-chroot-9.9.4-29.el7_2.3.ppc64.rpm bind-debuginfo-9.9.4-29.el7_2.3.ppc.rpm bind-debuginfo-9.9.4-29.el7_2.3.ppc64.rpm bind-libs-9.9.4-29.el7_2.3.ppc.rpm bind-libs-9.9.4-29.el7_2.3.ppc64.rpm bind-libs-lite-9.9.4-29.el7_2.3.ppc.rpm bind-libs-lite-9.9.4-29.el7_2.3.ppc64.rpm bind-utils-9.9.4-29.el7_2.3.ppc64.rpm ppc64le: bind-9.9.4-29.el7_2.3.ppc64le.rpm bind-chroot-9.9.4-29.el7_2.3.ppc64le.rpm bind-debuginfo-9.9.4-29.el7_2.3.ppc64le.rpm bind-libs-9.9.4-29.el7_2.3.ppc64le.rpm bind-libs-lite-9.9.4-29.el7_2.3.ppc64le.rpm bind-pkcs11-9.9.4-29.el7_2.3.ppc64le.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.ppc64le.rpm bind-pkcs11-utils-9.9.4-29.el7_2.3.ppc64le.rpm bind-utils-9.9.4-29.el7_2.3.ppc64le.rpm s390x: bind-9.9.4-29.el7_2.3.s390x.rpm bind-chroot-9.9.4-29.el7_2.3.s390x.rpm bind-debuginfo-9.9.4-29.el7_2.3.s390.rpm bind-debuginfo-9.9.4-29.el7_2.3.s390x.rpm bind-libs-9.9.4-29.el7_2.3.s390.rpm bind-libs-9.9.4-29.el7_2.3.s390x.rpm bind-libs-lite-9.9.4-29.el7_2.3.s390.rpm bind-libs-lite-9.9.4-29.el7_2.3.s390x.rpm bind-utils-9.9.4-29.el7_2.3.s390x.rpm x86_64: bind-9.9.4-29.el7_2.3.x86_64.rpm bind-chroot-9.9.4-29.el7_2.3.x86_64.rpm bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-9.9.4-29.el7_2.3.i686.rpm bind-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-lite-9.9.4-29.el7_2.3.i686.rpm bind-libs-lite-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-utils-9.9.4-29.el7_2.3.x86_64.rpm bind-utils-9.9.4-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bind-debuginfo-9.9.4-29.el7_2.3.ppc.rpm bind-debuginfo-9.9.4-29.el7_2.3.ppc64.rpm bind-devel-9.9.4-29.el7_2.3.ppc.rpm bind-devel-9.9.4-29.el7_2.3.ppc64.rpm bind-lite-devel-9.9.4-29.el7_2.3.ppc.rpm bind-lite-devel-9.9.4-29.el7_2.3.ppc64.rpm bind-pkcs11-9.9.4-29.el7_2.3.ppc64.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.ppc.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.ppc64.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.ppc.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.ppc64.rpm bind-pkcs11-utils-9.9.4-29.el7_2.3.ppc64.rpm bind-sdb-9.9.4-29.el7_2.3.ppc64.rpm bind-sdb-chroot-9.9.4-29.el7_2.3.ppc64.rpm ppc64le: bind-debuginfo-9.9.4-29.el7_2.3.ppc64le.rpm bind-devel-9.9.4-29.el7_2.3.ppc64le.rpm bind-lite-devel-9.9.4-29.el7_2.3.ppc64le.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.ppc64le.rpm bind-sdb-9.9.4-29.el7_2.3.ppc64le.rpm bind-sdb-chroot-9.9.4-29.el7_2.3.ppc64le.rpm s390x: bind-debuginfo-9.9.4-29.el7_2.3.s390.rpm bind-debuginfo-9.9.4-29.el7_2.3.s390x.rpm bind-devel-9.9.4-29.el7_2.3.s390.rpm bind-devel-9.9.4-29.el7_2.3.s390x.rpm bind-lite-devel-9.9.4-29.el7_2.3.s390.rpm bind-lite-devel-9.9.4-29.el7_2.3.s390x.rpm bind-pkcs11-9.9.4-29.el7_2.3.s390x.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.s390.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.s390x.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.s390.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.s390x.rpm bind-pkcs11-utils-9.9.4-29.el7_2.3.s390x.rpm bind-sdb-9.9.4-29.el7_2.3.s390x.rpm bind-sdb-chroot-9.9.4-29.el7_2.3.s390x.rpm x86_64: bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-devel-9.9.4-29.el7_2.3.i686.rpm bind-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-lite-devel-9.9.4-29.el7_2.3.i686.rpm bind-lite-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-chroot-9.9.4-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-29.el7_2.3.src.rpm noarch: bind-license-9.9.4-29.el7_2.3.noarch.rpm x86_64: bind-9.9.4-29.el7_2.3.x86_64.rpm bind-chroot-9.9.4-29.el7_2.3.x86_64.rpm bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-9.9.4-29.el7_2.3.i686.rpm bind-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-libs-lite-9.9.4-29.el7_2.3.i686.rpm bind-libs-lite-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-libs-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-utils-9.9.4-29.el7_2.3.x86_64.rpm bind-utils-9.9.4-29.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-29.el7_2.3.i686.rpm bind-debuginfo-9.9.4-29.el7_2.3.x86_64.rpm bind-devel-9.9.4-29.el7_2.3.i686.rpm bind-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-lite-devel-9.9.4-29.el7_2.3.i686.rpm bind-lite-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.i686.rpm bind-pkcs11-devel-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-9.9.4-29.el7_2.3.x86_64.rpm bind-sdb-chroot-9.9.4-29.el7_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1285 https://access.redhat.com/security/cve/CVE-2016-1286 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01352 https://kb.isc.org/article/AA-01353 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6WGWXlSAg2UNWIIRAtliAJ9+tSxMczQO03E6LOx5Q+ICO53BIACbBViJ lZ7FVJv/itu5CwuPavX3Pmg= =Swzr -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 16 17:39:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Mar 2016 13:39:04 -0400 Subject: [RHSA-2016:0460-01] Important: thunderbird security update Message-ID: <201603161739.u2GHd4To012994@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2016:0460-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0460.html Issue date: 2016-03-16 CVE Names: CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1964 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas Gr?goire, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.7.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.7.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1315566 - CVE-2016-1952 Mozilla: Miscellaneous memory safety hazards (rv:38.7) (MFSA 2016-16) 1315569 - CVE-2016-1954 Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17) 1315573 - CVE-2016-1957 Mozilla: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20) 1315576 - CVE-2016-1960 Mozilla: Use-after-free in HTML5 string parser (MFSA 2016-23) 1315577 - CVE-2016-1961 Mozilla: Use-after-free in SetBody (MFSA 2016-24) 1315774 - CVE-2016-1964 Mozilla: Use-after-free during XML transformations (MFSA 2016-27) 1315778 - CVE-2016-1966 Mozilla: Memory corruption with malicious NPAPI plugin (MFSA 2016-31) 1315785 - CVE-2016-1974 Mozilla: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34) 1315795 - graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-38.7.0-1.el5_11.src.rpm i386: thunderbird-38.7.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.7.0-1.el5_11.i386.rpm x86_64: thunderbird-38.7.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-38.7.0-1.el5_11.src.rpm i386: thunderbird-38.7.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.7.0-1.el5_11.i386.rpm x86_64: thunderbird-38.7.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-38.7.0-1.el6_7.src.rpm i386: thunderbird-38.7.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.7.0-1.el6_7.i686.rpm x86_64: thunderbird-38.7.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-38.7.0-1.el6_7.src.rpm i386: thunderbird-38.7.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.7.0-1.el6_7.i686.rpm ppc64: thunderbird-38.7.0-1.el6_7.ppc64.rpm thunderbird-debuginfo-38.7.0-1.el6_7.ppc64.rpm s390x: thunderbird-38.7.0-1.el6_7.s390x.rpm thunderbird-debuginfo-38.7.0-1.el6_7.s390x.rpm x86_64: thunderbird-38.7.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-38.7.0-1.el6_7.src.rpm i386: thunderbird-38.7.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.7.0-1.el6_7.i686.rpm x86_64: thunderbird-38.7.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-38.7.0-1.el7_2.src.rpm x86_64: thunderbird-38.7.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-38.7.0-1.el7_2.src.rpm ppc64le: thunderbird-38.7.0-1.el7_2.ppc64le.rpm thunderbird-debuginfo-38.7.0-1.el7_2.ppc64le.rpm x86_64: thunderbird-38.7.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-38.7.0-1.el7_2.src.rpm x86_64: thunderbird-38.7.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1952 https://access.redhat.com/security/cve/CVE-2016-1954 https://access.redhat.com/security/cve/CVE-2016-1957 https://access.redhat.com/security/cve/CVE-2016-1960 https://access.redhat.com/security/cve/CVE-2016-1961 https://access.redhat.com/security/cve/CVE-2016-1964 https://access.redhat.com/security/cve/CVE-2016-1966 https://access.redhat.com/security/cve/CVE-2016-1974 https://access.redhat.com/security/cve/CVE-2016-1977 https://access.redhat.com/security/cve/CVE-2016-2790 https://access.redhat.com/security/cve/CVE-2016-2791 https://access.redhat.com/security/cve/CVE-2016-2792 https://access.redhat.com/security/cve/CVE-2016-2793 https://access.redhat.com/security/cve/CVE-2016-2794 https://access.redhat.com/security/cve/CVE-2016-2795 https://access.redhat.com/security/cve/CVE-2016-2796 https://access.redhat.com/security/cve/CVE-2016-2797 https://access.redhat.com/security/cve/CVE-2016-2798 https://access.redhat.com/security/cve/CVE-2016-2799 https://access.redhat.com/security/cve/CVE-2016-2800 https://access.redhat.com/security/cve/CVE-2016-2801 https://access.redhat.com/security/cve/CVE-2016-2802 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6Zo2XlSAg2UNWIIRAjzbAJ99OWGc3kLk5XmWA5amHVK1AI36lgCfY7Ic BFmg0SBshaYX5xHuGkO3s3Q= =uOtA -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 21 20:52:38 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Mar 2016 20:52:38 +0000 Subject: [RHSA-2016:0465-01] Moderate: openssh security update Message-ID: <201603212052.u2LKqdiK028710@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security update Advisory ID: RHSA-2016:0465-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0465.html Issue date: 2016-03-21 CVE Names: CVE-2016-1908 CVE-2016-3115 ===================================================================== 1. Summary: Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115) An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1298741 - CVE-2016-1908 openssh: possible fallback from untrusted to trusted X11 forwarding 1316829 - CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-6.6.1p1-25.el7_2.src.rpm x86_64: openssh-6.6.1p1-25.el7_2.x86_64.rpm openssh-askpass-6.6.1p1-25.el7_2.x86_64.rpm openssh-clients-6.6.1p1-25.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-6.6.1p1-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-25.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-25.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-6.6.1p1-25.el7_2.src.rpm x86_64: openssh-6.6.1p1-25.el7_2.x86_64.rpm openssh-clients-6.6.1p1-25.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-6.6.1p1-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-6.6.1p1-25.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-25.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-25.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssh-6.6.1p1-25.el7_2.src.rpm ppc64: openssh-6.6.1p1-25.el7_2.ppc64.rpm openssh-askpass-6.6.1p1-25.el7_2.ppc64.rpm openssh-clients-6.6.1p1-25.el7_2.ppc64.rpm openssh-debuginfo-6.6.1p1-25.el7_2.ppc64.rpm openssh-keycat-6.6.1p1-25.el7_2.ppc64.rpm openssh-server-6.6.1p1-25.el7_2.ppc64.rpm ppc64le: openssh-6.6.1p1-25.el7_2.ppc64le.rpm openssh-askpass-6.6.1p1-25.el7_2.ppc64le.rpm openssh-clients-6.6.1p1-25.el7_2.ppc64le.rpm openssh-debuginfo-6.6.1p1-25.el7_2.ppc64le.rpm openssh-keycat-6.6.1p1-25.el7_2.ppc64le.rpm openssh-server-6.6.1p1-25.el7_2.ppc64le.rpm s390x: openssh-6.6.1p1-25.el7_2.s390x.rpm openssh-askpass-6.6.1p1-25.el7_2.s390x.rpm openssh-clients-6.6.1p1-25.el7_2.s390x.rpm openssh-debuginfo-6.6.1p1-25.el7_2.s390x.rpm openssh-keycat-6.6.1p1-25.el7_2.s390x.rpm openssh-server-6.6.1p1-25.el7_2.s390x.rpm x86_64: openssh-6.6.1p1-25.el7_2.x86_64.rpm openssh-askpass-6.6.1p1-25.el7_2.x86_64.rpm openssh-clients-6.6.1p1-25.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-6.6.1p1-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssh-debuginfo-6.6.1p1-25.el7_2.ppc.rpm openssh-debuginfo-6.6.1p1-25.el7_2.ppc64.rpm openssh-ldap-6.6.1p1-25.el7_2.ppc64.rpm openssh-server-sysvinit-6.6.1p1-25.el7_2.ppc64.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.ppc.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.ppc64.rpm ppc64le: openssh-debuginfo-6.6.1p1-25.el7_2.ppc64le.rpm openssh-ldap-6.6.1p1-25.el7_2.ppc64le.rpm openssh-server-sysvinit-6.6.1p1-25.el7_2.ppc64le.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.ppc64le.rpm s390x: openssh-debuginfo-6.6.1p1-25.el7_2.s390.rpm openssh-debuginfo-6.6.1p1-25.el7_2.s390x.rpm openssh-ldap-6.6.1p1-25.el7_2.s390x.rpm openssh-server-sysvinit-6.6.1p1-25.el7_2.s390x.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.s390.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.s390x.rpm x86_64: openssh-debuginfo-6.6.1p1-25.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-25.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-6.6.1p1-25.el7_2.src.rpm x86_64: openssh-6.6.1p1-25.el7_2.x86_64.rpm openssh-askpass-6.6.1p1-25.el7_2.x86_64.rpm openssh-clients-6.6.1p1-25.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-6.6.1p1-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-25.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-25.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-25.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.25.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1908 https://access.redhat.com/security/cve/CVE-2016-3115 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8F77XlSAg2UNWIIRAswbAJ4qRWmrkQpejHbmVYhNXavXLU0udwCdGmJ3 Gc0CjsXsB0foUSGfwWmD1ic= =N81o -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 21 20:53:37 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Mar 2016 20:53:37 +0000 Subject: [RHSA-2016:0466-01] Moderate: openssh security update Message-ID: <201603212053.u2LKrb2S029379@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security update Advisory ID: RHSA-2016:0466-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0466.html Issue date: 2016-03-21 CVE Names: CVE-2015-5600 CVE-2016-3115 ===================================================================== 1. Summary: Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices 1316829 - CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssh-5.3p1-114.el6_7.src.rpm i386: openssh-5.3p1-114.el6_7.i686.rpm openssh-askpass-5.3p1-114.el6_7.i686.rpm openssh-clients-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-server-5.3p1-114.el6_7.i686.rpm x86_64: openssh-5.3p1-114.el6_7.x86_64.rpm openssh-askpass-5.3p1-114.el6_7.x86_64.rpm openssh-clients-5.3p1-114.el6_7.x86_64.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-server-5.3p1-114.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-ldap-5.3p1-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm x86_64: openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-ldap-5.3p1-114.el6_7.x86_64.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssh-5.3p1-114.el6_7.src.rpm x86_64: openssh-5.3p1-114.el6_7.x86_64.rpm openssh-clients-5.3p1-114.el6_7.x86_64.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-server-5.3p1-114.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssh-askpass-5.3p1-114.el6_7.x86_64.rpm openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-ldap-5.3p1-114.el6_7.x86_64.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssh-5.3p1-114.el6_7.src.rpm i386: openssh-5.3p1-114.el6_7.i686.rpm openssh-askpass-5.3p1-114.el6_7.i686.rpm openssh-clients-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-server-5.3p1-114.el6_7.i686.rpm ppc64: openssh-5.3p1-114.el6_7.ppc64.rpm openssh-askpass-5.3p1-114.el6_7.ppc64.rpm openssh-clients-5.3p1-114.el6_7.ppc64.rpm openssh-debuginfo-5.3p1-114.el6_7.ppc64.rpm openssh-server-5.3p1-114.el6_7.ppc64.rpm s390x: openssh-5.3p1-114.el6_7.s390x.rpm openssh-askpass-5.3p1-114.el6_7.s390x.rpm openssh-clients-5.3p1-114.el6_7.s390x.rpm openssh-debuginfo-5.3p1-114.el6_7.s390x.rpm openssh-server-5.3p1-114.el6_7.s390x.rpm x86_64: openssh-5.3p1-114.el6_7.x86_64.rpm openssh-askpass-5.3p1-114.el6_7.x86_64.rpm openssh-clients-5.3p1-114.el6_7.x86_64.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-server-5.3p1-114.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-ldap-5.3p1-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm ppc64: openssh-debuginfo-5.3p1-114.el6_7.ppc.rpm openssh-debuginfo-5.3p1-114.el6_7.ppc64.rpm openssh-ldap-5.3p1-114.el6_7.ppc64.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.ppc.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.ppc64.rpm s390x: openssh-debuginfo-5.3p1-114.el6_7.s390.rpm openssh-debuginfo-5.3p1-114.el6_7.s390x.rpm openssh-ldap-5.3p1-114.el6_7.s390x.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.s390.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.s390x.rpm x86_64: openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-ldap-5.3p1-114.el6_7.x86_64.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssh-5.3p1-114.el6_7.src.rpm i386: openssh-5.3p1-114.el6_7.i686.rpm openssh-askpass-5.3p1-114.el6_7.i686.rpm openssh-clients-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-server-5.3p1-114.el6_7.i686.rpm x86_64: openssh-5.3p1-114.el6_7.x86_64.rpm openssh-askpass-5.3p1-114.el6_7.x86_64.rpm openssh-clients-5.3p1-114.el6_7.x86_64.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-server-5.3p1-114.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-ldap-5.3p1-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm x86_64: openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-ldap-5.3p1-114.el6_7.x86_64.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5600 https://access.redhat.com/security/cve/CVE-2016-3115 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8F81XlSAg2UNWIIRAmSXAJ4kqhRETp1qlazxcByNlmrDxR/C8gCgkfK7 vm7cu9quoQRjW7+m5JUX+8M= =anfH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 16:51:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2016 12:51:51 -0400 Subject: [RHSA-2016:0489-01] Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update Message-ID: <201603221651.u2MGppC9010903@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update Advisory ID: RHSA-2016:0489-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0489.html Issue date: 2016-03-22 CVE Names: CVE-2015-5254 CVE-2015-5317 CVE-2015-5318 CVE-2015-5319 CVE-2015-5320 CVE-2015-5321 CVE-2015-5322 CVE-2015-5323 CVE-2015-5324 CVE-2015-5325 CVE-2015-5326 CVE-2015-7537 CVE-2015-7538 CVE-2015-7539 CVE-2015-8103 ===================================================================== 1. Summary: Red Hat OpenShift Enterprise release 2.2.9, which fixes several security issues, several bugs, and introduces feature enhancements, is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise Client 2.2 - noarch Red Hat OpenShift Enterprise Infrastructure 2.2 - noarch, x86_64 Red Hat OpenShift Enterprise Node 2.2 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. The following security issue is addressed with this release: It was found that ActiveMQ did not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the ActiveMQ application. (CVE-2015-5254) An update for Jenkins Continuous Integration Server that addresses a large number of security issues including XSS, CSRF, information disclosure and code execution have been addressed as well. (CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, CVE-2015-7539, CVE-2015-8103) Space precludes documenting all of the bug fixes in this advisory. See the OpenShift Enterprise Technical Notes, which will be updated shortly for release 2.2.9, for details about these changes: https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-s ingle/Technical_Notes/index.html All OpenShift Enterprise 2 users are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. See the OpenShift Enterprise 2.2 Release Notes, which will be updated shortly for release 2.2.9, for important instructions on how to fully apply this asynchronous errata update: https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-s ingle/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1111456 - jenkin app will be created as default small gear size when user create app with --enable-jenkins and non-default gear-size 1140816 - oo-admin-ctl-district missing documentation for listing districts 1160934 - "oo-admin-ctl-gears stopgear" failed to stop idled gear 1168480 - Should prompt correct information when execute oo-admin-ctl-user --addgearsize $invalid value 1169690 - Webconsole should show warning info when add cartridge as quota used up to QUOTA_WARNING_PERCENT 1265423 - .gitconfig is not configurable for application create 1265811 - oo-accept-node reports a quota failures when a loop device is used. 1279584 - Users have nil value for resulting in failed oo-admin-repair 1282359 - CVE-2015-5317 jenkins: Project name disclosure via fingerprints (SECURITY-153) 1282361 - CVE-2015-5318 jenkins: Public value used for CSRF protection salt (SECURITY-169) 1282362 - CVE-2015-5319 jenkins: XXE injection into job configurations via CLI (SECURITY-173) 1282363 - CVE-2015-5320 jenkins: Secret key not verified when connecting a slave (SECURITY-184) 1282364 - CVE-2015-5321 jenkins: Information disclosure via sidepanel (SECURITY-192) 1282365 - CVE-2015-5322 jenkins: Local file inclusion vulnerability (SECURITY-195) 1282366 - CVE-2015-5323 jenkins: API tokens of other users available to admins (SECURITY-200) 1282367 - CVE-2015-5324 jenkins: Queue API did show items not visible to the current user (SECURITY-186) 1282368 - CVE-2015-5325 jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206) 1282369 - CVE-2015-5326 jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214) 1282371 - CVE-2015-8103 jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218) 1283372 - oo-admin-gear man page displays wrong option 1291292 - CVE-2015-5254 activemq: unsafe deserialization 1291795 - CVE-2015-7537 jenkins: CSRF vulnerability in some administrative actions (SECURITY-225) 1291797 - CVE-2015-7538 jenkins: CSRF protection ineffective (SECURITY-233) 1291798 - CVE-2015-7539 jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234) 1294513 - oo-diagnostics test_enterprise_rpms fails for nodejs010-nodejs-debug 1299014 - [RFE] Configuration setting to set cipher on Openshift node web proxy 1299095 - oo-diagnostic error on broker No such file or directory - /etc/openshift/env/OPENSHIFT_BROKER_HOST 1302787 - Node web proxy configuration file is overwritten upon update 1305688 - oo-accept-broker incorrectly parses MONGO_HOST_PORT individual host and ports 1307174 - rhc ssh does not respect PATH env variable, nor the --ssh PATH option 1307175 - oo-accept-node does not validate whether threads are in cgroups 1308716 - rhc snapshot save different app with the same name in the same dir didn't prompt conflict information 1308718 - It is better to return meaningful error message when do ssh in head gear of scalable app with incorrect user id or ssh url 1308720 - Unable to deploy Drupal 1308722 - Django quickstart can't bind address 1308739 - It will not validate the deployment type when do app deploy via REST API 1310247 - New configuration item, TRAFFIC_CONTROL_DEVS 1310266 - https using letsencrypt has B rating - chain incomplete 1310841 - Fix zsh autocompletion for rhc 1314535 - oo-admin-repair-node,oo-admin-ctl-iptables-port-proxy and oo-admin-ctl-tc has no man page 1314546 - Python cartridge doesn't stop deploy process when it failed to install packages (It is different from behavior of other cartridges) 6. Package List: Red Hat OpenShift Enterprise Client 2.2: Source: rhc-1.38.6.1-1.el6op.src.rpm noarch: rhc-1.38.6.1-1.el6op.noarch.rpm Red Hat OpenShift Enterprise Infrastructure 2.2: Source: activemq-5.9.0-6.redhat.611454.el6op.src.rpm openshift-enterprise-upgrade-2.2.9-1.el6op.src.rpm openshift-origin-broker-util-1.37.5.3-1.el6op.src.rpm rubygem-openshift-origin-common-1.29.5.2-1.el6op.src.rpm rubygem-openshift-origin-console-1.35.5.1-1.el6op.src.rpm rubygem-openshift-origin-controller-1.38.5.1-1.el6op.src.rpm noarch: openshift-enterprise-release-2.2.9-1.el6op.noarch.rpm openshift-enterprise-upgrade-broker-2.2.9-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.2.9-1.el6op.noarch.rpm openshift-origin-broker-util-1.37.5.3-1.el6op.noarch.rpm rubygem-openshift-origin-common-1.29.5.2-1.el6op.noarch.rpm rubygem-openshift-origin-console-1.35.5.1-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.38.5.1-1.el6op.noarch.rpm x86_64: activemq-5.9.0-6.redhat.611454.el6op.x86_64.rpm activemq-client-5.9.0-6.redhat.611454.el6op.x86_64.rpm Red Hat OpenShift Enterprise Node 2.2: Source: activemq-5.9.0-6.redhat.611454.el6op.src.rpm jenkins-1.625.3-1.el6op.src.rpm openshift-enterprise-upgrade-2.2.9-1.el6op.src.rpm openshift-origin-cartridge-cron-1.25.2.1-1.el6op.src.rpm openshift-origin-cartridge-haproxy-1.31.5.1-1.el6op.src.rpm openshift-origin-cartridge-mysql-1.31.2.1-1.el6op.src.rpm openshift-origin-cartridge-php-1.35.3.1-1.el6op.src.rpm openshift-origin-cartridge-python-1.34.2.1-1.el6op.src.rpm openshift-origin-msg-node-mcollective-1.30.2.1-1.el6op.src.rpm openshift-origin-node-proxy-1.26.2.1-1.el6op.src.rpm openshift-origin-node-util-1.38.6.2-1.el6op.src.rpm php-5.3.3-46.el6_7.1.src.rpm rubygem-openshift-origin-common-1.29.5.2-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-vhost-0.13.2.1-1.el6op.src.rpm rubygem-openshift-origin-node-1.38.5.3-1.el6op.src.rpm noarch: jenkins-1.625.3-1.el6op.noarch.rpm openshift-enterprise-release-2.2.9-1.el6op.noarch.rpm openshift-enterprise-upgrade-node-2.2.9-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.2.9-1.el6op.noarch.rpm openshift-origin-cartridge-cron-1.25.2.1-1.el6op.noarch.rpm openshift-origin-cartridge-haproxy-1.31.5.1-1.el6op.noarch.rpm openshift-origin-cartridge-mysql-1.31.2.1-1.el6op.noarch.rpm openshift-origin-cartridge-php-1.35.3.1-1.el6op.noarch.rpm openshift-origin-cartridge-python-1.34.2.1-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.30.2.1-1.el6op.noarch.rpm openshift-origin-node-proxy-1.26.2.1-1.el6op.noarch.rpm openshift-origin-node-util-1.38.6.2-1.el6op.noarch.rpm rubygem-openshift-origin-common-1.29.5.2-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-vhost-0.13.2.1-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.38.5.3-1.el6op.noarch.rpm x86_64: activemq-client-5.9.0-6.redhat.611454.el6op.x86_64.rpm php-bcmath-5.3.3-46.el6_7.1.x86_64.rpm php-debuginfo-5.3.3-46.el6_7.1.x86_64.rpm php-devel-5.3.3-46.el6_7.1.x86_64.rpm php-fpm-5.3.3-46.el6_7.1.x86_64.rpm php-imap-5.3.3-46.el6_7.1.x86_64.rpm php-intl-5.3.3-46.el6_7.1.x86_64.rpm php-mbstring-5.3.3-46.el6_7.1.x86_64.rpm php-process-5.3.3-46.el6_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5254 https://access.redhat.com/security/cve/CVE-2015-5317 https://access.redhat.com/security/cve/CVE-2015-5318 https://access.redhat.com/security/cve/CVE-2015-5319 https://access.redhat.com/security/cve/CVE-2015-5320 https://access.redhat.com/security/cve/CVE-2015-5321 https://access.redhat.com/security/cve/CVE-2015-5322 https://access.redhat.com/security/cve/CVE-2015-5323 https://access.redhat.com/security/cve/CVE-2015-5324 https://access.redhat.com/security/cve/CVE-2015-5325 https://access.redhat.com/security/cve/CVE-2015-5326 https://access.redhat.com/security/cve/CVE-2015-7537 https://access.redhat.com/security/cve/CVE-2015-7538 https://access.redhat.com/security/cve/CVE-2015-7539 https://access.redhat.com/security/cve/CVE-2015-8103 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8XglXlSAg2UNWIIRAoouAJ0XHeEABsx6OtQv/S8IBfl53g9JAgCeLtjq xQ2Bp9Ov4WK0pelScKgBp0Y= =hzs2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:25:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2016 21:25:51 +0000 Subject: [RHSA-2016:0491-01] Moderate: foomatic security update Message-ID: <201603222125.u2MLPpvg010754@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: foomatic security update Advisory ID: RHSA-2016:0491-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0491.html Issue date: 2016-03-22 CVE Names: CVE-2010-5325 CVE-2015-8327 CVE-2015-8560 ===================================================================== 1. Summary: An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218297 - CVE-2010-5325 foomatic: potential remote arbitrary code execution 1287523 - CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character 1291227 - CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: foomatic-4.0.4-5.el6_7.src.rpm i386: foomatic-4.0.4-5.el6_7.i686.rpm foomatic-debuginfo-4.0.4-5.el6_7.i686.rpm x86_64: foomatic-4.0.4-5.el6_7.x86_64.rpm foomatic-debuginfo-4.0.4-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: foomatic-4.0.4-5.el6_7.src.rpm x86_64: foomatic-4.0.4-5.el6_7.x86_64.rpm foomatic-debuginfo-4.0.4-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: foomatic-4.0.4-5.el6_7.src.rpm i386: foomatic-4.0.4-5.el6_7.i686.rpm foomatic-debuginfo-4.0.4-5.el6_7.i686.rpm ppc64: foomatic-4.0.4-5.el6_7.ppc64.rpm foomatic-debuginfo-4.0.4-5.el6_7.ppc64.rpm s390x: foomatic-4.0.4-5.el6_7.s390x.rpm foomatic-debuginfo-4.0.4-5.el6_7.s390x.rpm x86_64: foomatic-4.0.4-5.el6_7.x86_64.rpm foomatic-debuginfo-4.0.4-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: foomatic-4.0.4-5.el6_7.src.rpm i386: foomatic-4.0.4-5.el6_7.i686.rpm foomatic-debuginfo-4.0.4-5.el6_7.i686.rpm x86_64: foomatic-4.0.4-5.el6_7.x86_64.rpm foomatic-debuginfo-4.0.4-5.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2010-5325 https://access.redhat.com/security/cve/CVE-2015-8327 https://access.redhat.com/security/cve/CVE-2015-8560 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8bgMXlSAg2UNWIIRAku0AKCD+H9IbvXBMQdriz4yycBJ0Cz+/ACfRvzc kzYt9xNP3vTqE/45NtLzP+0= =xtkT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:26:41 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2016 21:26:41 +0000 Subject: [RHSA-2016:0492-01] Moderate: tomcat6 security and bug fix update Message-ID: <201603222126.u2MLQfvw012860@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2016:0492-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0492.html Issue date: 2016-03-22 CVE Names: CVE-2014-7810 ===================================================================== 1. Summary: Updated tomcat6 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) This update also fixes the following bug: * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs. (BZ#1301646) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1222573 - CVE-2014-7810 Tomcat/JbossWeb: security manager bypass via EL expressions 1301646 - Tomcat 6 NIO connector memory leak [rhel-6.7.z] 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-94.el6_7.src.rpm i386: tomcat6-6.0.24-94.el6_7.i686.rpm tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-lib-6.0.24-94.el6_7.i686.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm tomcat6-webapps-6.0.24-94.el6_7.i686.rpm x86_64: tomcat6-6.0.24-94.el6_7.x86_64.rpm tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-94.el6_7.src.rpm x86_64: tomcat6-6.0.24-94.el6_7.x86_64.rpm tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-94.el6_7.src.rpm i386: tomcat6-6.0.24-94.el6_7.i686.rpm tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-lib-6.0.24-94.el6_7.i686.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm ppc64: tomcat6-6.0.24-94.el6_7.ppc64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.ppc64.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.ppc64.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.ppc64.rpm tomcat6-lib-6.0.24-94.el6_7.ppc64.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.ppc64.rpm s390x: tomcat6-6.0.24-94.el6_7.s390x.rpm tomcat6-debuginfo-6.0.24-94.el6_7.s390x.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.s390x.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.s390x.rpm tomcat6-lib-6.0.24-94.el6_7.s390x.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.s390x.rpm x86_64: tomcat6-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm tomcat6-webapps-6.0.24-94.el6_7.i686.rpm ppc64: tomcat6-admin-webapps-6.0.24-94.el6_7.ppc64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.ppc64.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.ppc64.rpm tomcat6-javadoc-6.0.24-94.el6_7.ppc64.rpm tomcat6-webapps-6.0.24-94.el6_7.ppc64.rpm s390x: tomcat6-admin-webapps-6.0.24-94.el6_7.s390x.rpm tomcat6-debuginfo-6.0.24-94.el6_7.s390x.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.s390x.rpm tomcat6-javadoc-6.0.24-94.el6_7.s390x.rpm tomcat6-webapps-6.0.24-94.el6_7.s390x.rpm x86_64: tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-94.el6_7.src.rpm i386: tomcat6-6.0.24-94.el6_7.i686.rpm tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-lib-6.0.24-94.el6_7.i686.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm x86_64: tomcat6-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm tomcat6-webapps-6.0.24-94.el6_7.i686.rpm x86_64: tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7810 https://access.redhat.com/security/updates/classification/#moderate https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8bh8XlSAg2UNWIIRAv2hAJ92D89IV3LfOMTX5VYuFikbSa83aQCcC8at Cvt9E+nWmM6KUT4kLOCBwkE= =+HtJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:28:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2016 21:28:22 +0000 Subject: [RHSA-2016:0493-01] Moderate: krb5 security update Message-ID: <201603222128.u2MLSM9N013637@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2016:0493-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0493.html Issue date: 2016-03-22 CVE Names: CVE-2015-8629 CVE-2015-8631 ===================================================================== 1. Summary: Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1302617 - CVE-2015-8629 krb5: xdr_nullstring() doesn't check for terminating null character 1302642 - CVE-2015-8631 krb5: Memory leak caused by supplying a null principal name in request 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: krb5-1.10.3-42z1.el6_7.src.rpm i386: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-libs-1.10.3-42z1.el6_7.i686.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm krb5-workstation-1.10.3-42z1.el6_7.i686.rpm x86_64: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm krb5-libs-1.10.3-42z1.el6_7.i686.rpm krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-devel-1.10.3-42z1.el6_7.i686.rpm krb5-server-1.10.3-42z1.el6_7.i686.rpm krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm x86_64: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm krb5-devel-1.10.3-42z1.el6_7.i686.rpm krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: krb5-1.10.3-42z1.el6_7.src.rpm x86_64: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm krb5-libs-1.10.3-42z1.el6_7.i686.rpm krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm krb5-devel-1.10.3-42z1.el6_7.i686.rpm krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: krb5-1.10.3-42z1.el6_7.src.rpm i386: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-devel-1.10.3-42z1.el6_7.i686.rpm krb5-libs-1.10.3-42z1.el6_7.i686.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm krb5-server-1.10.3-42z1.el6_7.i686.rpm krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm krb5-workstation-1.10.3-42z1.el6_7.i686.rpm ppc64: krb5-debuginfo-1.10.3-42z1.el6_7.ppc.rpm krb5-debuginfo-1.10.3-42z1.el6_7.ppc64.rpm krb5-devel-1.10.3-42z1.el6_7.ppc.rpm krb5-devel-1.10.3-42z1.el6_7.ppc64.rpm krb5-libs-1.10.3-42z1.el6_7.ppc.rpm krb5-libs-1.10.3-42z1.el6_7.ppc64.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.ppc64.rpm krb5-server-1.10.3-42z1.el6_7.ppc64.rpm krb5-server-ldap-1.10.3-42z1.el6_7.ppc.rpm krb5-server-ldap-1.10.3-42z1.el6_7.ppc64.rpm krb5-workstation-1.10.3-42z1.el6_7.ppc64.rpm s390x: krb5-debuginfo-1.10.3-42z1.el6_7.s390.rpm krb5-debuginfo-1.10.3-42z1.el6_7.s390x.rpm krb5-devel-1.10.3-42z1.el6_7.s390.rpm krb5-devel-1.10.3-42z1.el6_7.s390x.rpm krb5-libs-1.10.3-42z1.el6_7.s390.rpm krb5-libs-1.10.3-42z1.el6_7.s390x.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.s390x.rpm krb5-server-1.10.3-42z1.el6_7.s390x.rpm krb5-server-ldap-1.10.3-42z1.el6_7.s390.rpm krb5-server-ldap-1.10.3-42z1.el6_7.s390x.rpm krb5-workstation-1.10.3-42z1.el6_7.s390x.rpm x86_64: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm krb5-devel-1.10.3-42z1.el6_7.i686.rpm krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm krb5-libs-1.10.3-42z1.el6_7.i686.rpm krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: krb5-1.10.3-42z1.el6_7.src.rpm i386: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-devel-1.10.3-42z1.el6_7.i686.rpm krb5-libs-1.10.3-42z1.el6_7.i686.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm krb5-server-1.10.3-42z1.el6_7.i686.rpm krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm krb5-workstation-1.10.3-42z1.el6_7.i686.rpm x86_64: krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm krb5-devel-1.10.3-42z1.el6_7.i686.rpm krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm krb5-libs-1.10.3-42z1.el6_7.i686.rpm krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-1.10.3-42z1.el6_7.x86_64.rpm krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8629 https://access.redhat.com/security/cve/CVE-2015-8631 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8biuXlSAg2UNWIIRAqANAJ9isYlOZU2KEHrFlUiObFIZ/XBxNACdGV8O ioClPmNh8+o8ZSOXMkaB8vs= =+IYW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:55:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2016 21:55:40 +0000 Subject: [RHSA-2016:0494-01] Moderate: kernel security, bug fix, and enhancement update Message-ID: <201603222155.u2MLtfj9006562@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:0494-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0494.html Issue date: 2016-03-22 CVE Names: CVE-2016-0774 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) The security impact of this issue was discovered by Red Hat. This update also fixes the following bugs: * In the anon_vma structure, the degree counts number of child anon_vmas and of VMAs which points to this anon_vma. Failure to decrement the parent's degree in the unlink_anon_vma() function, when its list was empty, previously triggered a BUG_ON() assertion. The provided patch makes sure the anon_vma degree is always decremented when the VMA list is empty, thus fixing this bug. (BZ#1318364) * When running Internet Protocol Security (IPSEC) on external storage encrypted with LUKS under a substantial load on the system, data corruptions could previously occur. A set of upstream patches has been provided, and data corruption is no longer reported in this situation. (BZ#1298994) * Due to prematurely decremented calc_load_task, the calculated load average was off by up to the number of CPUs in the machine. As a consequence, job scheduling worked improperly causing a drop in the system performance. This update keeps the delta of the CPU going into NO_HZ idle separately, and folds the pending idle delta into the global active count while correctly aging the averages for the idle-duration when leaving NO_HZ mode. Now, job scheduling works correctly, ensuring balanced CPU load. (BZ#1300349) * Due to a regression in the Red Hat Enterprise Linux 6.7 kernel, the cgroup OOM notifier accessed a cgroup-specific internal data structure without a proper locking protection, which led to a kernel panic. This update adjusts the cgroup OOM notifier to lock internal data properly, thus fixing the bug. (BZ#1302763) * GFS2 had a rare timing window that sometimes caused it to reference an uninitialized variable. Consequently, a kernel panic occurred. The code has been changed to reference the correct value during this timing window, and the kernel no longer panics. (BZ#1304332) * Due to a race condition whereby a cache operation could be submitted after a cache object was killed, the kernel occasionally crashed on systems running the cachefilesd service. The provided patch prevents the race condition by adding serialization in the code that makes the object unavailable. As a result, all subsequent operations targetted on the object are rejected and the kernel no longer crashes in this scenario. (BZ#1308471) This update also adds this enhancement: * The lpfc driver has been updated to version 11.0.0.4. (BZ#1297838) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303961 - CVE-2016-0774 kernel: pipe buffer state corruption after unsuccessful atomic read from pipe 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-573.22.1.el6.src.rpm i386: kernel-2.6.32-573.22.1.el6.i686.rpm kernel-debug-2.6.32-573.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm kernel-devel-2.6.32-573.22.1.el6.i686.rpm kernel-headers-2.6.32-573.22.1.el6.i686.rpm perf-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.22.1.el6.noarch.rpm kernel-doc-2.6.32-573.22.1.el6.noarch.rpm kernel-firmware-2.6.32-573.22.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm kernel-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-headers-2.6.32-573.22.1.el6.x86_64.rpm perf-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-573.22.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.22.1.el6.noarch.rpm kernel-doc-2.6.32-573.22.1.el6.noarch.rpm kernel-firmware-2.6.32-573.22.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm kernel-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-headers-2.6.32-573.22.1.el6.x86_64.rpm perf-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-573.22.1.el6.src.rpm i386: kernel-2.6.32-573.22.1.el6.i686.rpm kernel-debug-2.6.32-573.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm kernel-devel-2.6.32-573.22.1.el6.i686.rpm kernel-headers-2.6.32-573.22.1.el6.i686.rpm perf-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.22.1.el6.noarch.rpm kernel-doc-2.6.32-573.22.1.el6.noarch.rpm kernel-firmware-2.6.32-573.22.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.22.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.22.1.el6.ppc64.rpm kernel-debug-2.6.32-573.22.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.22.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.22.1.el6.ppc64.rpm kernel-devel-2.6.32-573.22.1.el6.ppc64.rpm kernel-headers-2.6.32-573.22.1.el6.ppc64.rpm perf-2.6.32-573.22.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.22.1.el6.s390x.rpm kernel-debug-2.6.32-573.22.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.22.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.22.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.22.1.el6.s390x.rpm kernel-devel-2.6.32-573.22.1.el6.s390x.rpm kernel-headers-2.6.32-573.22.1.el6.s390x.rpm kernel-kdump-2.6.32-573.22.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.22.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.22.1.el6.s390x.rpm perf-2.6.32-573.22.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.22.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm kernel-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-headers-2.6.32-573.22.1.el6.x86_64.rpm perf-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.22.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm python-perf-2.6.32-573.22.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.22.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.22.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.22.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.22.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.22.1.el6.s390x.rpm python-perf-2.6.32-573.22.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-573.22.1.el6.src.rpm i386: kernel-2.6.32-573.22.1.el6.i686.rpm kernel-debug-2.6.32-573.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm kernel-devel-2.6.32-573.22.1.el6.i686.rpm kernel-headers-2.6.32-573.22.1.el6.i686.rpm perf-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.22.1.el6.noarch.rpm kernel-doc-2.6.32-573.22.1.el6.noarch.rpm kernel-firmware-2.6.32-573.22.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm kernel-devel-2.6.32-573.22.1.el6.x86_64.rpm kernel-headers-2.6.32-573.22.1.el6.x86_64.rpm perf-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.22.1.el6.i686.rpm perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm python-perf-2.6.32-573.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm python-perf-2.6.32-573.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.22.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0774 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8b8SXlSAg2UNWIIRAq8OAJ0Y4bFtarqu+9HC3rYZ+K2DILDbFACeMkEC yBJF6H2aOZ3X0GCBq+vPDNY= =5fPn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 23 10:07:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Mar 2016 10:07:51 +0000 Subject: [RHSA-2016:0495-01] Critical: nss-util security update Message-ID: <201603231007.u2NA7p4f015231@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0495-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0495.html Issue date: 2016-03-23 CVE Names: CVE-2016-1950 ===================================================================== 1. Summary: Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util libraries must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: nss-util-3.19.1-3.el6_6.src.rpm x86_64: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-3.19.1-3.el6_6.x86_64.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: nss-util-3.13.1-10.el6_2.src.rpm x86_64: nss-util-3.13.1-10.el6_2.i686.rpm nss-util-3.13.1-10.el6_2.x86_64.rpm nss-util-debuginfo-3.13.1-10.el6_2.i686.rpm nss-util-debuginfo-3.13.1-10.el6_2.x86_64.rpm nss-util-devel-3.13.1-10.el6_2.i686.rpm nss-util-devel-3.13.1-10.el6_2.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: nss-util-3.14.3-8.el6_4.src.rpm x86_64: nss-util-3.14.3-8.el6_4.i686.rpm nss-util-3.14.3-8.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-8.el6_4.i686.rpm nss-util-debuginfo-3.14.3-8.el6_4.x86_64.rpm nss-util-devel-3.14.3-8.el6_4.i686.rpm nss-util-devel-3.14.3-8.el6_4.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: nss-util-3.16.1-4.el6_5.src.rpm x86_64: nss-util-3.16.1-4.el6_5.i686.rpm nss-util-3.16.1-4.el6_5.x86_64.rpm nss-util-debuginfo-3.16.1-4.el6_5.i686.rpm nss-util-debuginfo-3.16.1-4.el6_5.x86_64.rpm nss-util-devel-3.16.1-4.el6_5.i686.rpm nss-util-devel-3.16.1-4.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: nss-util-3.19.1-3.el6_6.src.rpm i386: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm ppc64: nss-util-3.19.1-3.el6_6.ppc.rpm nss-util-3.19.1-3.el6_6.ppc64.rpm nss-util-debuginfo-3.19.1-3.el6_6.ppc.rpm nss-util-debuginfo-3.19.1-3.el6_6.ppc64.rpm nss-util-devel-3.19.1-3.el6_6.ppc.rpm nss-util-devel-3.19.1-3.el6_6.ppc64.rpm s390x: nss-util-3.19.1-3.el6_6.s390.rpm nss-util-3.19.1-3.el6_6.s390x.rpm nss-util-debuginfo-3.19.1-3.el6_6.s390.rpm nss-util-debuginfo-3.19.1-3.el6_6.s390x.rpm nss-util-devel-3.19.1-3.el6_6.s390.rpm nss-util-devel-3.19.1-3.el6_6.s390x.rpm x86_64: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-3.19.1-3.el6_6.x86_64.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: nss-util-3.19.1-5.el7_1.src.rpm x86_64: nss-util-3.19.1-5.el7_1.i686.rpm nss-util-3.19.1-5.el7_1.x86_64.rpm nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm nss-util-devel-3.19.1-5.el7_1.i686.rpm nss-util-devel-3.19.1-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: nss-util-3.19.1-5.el7_1.src.rpm ppc64: nss-util-3.19.1-5.el7_1.ppc.rpm nss-util-3.19.1-5.el7_1.ppc64.rpm nss-util-debuginfo-3.19.1-5.el7_1.ppc.rpm nss-util-debuginfo-3.19.1-5.el7_1.ppc64.rpm nss-util-devel-3.19.1-5.el7_1.ppc.rpm nss-util-devel-3.19.1-5.el7_1.ppc64.rpm s390x: nss-util-3.19.1-5.el7_1.s390.rpm nss-util-3.19.1-5.el7_1.s390x.rpm nss-util-debuginfo-3.19.1-5.el7_1.s390.rpm nss-util-debuginfo-3.19.1-5.el7_1.s390x.rpm nss-util-devel-3.19.1-5.el7_1.s390.rpm nss-util-devel-3.19.1-5.el7_1.s390x.rpm x86_64: nss-util-3.19.1-5.el7_1.i686.rpm nss-util-3.19.1-5.el7_1.x86_64.rpm nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm nss-util-devel-3.19.1-5.el7_1.i686.rpm nss-util-devel-3.19.1-5.el7_1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: nss-util-3.19.1-5.ael7b_1.src.rpm ppc64le: nss-util-3.19.1-5.ael7b_1.ppc64le.rpm nss-util-debuginfo-3.19.1-5.ael7b_1.ppc64le.rpm nss-util-devel-3.19.1-5.ael7b_1.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8mrxXlSAg2UNWIIRApd+AKC89tmaT/sw/qZV56m0D+wS0ksruwCgoZdA LWDm7Ow/XWG3HaU1ic1EWh4= =RGkL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 23 13:36:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Mar 2016 09:36:40 -0400 Subject: [RHSA-2016:0496-01] Important: git security update Message-ID: <201603231336.u2NDaeXC001189@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: git security update Advisory ID: RHSA-2016:0496-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0496.html Issue date: 2016-03-23 CVE Names: CVE-2016-2315 CVE-2016-2324 ===================================================================== 1. Summary: Updated git packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. (CVE-2016-2315, CVE-2016-2324) All git users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1317981 - CVE-2016-2315 CVE-2016-2324 git: path_name() integer truncation and overflow leading to buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: git-1.7.1-4.el6_7.1.src.rpm i386: git-1.7.1-4.el6_7.1.i686.rpm git-daemon-1.7.1-4.el6_7.1.i686.rpm git-debuginfo-1.7.1-4.el6_7.1.i686.rpm noarch: emacs-git-1.7.1-4.el6_7.1.noarch.rpm emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm git-all-1.7.1-4.el6_7.1.noarch.rpm git-cvs-1.7.1-4.el6_7.1.noarch.rpm git-email-1.7.1-4.el6_7.1.noarch.rpm git-gui-1.7.1-4.el6_7.1.noarch.rpm git-svn-1.7.1-4.el6_7.1.noarch.rpm gitk-1.7.1-4.el6_7.1.noarch.rpm gitweb-1.7.1-4.el6_7.1.noarch.rpm perl-Git-1.7.1-4.el6_7.1.noarch.rpm x86_64: git-1.7.1-4.el6_7.1.x86_64.rpm git-daemon-1.7.1-4.el6_7.1.x86_64.rpm git-debuginfo-1.7.1-4.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: git-1.7.1-4.el6_7.1.src.rpm noarch: emacs-git-1.7.1-4.el6_7.1.noarch.rpm emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm git-all-1.7.1-4.el6_7.1.noarch.rpm git-cvs-1.7.1-4.el6_7.1.noarch.rpm git-email-1.7.1-4.el6_7.1.noarch.rpm git-gui-1.7.1-4.el6_7.1.noarch.rpm git-svn-1.7.1-4.el6_7.1.noarch.rpm gitk-1.7.1-4.el6_7.1.noarch.rpm gitweb-1.7.1-4.el6_7.1.noarch.rpm perl-Git-1.7.1-4.el6_7.1.noarch.rpm x86_64: git-1.7.1-4.el6_7.1.x86_64.rpm git-daemon-1.7.1-4.el6_7.1.x86_64.rpm git-debuginfo-1.7.1-4.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: git-1.7.1-4.el6_7.1.src.rpm i386: git-1.7.1-4.el6_7.1.i686.rpm git-debuginfo-1.7.1-4.el6_7.1.i686.rpm noarch: perl-Git-1.7.1-4.el6_7.1.noarch.rpm ppc64: git-1.7.1-4.el6_7.1.ppc64.rpm git-debuginfo-1.7.1-4.el6_7.1.ppc64.rpm s390x: git-1.7.1-4.el6_7.1.s390x.rpm git-debuginfo-1.7.1-4.el6_7.1.s390x.rpm x86_64: git-1.7.1-4.el6_7.1.x86_64.rpm git-debuginfo-1.7.1-4.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: git-daemon-1.7.1-4.el6_7.1.i686.rpm git-debuginfo-1.7.1-4.el6_7.1.i686.rpm noarch: emacs-git-1.7.1-4.el6_7.1.noarch.rpm emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm git-all-1.7.1-4.el6_7.1.noarch.rpm git-cvs-1.7.1-4.el6_7.1.noarch.rpm git-email-1.7.1-4.el6_7.1.noarch.rpm git-gui-1.7.1-4.el6_7.1.noarch.rpm git-svn-1.7.1-4.el6_7.1.noarch.rpm gitk-1.7.1-4.el6_7.1.noarch.rpm gitweb-1.7.1-4.el6_7.1.noarch.rpm ppc64: git-daemon-1.7.1-4.el6_7.1.ppc64.rpm git-debuginfo-1.7.1-4.el6_7.1.ppc64.rpm s390x: git-daemon-1.7.1-4.el6_7.1.s390x.rpm git-debuginfo-1.7.1-4.el6_7.1.s390x.rpm x86_64: git-daemon-1.7.1-4.el6_7.1.x86_64.rpm git-debuginfo-1.7.1-4.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: git-1.7.1-4.el6_7.1.src.rpm i386: git-1.7.1-4.el6_7.1.i686.rpm git-debuginfo-1.7.1-4.el6_7.1.i686.rpm noarch: perl-Git-1.7.1-4.el6_7.1.noarch.rpm x86_64: git-1.7.1-4.el6_7.1.x86_64.rpm git-debuginfo-1.7.1-4.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: git-daemon-1.7.1-4.el6_7.1.i686.rpm git-debuginfo-1.7.1-4.el6_7.1.i686.rpm noarch: emacs-git-1.7.1-4.el6_7.1.noarch.rpm emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm git-all-1.7.1-4.el6_7.1.noarch.rpm git-cvs-1.7.1-4.el6_7.1.noarch.rpm git-email-1.7.1-4.el6_7.1.noarch.rpm git-gui-1.7.1-4.el6_7.1.noarch.rpm git-svn-1.7.1-4.el6_7.1.noarch.rpm gitk-1.7.1-4.el6_7.1.noarch.rpm gitweb-1.7.1-4.el6_7.1.noarch.rpm x86_64: git-daemon-1.7.1-4.el6_7.1.x86_64.rpm git-debuginfo-1.7.1-4.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: git-1.8.3.1-6.el7_2.1.src.rpm noarch: emacs-git-1.8.3.1-6.el7_2.1.noarch.rpm emacs-git-el-1.8.3.1-6.el7_2.1.noarch.rpm git-all-1.8.3.1-6.el7_2.1.noarch.rpm git-bzr-1.8.3.1-6.el7_2.1.noarch.rpm git-cvs-1.8.3.1-6.el7_2.1.noarch.rpm git-email-1.8.3.1-6.el7_2.1.noarch.rpm git-gui-1.8.3.1-6.el7_2.1.noarch.rpm git-hg-1.8.3.1-6.el7_2.1.noarch.rpm git-p4-1.8.3.1-6.el7_2.1.noarch.rpm gitk-1.8.3.1-6.el7_2.1.noarch.rpm gitweb-1.8.3.1-6.el7_2.1.noarch.rpm perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm perl-Git-SVN-1.8.3.1-6.el7_2.1.noarch.rpm x86_64: git-1.8.3.1-6.el7_2.1.x86_64.rpm git-daemon-1.8.3.1-6.el7_2.1.x86_64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.x86_64.rpm git-svn-1.8.3.1-6.el7_2.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: git-1.8.3.1-6.el7_2.1.src.rpm noarch: emacs-git-1.8.3.1-6.el7_2.1.noarch.rpm emacs-git-el-1.8.3.1-6.el7_2.1.noarch.rpm git-all-1.8.3.1-6.el7_2.1.noarch.rpm git-bzr-1.8.3.1-6.el7_2.1.noarch.rpm git-cvs-1.8.3.1-6.el7_2.1.noarch.rpm git-email-1.8.3.1-6.el7_2.1.noarch.rpm git-gui-1.8.3.1-6.el7_2.1.noarch.rpm git-hg-1.8.3.1-6.el7_2.1.noarch.rpm git-p4-1.8.3.1-6.el7_2.1.noarch.rpm gitk-1.8.3.1-6.el7_2.1.noarch.rpm gitweb-1.8.3.1-6.el7_2.1.noarch.rpm perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm perl-Git-SVN-1.8.3.1-6.el7_2.1.noarch.rpm x86_64: git-1.8.3.1-6.el7_2.1.x86_64.rpm git-daemon-1.8.3.1-6.el7_2.1.x86_64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.x86_64.rpm git-svn-1.8.3.1-6.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: git-1.8.3.1-6.el7_2.1.src.rpm noarch: perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm ppc64: git-1.8.3.1-6.el7_2.1.ppc64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.ppc64.rpm ppc64le: git-1.8.3.1-6.el7_2.1.ppc64le.rpm git-debuginfo-1.8.3.1-6.el7_2.1.ppc64le.rpm s390x: git-1.8.3.1-6.el7_2.1.s390x.rpm git-debuginfo-1.8.3.1-6.el7_2.1.s390x.rpm x86_64: git-1.8.3.1-6.el7_2.1.x86_64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: emacs-git-1.8.3.1-6.el7_2.1.noarch.rpm emacs-git-el-1.8.3.1-6.el7_2.1.noarch.rpm git-all-1.8.3.1-6.el7_2.1.noarch.rpm git-bzr-1.8.3.1-6.el7_2.1.noarch.rpm git-cvs-1.8.3.1-6.el7_2.1.noarch.rpm git-email-1.8.3.1-6.el7_2.1.noarch.rpm git-gui-1.8.3.1-6.el7_2.1.noarch.rpm git-hg-1.8.3.1-6.el7_2.1.noarch.rpm git-p4-1.8.3.1-6.el7_2.1.noarch.rpm gitk-1.8.3.1-6.el7_2.1.noarch.rpm gitweb-1.8.3.1-6.el7_2.1.noarch.rpm perl-Git-SVN-1.8.3.1-6.el7_2.1.noarch.rpm ppc64: git-daemon-1.8.3.1-6.el7_2.1.ppc64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.ppc64.rpm git-svn-1.8.3.1-6.el7_2.1.ppc64.rpm ppc64le: git-daemon-1.8.3.1-6.el7_2.1.ppc64le.rpm git-debuginfo-1.8.3.1-6.el7_2.1.ppc64le.rpm git-svn-1.8.3.1-6.el7_2.1.ppc64le.rpm s390x: git-daemon-1.8.3.1-6.el7_2.1.s390x.rpm git-debuginfo-1.8.3.1-6.el7_2.1.s390x.rpm git-svn-1.8.3.1-6.el7_2.1.s390x.rpm x86_64: git-daemon-1.8.3.1-6.el7_2.1.x86_64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.x86_64.rpm git-svn-1.8.3.1-6.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: git-1.8.3.1-6.el7_2.1.src.rpm noarch: perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm x86_64: git-1.8.3.1-6.el7_2.1.x86_64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: emacs-git-1.8.3.1-6.el7_2.1.noarch.rpm emacs-git-el-1.8.3.1-6.el7_2.1.noarch.rpm git-all-1.8.3.1-6.el7_2.1.noarch.rpm git-bzr-1.8.3.1-6.el7_2.1.noarch.rpm git-cvs-1.8.3.1-6.el7_2.1.noarch.rpm git-email-1.8.3.1-6.el7_2.1.noarch.rpm git-gui-1.8.3.1-6.el7_2.1.noarch.rpm git-hg-1.8.3.1-6.el7_2.1.noarch.rpm git-p4-1.8.3.1-6.el7_2.1.noarch.rpm gitk-1.8.3.1-6.el7_2.1.noarch.rpm gitweb-1.8.3.1-6.el7_2.1.noarch.rpm perl-Git-SVN-1.8.3.1-6.el7_2.1.noarch.rpm x86_64: git-daemon-1.8.3.1-6.el7_2.1.x86_64.rpm git-debuginfo-1.8.3.1-6.el7_2.1.x86_64.rpm git-svn-1.8.3.1-6.el7_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2315 https://access.redhat.com/security/cve/CVE-2016-2324 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2201201 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8pvmXlSAg2UNWIIRAsIRAKCzGPvkSflNMBGhI2HxghqaNJILLACghgdq y1pg+tm1xiU6ynrNDY3GHXM= =5Fzb -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 23 13:36:56 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Mar 2016 09:36:56 -0400 Subject: [RHSA-2016:0497-01] Important: git19-git security update Message-ID: <201603231336.u2NDau3j002306@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: git19-git security update Advisory ID: RHSA-2016:0497-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0497.html Issue date: 2016-03-23 CVE Names: CVE-2016-2315 CVE-2016-2324 ===================================================================== 1. Summary: Updated git19-git packages that fix two security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. (CVE-2016-2315, CVE-2016-2324) All git19-git users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1317981 - CVE-2016-2315 CVE-2016-2324 git: path_name() integer truncation and overflow leading to buffer overflow 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: git19-git-1.9.4-4.el6.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el6.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el6.1.noarch.rpm git19-git-all-1.9.4-4.el6.1.noarch.rpm git19-git-cvs-1.9.4-4.el6.1.noarch.rpm git19-git-email-1.9.4-4.el6.1.noarch.rpm git19-git-gui-1.9.4-4.el6.1.noarch.rpm git19-gitk-1.9.4-4.el6.1.noarch.rpm git19-gitweb-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el6.1.noarch.rpm x86_64: git19-git-1.9.4-4.el6.1.x86_64.rpm git19-git-daemon-1.9.4-4.el6.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el6.1.x86_64.rpm git19-git-svn-1.9.4-4.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: git19-git-1.9.4-4.el6.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el6.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el6.1.noarch.rpm git19-git-all-1.9.4-4.el6.1.noarch.rpm git19-git-cvs-1.9.4-4.el6.1.noarch.rpm git19-git-email-1.9.4-4.el6.1.noarch.rpm git19-git-gui-1.9.4-4.el6.1.noarch.rpm git19-gitk-1.9.4-4.el6.1.noarch.rpm git19-gitweb-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el6.1.noarch.rpm x86_64: git19-git-1.9.4-4.el6.1.x86_64.rpm git19-git-daemon-1.9.4-4.el6.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el6.1.x86_64.rpm git19-git-svn-1.9.4-4.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: git19-git-1.9.4-4.el6.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el6.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el6.1.noarch.rpm git19-git-all-1.9.4-4.el6.1.noarch.rpm git19-git-cvs-1.9.4-4.el6.1.noarch.rpm git19-git-email-1.9.4-4.el6.1.noarch.rpm git19-git-gui-1.9.4-4.el6.1.noarch.rpm git19-gitk-1.9.4-4.el6.1.noarch.rpm git19-gitweb-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el6.1.noarch.rpm x86_64: git19-git-1.9.4-4.el6.1.x86_64.rpm git19-git-daemon-1.9.4-4.el6.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el6.1.x86_64.rpm git19-git-svn-1.9.4-4.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: git19-git-1.9.4-4.el6.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el6.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el6.1.noarch.rpm git19-git-all-1.9.4-4.el6.1.noarch.rpm git19-git-cvs-1.9.4-4.el6.1.noarch.rpm git19-git-email-1.9.4-4.el6.1.noarch.rpm git19-git-gui-1.9.4-4.el6.1.noarch.rpm git19-gitk-1.9.4-4.el6.1.noarch.rpm git19-gitweb-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-1.9.4-4.el6.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el6.1.noarch.rpm x86_64: git19-git-1.9.4-4.el6.1.x86_64.rpm git19-git-daemon-1.9.4-4.el6.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el6.1.x86_64.rpm git19-git-svn-1.9.4-4.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: git19-git-1.9.4-4.el7.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el7.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el7.1.noarch.rpm git19-git-all-1.9.4-4.el7.1.noarch.rpm git19-git-bzr-1.9.4-4.el7.1.noarch.rpm git19-git-cvs-1.9.4-4.el7.1.noarch.rpm git19-git-email-1.9.4-4.el7.1.noarch.rpm git19-git-gui-1.9.4-4.el7.1.noarch.rpm git19-git-hg-1.9.4-4.el7.1.noarch.rpm git19-gitk-1.9.4-4.el7.1.noarch.rpm git19-gitweb-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el7.1.noarch.rpm x86_64: git19-git-1.9.4-4.el7.1.x86_64.rpm git19-git-daemon-1.9.4-4.el7.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el7.1.x86_64.rpm git19-git-svn-1.9.4-4.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: git19-git-1.9.4-4.el7.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el7.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el7.1.noarch.rpm git19-git-all-1.9.4-4.el7.1.noarch.rpm git19-git-bzr-1.9.4-4.el7.1.noarch.rpm git19-git-cvs-1.9.4-4.el7.1.noarch.rpm git19-git-email-1.9.4-4.el7.1.noarch.rpm git19-git-gui-1.9.4-4.el7.1.noarch.rpm git19-git-hg-1.9.4-4.el7.1.noarch.rpm git19-gitk-1.9.4-4.el7.1.noarch.rpm git19-gitweb-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el7.1.noarch.rpm x86_64: git19-git-1.9.4-4.el7.1.x86_64.rpm git19-git-daemon-1.9.4-4.el7.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el7.1.x86_64.rpm git19-git-svn-1.9.4-4.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: git19-git-1.9.4-4.el7.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el7.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el7.1.noarch.rpm git19-git-all-1.9.4-4.el7.1.noarch.rpm git19-git-bzr-1.9.4-4.el7.1.noarch.rpm git19-git-cvs-1.9.4-4.el7.1.noarch.rpm git19-git-email-1.9.4-4.el7.1.noarch.rpm git19-git-gui-1.9.4-4.el7.1.noarch.rpm git19-git-hg-1.9.4-4.el7.1.noarch.rpm git19-gitk-1.9.4-4.el7.1.noarch.rpm git19-gitweb-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el7.1.noarch.rpm x86_64: git19-git-1.9.4-4.el7.1.x86_64.rpm git19-git-daemon-1.9.4-4.el7.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el7.1.x86_64.rpm git19-git-svn-1.9.4-4.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: git19-git-1.9.4-4.el7.1.src.rpm noarch: git19-emacs-git-1.9.4-4.el7.1.noarch.rpm git19-emacs-git-el-1.9.4-4.el7.1.noarch.rpm git19-git-all-1.9.4-4.el7.1.noarch.rpm git19-git-bzr-1.9.4-4.el7.1.noarch.rpm git19-git-cvs-1.9.4-4.el7.1.noarch.rpm git19-git-email-1.9.4-4.el7.1.noarch.rpm git19-git-gui-1.9.4-4.el7.1.noarch.rpm git19-git-hg-1.9.4-4.el7.1.noarch.rpm git19-gitk-1.9.4-4.el7.1.noarch.rpm git19-gitweb-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-1.9.4-4.el7.1.noarch.rpm git19-perl-Git-SVN-1.9.4-4.el7.1.noarch.rpm x86_64: git19-git-1.9.4-4.el7.1.x86_64.rpm git19-git-daemon-1.9.4-4.el7.1.x86_64.rpm git19-git-debuginfo-1.9.4-4.el7.1.x86_64.rpm git19-git-svn-1.9.4-4.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2315 https://access.redhat.com/security/cve/CVE-2016-2324 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2201201 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8pv2XlSAg2UNWIIRAqx7AKCHOcL55wy+VDuDZfPNI4hQQ9bMGgCePReW 3h4K5ltEsZcxOP8KAk4kJtA= =X5Qz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 24 01:15:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 01:15:53 +0000 Subject: [RHSA-2016:0502-01] Moderate: python-django security update Message-ID: <201603240115.u2O1FsOg003872@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0502-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0502.html Issue date: 2016-03-24 CVE Names: CVE-2016-2512 CVE-2016-2513 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site. (CVE-2016-2512) * A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. (CVE-2016-2513) Red Hat would like to thank the Django project for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1311431 - CVE-2016-2512 python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth 1311438 - CVE-2016-2513 python-django: User enumeration through timing difference on password hasher work factor upgrade 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: python-django-1.6.11-5.el6ost.src.rpm noarch: python-django-1.6.11-5.el6ost.noarch.rpm python-django-bash-completion-1.6.11-5.el6ost.noarch.rpm python-django-doc-1.6.11-5.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2512 https://access.redhat.com/security/cve/CVE-2016-2513 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8z+6XlSAg2UNWIIRAr7aAKCwJi+JiLoOUoZOXwWkFF6Hne4yuwCfQPsZ eHLLE2mOD0uBD6PDjkX6u4U= =qC4D -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 24 01:16:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 01:16:22 +0000 Subject: [RHSA-2016:0503-01] Moderate: python-django security update Message-ID: <201603240116.u2O1GM2h028648@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0503-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0503.html Issue date: 2016-03-24 CVE Names: CVE-2016-2512 CVE-2016-2513 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site. (CVE-2016-2512) * A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. (CVE-2016-2513) Red Hat would like to thank the Django project for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1311431 - CVE-2016-2512 python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth 1311438 - CVE-2016-2513 python-django: User enumeration through timing difference on password hasher work factor upgrade 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7: Source: python-django-1.6.11-5.el7ost.src.rpm noarch: python-django-1.6.11-5.el7ost.noarch.rpm python-django-bash-completion-1.6.11-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2512 https://access.redhat.com/security/cve/CVE-2016-2513 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8z/TXlSAg2UNWIIRAvtEAJ9PlZicMBPcNqjqK/FIuh6eu92r9QCfcJ79 5dRBKZvDAxcB69WnGBRr9I8= =JFaT -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 24 01:16:40 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 01:16:40 +0000 Subject: [RHSA-2016:0504-01] Moderate: python-django security update Message-ID: <201603240116.u2O1GfIm023703@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0504-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0504.html Issue date: 2016-03-24 CVE Names: CVE-2016-2512 CVE-2016-2513 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site. (CVE-2016-2512) * A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. (CVE-2016-2513) Red Hat would like to thank the Django project for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1311431 - CVE-2016-2512 python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth 1311438 - CVE-2016-2513 python-django: User enumeration through timing difference on password hasher work factor upgrade 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: python-django-1.8.11-1.el7ost.src.rpm noarch: python-django-1.8.11-1.el7ost.noarch.rpm python-django-bash-completion-1.8.11-1.el7ost.noarch.rpm python-django-doc-1.8.11-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2512 https://access.redhat.com/security/cve/CVE-2016-2513 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW8z/wXlSAg2UNWIIRAhDVAKCmm6Zh6tlwCvR4iylkdGB4cCiOSACePl+t PWlJsXxH1sTycQWYRfQp1mE= =NnNK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 24 01:16:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 01:16:57 +0000 Subject: [RHSA-2016:0505-01] Moderate: python-django security update Message-ID: <201603240116.u2O1Gvja027108@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0505-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0505.html Issue date: 2016-03-24 CVE Names: CVE-2016-2512 CVE-2016-2513 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site. (CVE-2016-2512) * A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. (CVE-2016-2513) Red Hat would like to thank the Django project for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1311431 - CVE-2016-2512 python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth 1311438 - CVE-2016-2513 python-django: User enumeration through timing difference on password hasher work factor upgrade 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: python-django-1.6.11-5.el7ost.src.rpm noarch: python-django-1.6.11-5.el7ost.noarch.rpm python-django-bash-completion-1.6.11-5.el7ost.noarch.rpm python-django-doc-1.6.11-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2512 https://access.redhat.com/security/cve/CVE-2016-2513 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW80ADXlSAg2UNWIIRAhe9AJ9gBHlUEIcG1KFKRYvW/wIOu7yAcwCgk8iG UAPQEUfFK+veXo5Kp+oS0xY= =WXMr -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 24 01:17:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 01:17:13 +0000 Subject: [RHSA-2016:0506-01] Moderate: python-django security update Message-ID: <201603240117.u2O1HE36025476@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:0506-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0506.html Issue date: 2016-03-24 CVE Names: CVE-2016-2512 CVE-2016-2513 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site. (CVE-2016-2512) * A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. (CVE-2016-2513) Red Hat would like to thank the Django project for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1311431 - CVE-2016-2512 python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth 1311438 - CVE-2016-2513 python-django: User enumeration through timing difference on password hasher work factor upgrade 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: python-django-1.6.11-5.el7ost.src.rpm noarch: python-django-1.6.11-5.el7ost.noarch.rpm python-django-bash-completion-1.6.11-5.el7ost.noarch.rpm python-django-doc-1.6.11-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2512 https://access.redhat.com/security/cve/CVE-2016-2513 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW80ATXlSAg2UNWIIRAqBqAKC3N4s79g9FPICgbkgkO5gI/b210QCfSPt4 i9S/jMzYcdR6JuRwhsLqDi4= =XEMO -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 25 00:02:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 20:02:01 -0400 Subject: [RHSA-2016:0511-01] Critical: java-1.7.0-openjdk security update Message-ID: <201603250002.u2P021Vm023035@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2016:0511-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0511.html Issue date: 2016-03-24 CVE Names: CVE-2016-0636 ===================================================================== 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1320650 - CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.src.rpm i386: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el6_7.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0636 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW9H/3XlSAg2UNWIIRAp1QAKCP+5wb37YVN4nhW3cnoDPQqUyzJwCcCkbi tCgTdp5YMAkzEGiX6vmEINM= =AJ7Z -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 25 00:02:25 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 20:02:25 -0400 Subject: [RHSA-2016:0512-01] Important: java-1.7.0-openjdk security update Message-ID: <201603250002.u2P02PTe004841@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2016:0512-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0512.html Issue date: 2016-03-24 CVE Names: CVE-2016-0636 ===================================================================== 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1320650 - CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm ppc64le: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm s390x: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el7_2.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2.ppc64.rpm ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2.ppc64le.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2.s390x.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el7_2.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0636 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW9IAOXlSAg2UNWIIRAkrAAJwP0BBt5k5F8bjDJ7VlKKYz+gvQYACbBU2A MTnSrK3VU5xaIk9HmpJe0As= =IaDv -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 25 00:02:47 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 20:02:47 -0400 Subject: [RHSA-2016:0513-01] Critical: java-1.8.0-openjdk security update Message-ID: <201603250002.u2P02led013084@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: RHSA-2016:0513-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0513.html Issue date: 2016-03-24 CVE Names: CVE-2016-0636 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1320650 - CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2.s390x.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0636 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW9IAlXlSAg2UNWIIRAt00AKC/ZFN5ES+cefKglq5iRh4hDRnvQACgjBPk HX7CmFgbQIjKE6+wKm6Ln/0= =gWff -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 25 00:03:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 20:03:07 -0400 Subject: [RHSA-2016:0514-01] Important: java-1.8.0-openjdk security update Message-ID: <201603250003.u2P037Iu011625@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2016:0514-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0514.html Issue date: 2016-03-24 CVE Names: CVE-2016-0636 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1320650 - CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.src.rpm i386: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0636 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW9IA5XlSAg2UNWIIRAoHfAJ0YgqCXM5S5IbwPMhnsUzgYPaXphwCdEpWe 2yUqeKUK0d3ev6xBZat4g/I= =wPeP -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 25 00:03:29 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 20:03:29 -0400 Subject: [RHSA-2016:0515-01] Critical: java-1.7.0-oracle security update Message-ID: <201603250003.u2P03TQl013318@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2016:0515-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0515.html Issue date: 2016-03-24 CVE Names: CVE-2016-0636 ===================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 7 Update 99. Security Fix(es): This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1320650 - CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.7.0-oracle-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.i686.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el6_7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.99-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.99-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0636 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW9IBPXlSAg2UNWIIRAh+iAJ0a6UI14rEhcKBDR7e8aXIJHkVgRACfe1mr UalrRX9yzykDR5CQwspmU0E= =zUqo -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 25 00:03:46 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Mar 2016 20:03:46 -0400 Subject: [RHSA-2016:0516-01] Critical: java-1.8.0-oracle security update Message-ID: <201603250003.u2P03kLM011832@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2016:0516-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0516.html Issue date: 2016-03-24 CVE Names: CVE-2016-0636 ===================================================================== 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 8 Update 77. Security Fix(es): This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1320650 - CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation: i386: java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7.i686.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.8.0-oracle-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0636 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW9IBhXlSAg2UNWIIRAgtrAJ0VkjvG5Nv3v9bHhYZyEOjaz6Eo3ACePar/ dCvepzQePweKKk9JrzgjmaM= =QLdo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 30 01:33:44 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Mar 2016 01:33:44 +0000 Subject: [RHSA-2016:0523-01] Important: openvswitch security update Message-ID: <201603300133.u2U1XsxF005855@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openvswitch security update Advisory ID: RHSA-2016:0523-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0523.html Issue date: 2016-03-30 CVE Names: CVE-2016-2074 ===================================================================== 1. Summary: An update for openvswitch is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix(es): * A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. (CVE-2016-2074) Red Hat would like to thank the Open vSwitch project for reporting this issue. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openvswitch-2.4.0-2.el7_2.src.rpm noarch: python-openvswitch-2.4.0-2.el7_2.noarch.rpm x86_64: openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW+yyTXlSAg2UNWIIRAn1wAJ43zGCBuvVz7MyD8pYvbs0yZKV0cgCgkK5y KyMNZaaSRsuWNrjBEjryr0E= =xL98 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 30 01:36:55 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Mar 2016 01:36:55 +0000 Subject: [RHSA-2016:0524-01] Important: openvswitch security update Message-ID: <201603300136.u2U1auoB020687@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openvswitch security update Advisory ID: RHSA-2016:0524-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0524.html Issue date: 2016-03-30 CVE Names: CVE-2016-2074 ===================================================================== 1. Summary: An update for openvswitch is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix(es): * A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. (CVE-2016-2074) Red Hat would like to thank the Open vSwitch project for reporting this issue. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openvswitch-2.4.0-2.el7_2.src.rpm noarch: python-openvswitch-2.4.0-2.el7_2.noarch.rpm x86_64: openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW+y0qXlSAg2UNWIIRAvPYAJ9j+7tfLRd/vAU71VuEVGdUDfXSsACeLGqD 32OlqTWOxmveubmrVB6C2p8= =y4r9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 30 07:57:20 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Mar 2016 07:57:20 +0000 Subject: [RHSA-2016:0525-01] Important: chromium-browser security update Message-ID: <201603300757.u2U7vL3N013609@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:0525-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0525.html Issue date: 2016-03-30 CVE Names: CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 49.0.2623.108. Security Fix(es): Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1321811 - CVE-2016-1646 chromium-browser: out-of-bounds read in V8 1321812 - CVE-2016-1647 chromium-browser: use-after-free in Navigation 1321814 - CVE-2016-1648 chromium-browser: use-after-free in Extensions 1321815 - CVE-2016-1649 chromium-browser: buffer overflow in libANGLE 1321816 - CVE-2016-1650 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-49.0.2623.108-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.108-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-49.0.2623.108-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.108-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-49.0.2623.108-1.el6.i686.rpm chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm x86_64: chromium-browser-49.0.2623.108-1.el6.x86_64.rpm chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1646 https://access.redhat.com/security/cve/CVE-2016-1647 https://access.redhat.com/security/cve/CVE-2016-1648 https://access.redhat.com/security/cve/CVE-2016-1649 https://access.redhat.com/security/cve/CVE-2016-1650 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW+4bXXlSAg2UNWIIRAp43AJ9U4/wa5bGobt4+0zS0378bbUDhaQCgtvyC XldylGq02GfISlDV3QU4piw= =hvMr -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 30 20:51:59 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Mar 2016 20:51:59 +0000 Subject: [RHSA-2016:0537-01] Important: openvswitch security update Message-ID: <201603302052.u2UKq0Lw026861@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openvswitch security update Advisory ID: RHSA-2016:0537-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0537.html Issue date: 2016-03-30 CVE Names: CVE-2016-2074 ===================================================================== 1. Summary: An update for openvswitch is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix(es): * A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. (CVE-2016-2074) Red Hat would like to thank the Open vSwitch project for reporting this issue. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openvswitch-2.4.0-2.el7_2.src.rpm openvswitch-dpdk-2.4.0-0.10346.git97bab959.3.el7_2.src.rpm noarch: python-openvswitch-2.4.0-2.el7_2.noarch.rpm x86_64: openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm openvswitch-dpdk-2.4.0-0.10346.git97bab959.3.el7_2.x86_64.rpm openvswitch-dpdk-debuginfo-2.4.0-0.10346.git97bab959.3.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/DxbXlSAg2UNWIIRAliQAJ9x2r8+3bKk54bwf4BWcq8FJjLGTgCgrUTp hEpb9aQWfzxRzsu9TWpjQNk= =DolP -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 31 19:31:29 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Mar 2016 19:31:29 +0000 Subject: [RHSA-2016:0561-01] Low: Red Hat Enterprise Linux 5 One-Year Retirement Notice Message-ID: <201603311931.u2VJVU85003628@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5 One-Year Retirement Notice Advisory ID: RHSA-2016:0561-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0561.html Issue date: 2016-03-31 ===================================================================== 1. Summary: This is the One-Year notification for the retirement of Red Hat Enterprise Linux 5. This notification applies only to those customers subscribed to the channel for Red Hat Enterprise Linux 5. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released (RHEL 4, RHEL 5, etc.) content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (search for "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. Note that the RHEL 5 ELS Add-On is available for the x86 (32 and 64-bit), IBM Power Big Endian, and z Systems architectures. The RHEL 5 ELS Add-On is not available for the Itanium architecture. To take advantage of a more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: redhat-release-5Client-5.11.0.3.src.rpm i386: redhat-release-5Client-5.11.0.3.i386.rpm x86_64: redhat-release-5Client-5.11.0.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: redhat-release-5Server-5.11.0.3.src.rpm i386: redhat-release-5Server-5.11.0.3.i386.rpm ia64: redhat-release-5Server-5.11.0.3.ia64.rpm ppc: redhat-release-5Server-5.11.0.3.ppc.rpm s390x: redhat-release-5Server-5.11.0.3.s390x.rpm x86_64: redhat-release-5Server-5.11.0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/Xr+XlSAg2UNWIIRAuRsAJ41czsSo2mHsa2knFvyUPHQ+3BY7wCdGNXf qWU7PfncjNxCpxR8EZpbgcU= =epzi -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 31 19:32:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Mar 2016 19:32:16 +0000 Subject: [RHSA-2016:0560-01] Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support One-year Notice Message-ID: <201603311932.u2VJWGUA004067@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support One-year Notice Advisory ID: RHSA-2016:0560-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0560.html Issue date: 2016-03-31 ===================================================================== 1. Summary: This is the one-year notification for the retirement of Red Hat Enterprise Linux 4 Extended Life Cycle Support (ELS). This notice applies only to those customers subscribed to the Extended Life Cycle Support (ELS) channel for Red Hat Enterprise Linux 4 in the Customer Portal. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017. In addition, on-going technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: redhat-release-4AS-10.12.src.rpm i386: redhat-release-4AS-10.12.i386.rpm ia64: redhat-release-4AS-10.12.ia64.rpm x86_64: redhat-release-4AS-10.12.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: redhat-release-4ES-10.12.src.rpm i386: redhat-release-4ES-10.12.i386.rpm x86_64: redhat-release-4ES-10.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/XspXlSAg2UNWIIRAtWcAKCidU1yHKqS2NuO0gLskXtp/YyHMACgk9Q9 v9ff0+Etd4+eOC2eyRTwZho= =RND8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 31 19:33:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Mar 2016 19:33:10 +0000 Subject: [RHSA-2016:0559-01] Low: Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC) One-year Notice Message-ID: <201603311933.u2VJXATk005357@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC) One-year Notice Advisory ID: RHSA-2016:0559-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0559.html Issue date: 2016-03-31 ===================================================================== 1. Summary: This is the One-Year notification for the retirement of Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 5.6. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.6 server) - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.6 will be retired as of March 31, 2017, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 AMC after March 31, 2017. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 5.6 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Long Life (v. 5.6 server): Source: redhat-release-5Server-5.6.0.10.src.rpm i386: redhat-release-5Server-5.6.0.10.i386.rpm ia64: redhat-release-5Server-5.6.0.10.ia64.rpm x86_64: redhat-release-5Server-5.6.0.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/XtVXlSAg2UNWIIRAvmkAKC4J3TBc/0uOjf6+1XNkQLRYv0AzACfbh8Z ak7RUhhOBG/qSWvbmrGNvMI= =PLjA -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 31 19:34:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Mar 2016 19:34:27 +0000 Subject: [RHSA-2016:0562-01] Important: bind security update Message-ID: <201603311934.u2VJYSW4006175@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:0562-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0562.html Issue date: 2016-03-31 CVE Names: CVE-2016-1285 CVE-2016-1286 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) * A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1315674 - CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure 1315680 - CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: bind-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.8.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.8.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.8.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.3.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.3.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.3.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.5.src.rpm i386: bind-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-utils-9.8.2-0.30.rc1.el6_6.5.i686.rpm ppc64: bind-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.ppc.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm s390x: bind-9.8.2-0.30.rc1.el6_6.5.s390x.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.5.s390x.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.s390x.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.s390.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.s390x.rpm bind-utils-9.8.2-0.30.rc1.el6_6.5.s390x.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.8.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.8.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.8.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.8.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.3.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.3.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.3.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.5.i686.rpm ppc64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.ppc.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.5.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.s390x.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.s390.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.s390x.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.5.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1285 https://access.redhat.com/security/cve/CVE-2016-1286 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01352 https://kb.isc.org/article/AA-01353 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW/XulXlSAg2UNWIIRAo0gAJ9QgOWmTbIF/uTNnU77772zYrAmTgCfSrXc QKZbwzrdCz3Hrhm4LdQUoQI= =VGuA -----END PGP SIGNATURE-----