From bugzilla at redhat.com Mon May 2 13:42:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 May 2016 13:42:16 +0000 Subject: [RHSA-2016:0705-01] Critical: rh-mysql56-mysql security update Message-ID: <201605021342.u42DgG0S030652@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rh-mysql56-mysql security update Advisory ID: RHSA-2016:0705-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0705.html Issue date: 2016-05-02 CVE Names: CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4870 CVE-2015-4890 CVE-2015-4910 CVE-2015-4913 CVE-2016-0503 CVE-2016-0504 CVE-2016-0505 CVE-2016-0546 CVE-2016-0595 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0605 CVE-2016-0606 CVE-2016-0607 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0611 CVE-2016-0639 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0661 CVE-2016-0665 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 ===================================================================== 1. Summary: An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql (5.6.30). Security Fix(es): * This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4870, CVE-2015-4890, CVE-2015-4910, CVE-2015-4913, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0655, CVE-2016-0661, CVE-2016-0665, CVE-2016-0666, CVE-2016-0668, CVE-2016-2047) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1274752 - CVE-2015-4792 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274754 - CVE-2015-4800 mysql: unspecified vulnerability related to Server:Optimizer (CPU October 2015) 1274756 - CVE-2015-4802 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274759 - CVE-2015-4815 mysql: unspecified vulnerability related to Server:DDL (CPU October 2015) 1274766 - CVE-2015-4826 mysql: unspecified vulnerability related to Server:Types (CPU October 2015) 1274767 - CVE-2015-4830 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015) 1274771 - CVE-2015-4836 mysql: unspecified vulnerability related to Server:SP (CPU October 2015) 1274773 - CVE-2015-4858 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274776 - CVE-2015-4861 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274778 - CVE-2015-4862 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274781 - CVE-2015-4870 mysql: unspecified vulnerability related to Server:Parser (CPU October 2015) 1274785 - CVE-2015-4890 mysql: unspecified vulnerability related to Server:Replication (CPU October 2015) 1274792 - CVE-2015-4910 mysql: unspecified vulnerability related to Server:Memcached (CPU October 2015) 1274794 - CVE-2015-4913 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1301490 - CVE-2016-0503 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301491 - CVE-2016-0504 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301492 - CVE-2016-0505 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU January 2016) 1301493 - CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016) 1301495 - CVE-2016-0595 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301496 - CVE-2016-0596 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301497 - CVE-2016-0597 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301498 - CVE-2016-0598 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301501 - CVE-2016-0600 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016) 1301503 - CVE-2016-0605 mysql: unspecified vulnerability in subcomponent: Server: General (CPU January 2016) 1301504 - CVE-2016-0606 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016) 1301505 - CVE-2016-0607 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU January 2016) 1301506 - CVE-2016-0608 mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016) 1301507 - CVE-2016-0609 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU January 2016) 1301508 - CVE-2016-0610 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016) 1301509 - CVE-2016-0611 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301874 - CVE-2016-2047 mysql: ssl-validate-cert incorrect hostname check 1329238 - CVE-2016-0639 mysql: unspecified vulnerability in subcomponent: Server: Pluggable Authentication (CPU April 2016) 1329239 - CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329241 - CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016) 1329243 - CVE-2016-0642 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016) 1329245 - CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329247 - CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016) 1329248 - CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329249 - CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016) 1329251 - CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329252 - CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329253 - CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016) 1329259 - CVE-2016-0655 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU April 2016) 1329266 - CVE-2016-0661 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU April 2016) 1329269 - CVE-2016-0665 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU April 2016) 1329270 - CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016) 1329273 - CVE-2016-0668 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU April 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mysql56-mysql-5.6.30-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mysql56-mysql-5.6.30-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mysql56-mysql-5.6.30-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mysql56-mysql-5.6.30-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mysql56-mysql-5.6.30-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mysql56-mysql-5.6.30-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-mysql56-mysql-5.6.30-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mysql56-mysql-5.6.30-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.30-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.30-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4792 https://access.redhat.com/security/cve/CVE-2015-4800 https://access.redhat.com/security/cve/CVE-2015-4802 https://access.redhat.com/security/cve/CVE-2015-4815 https://access.redhat.com/security/cve/CVE-2015-4826 https://access.redhat.com/security/cve/CVE-2015-4830 https://access.redhat.com/security/cve/CVE-2015-4836 https://access.redhat.com/security/cve/CVE-2015-4858 https://access.redhat.com/security/cve/CVE-2015-4861 https://access.redhat.com/security/cve/CVE-2015-4862 https://access.redhat.com/security/cve/CVE-2015-4870 https://access.redhat.com/security/cve/CVE-2015-4890 https://access.redhat.com/security/cve/CVE-2015-4910 https://access.redhat.com/security/cve/CVE-2015-4913 https://access.redhat.com/security/cve/CVE-2016-0503 https://access.redhat.com/security/cve/CVE-2016-0504 https://access.redhat.com/security/cve/CVE-2016-0505 https://access.redhat.com/security/cve/CVE-2016-0546 https://access.redhat.com/security/cve/CVE-2016-0595 https://access.redhat.com/security/cve/CVE-2016-0596 https://access.redhat.com/security/cve/CVE-2016-0597 https://access.redhat.com/security/cve/CVE-2016-0598 https://access.redhat.com/security/cve/CVE-2016-0600 https://access.redhat.com/security/cve/CVE-2016-0605 https://access.redhat.com/security/cve/CVE-2016-0606 https://access.redhat.com/security/cve/CVE-2016-0607 https://access.redhat.com/security/cve/CVE-2016-0608 https://access.redhat.com/security/cve/CVE-2016-0609 https://access.redhat.com/security/cve/CVE-2016-0610 https://access.redhat.com/security/cve/CVE-2016-0611 https://access.redhat.com/security/cve/CVE-2016-0639 https://access.redhat.com/security/cve/CVE-2016-0640 https://access.redhat.com/security/cve/CVE-2016-0641 https://access.redhat.com/security/cve/CVE-2016-0642 https://access.redhat.com/security/cve/CVE-2016-0643 https://access.redhat.com/security/cve/CVE-2016-0644 https://access.redhat.com/security/cve/CVE-2016-0646 https://access.redhat.com/security/cve/CVE-2016-0647 https://access.redhat.com/security/cve/CVE-2016-0648 https://access.redhat.com/security/cve/CVE-2016-0649 https://access.redhat.com/security/cve/CVE-2016-0650 https://access.redhat.com/security/cve/CVE-2016-0655 https://access.redhat.com/security/cve/CVE-2016-0661 https://access.redhat.com/security/cve/CVE-2016-0665 https://access.redhat.com/security/cve/CVE-2016-0666 https://access.redhat.com/security/cve/CVE-2016-0668 https://access.redhat.com/security/cve/CVE-2016-2047 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXJ1kbXlSAg2UNWIIRAi1MAKCRkGoTroDM4XPJhey1SzmtagnBKQCfZ/Ca t+iHxa6pQxswQ7ftTaJa3zM= =Ch2/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 2 13:43:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 May 2016 13:43:13 +0000 Subject: [RHSA-2016:0706-01] Important: mercurial security update Message-ID: <201605021343.u42DhEHx031691@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mercurial security update Advisory ID: RHSA-2016:0706-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0706.html Issue date: 2016-05-02 CVE Names: CVE-2016-3068 CVE-2016-3069 ===================================================================== 1. Summary: An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix(es): * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. (CVE-2016-3068) * It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. (CVE-2016-3069) Red Hat would like to thank Blake Burkhart for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1319768 - CVE-2016-3068 mercurial: command injection via git subrepository urls 1320155 - CVE-2016-3069 mercurial: convert extension command injection via git repository names 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: mercurial-2.6.2-6.el7_2.src.rpm x86_64: emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm mercurial-2.6.2-6.el7_2.x86_64.rpm mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: mercurial-2.6.2-6.el7_2.src.rpm x86_64: emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm mercurial-2.6.2-6.el7_2.x86_64.rpm mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mercurial-2.6.2-6.el7_2.src.rpm ppc64: mercurial-2.6.2-6.el7_2.ppc64.rpm mercurial-debuginfo-2.6.2-6.el7_2.ppc64.rpm ppc64le: mercurial-2.6.2-6.el7_2.ppc64le.rpm mercurial-debuginfo-2.6.2-6.el7_2.ppc64le.rpm s390x: mercurial-2.6.2-6.el7_2.s390x.rpm mercurial-debuginfo-2.6.2-6.el7_2.s390x.rpm x86_64: mercurial-2.6.2-6.el7_2.x86_64.rpm mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: emacs-mercurial-2.6.2-6.el7_2.ppc64.rpm emacs-mercurial-el-2.6.2-6.el7_2.ppc64.rpm mercurial-debuginfo-2.6.2-6.el7_2.ppc64.rpm mercurial-hgk-2.6.2-6.el7_2.ppc64.rpm ppc64le: emacs-mercurial-2.6.2-6.el7_2.ppc64le.rpm emacs-mercurial-el-2.6.2-6.el7_2.ppc64le.rpm mercurial-debuginfo-2.6.2-6.el7_2.ppc64le.rpm mercurial-hgk-2.6.2-6.el7_2.ppc64le.rpm s390x: emacs-mercurial-2.6.2-6.el7_2.s390x.rpm emacs-mercurial-el-2.6.2-6.el7_2.s390x.rpm mercurial-debuginfo-2.6.2-6.el7_2.s390x.rpm mercurial-hgk-2.6.2-6.el7_2.s390x.rpm x86_64: emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mercurial-2.6.2-6.el7_2.src.rpm x86_64: mercurial-2.6.2-6.el7_2.x86_64.rpm mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3068 https://access.redhat.com/security/cve/CVE-2016-3069 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXJ1lbXlSAg2UNWIIRAgnkAKCfmYBBOazfHnHmM2z26lie5IBY/QCbBwIs MZo3DbOhi9A9aIybMw+jm0o= =WCyY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 2 13:46:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 May 2016 13:46:22 +0000 Subject: [RHSA-2016:0707-01] Important: chromium-browser security update Message-ID: <201605021346.u42DkNpV026113@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:0707-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0707.html Issue date: 2016-05-02 CVE Names: CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 50.0.2661.94. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1660, CVE-2016-1661, CVE-2016-1662, CVE-2016-1663, CVE-2016-1666, CVE-2016-1664, CVE-2016-1665) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331635 - CVE-2016-1660 chromium-browser: out-of-bounds write in blink 1331636 - CVE-2016-1661 chromium-browser: memory corruption in cross-process frames 1331637 - CVE-2016-1662 chromium-browser: use-after-free in extensions 1331638 - CVE-2016-1663 chromium-browser: use-after-free in blink's v8 bindings 1331639 - CVE-2016-1664 chromium-browser: address bar spoofing 1331640 - CVE-2016-1665 chromium-browser: information leak in v8 1331642 - CVE-2016-1666 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-50.0.2661.94-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.94-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.94-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.94-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-50.0.2661.94-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.94-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.94-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.94-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-50.0.2661.94-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.94-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.94-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.94-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1660 https://access.redhat.com/security/cve/CVE-2016-1661 https://access.redhat.com/security/cve/CVE-2016-1662 https://access.redhat.com/security/cve/CVE-2016-1663 https://access.redhat.com/security/cve/CVE-2016-1664 https://access.redhat.com/security/cve/CVE-2016-1665 https://access.redhat.com/security/cve/CVE-2016-1666 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXJ1oSXlSAg2UNWIIRAvTEAJ423okITxvy0xAVHaeqyAkJVtiUwgCfdG1H riVPeT+r9Tb50zPQ5eYHFwE= =q53I -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 2 13:47:15 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 May 2016 13:47:15 +0000 Subject: [RHSA-2016:0708-01] Critical: java-1.6.0-ibm security update Message-ID: <201605021347.u42DlGIx026865@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2016:0708-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0708.html Issue date: 2016-05-02 CVE Names: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP25. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1324044 - CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1330986 - CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix 1331359 - CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.25-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.ppc64.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el6_7.i686.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.25-1jpp.1.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0264 https://access.redhat.com/security/cve/CVE-2016-0363 https://access.redhat.com/security/cve/CVE-2016-0376 https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXJ1pMXlSAg2UNWIIRAvB5AJ431i57UmRo5mAI+bS5YTl3WRZKGQCglPOZ S/6TWOotTecoOJM8PstBHWA= =zd5C -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 3 15:53:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 May 2016 15:53:04 +0000 Subject: [RHSA-2016:0711-01] Important: jenkins security update Message-ID: <201605031553.u43Fr5sE017803@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: jenkins security update Advisory ID: RHSA-2016:0711-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:0711 Issue date: 2016-05-03 CVE Names: CVE-2016-0788 CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 CVE-2016-0792 ===================================================================== 1. Summary: An updated Jenkins package and image that include a security fix are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix(es): The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution. (CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792) Refer to the changelog listed in the References section for a list of changes. This update includes the following image: openshift3/jenkins-1-rhel7:1.642-30 All OpenShift Enterprise 3.1 users are advised to upgrade to the updated package and image. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The Red Hat Enterprise Linux container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "docker pull" command. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. The packages in this update are available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1311946 - CVE-2016-0788 jenkins: Remote code execution vulnerability in remoting module (SECURITY-232) 1311947 - CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238) 1311948 - CVE-2016-0790 jenkins: Non-constant time comparison of API token (SECURITY-241) 1311949 - CVE-2016-0791 jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245) 1311950 - CVE-2016-0792 jenkins: Remote code execution through remote API (SECURITY-247) 1324664 - Update openshift jenkins images for CVE-2016-0788 CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 CVE-2016-0792 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: jenkins-1.642.2-1.el7.src.rpm jenkins-plugin-credentials-1.24-2.el7.src.rpm jenkins-plugin-durable-task-1.7-1.el7.src.rpm jenkins-plugin-kubernetes-0.5-1.el7.src.rpm jenkins-plugin-openshift-pipeline-1.0.9-1.el7.src.rpm noarch: jenkins-1.642.2-1.el7.noarch.rpm x86_64: jenkins-plugin-credentials-1.24-2.el7.x86_64.rpm jenkins-plugin-durable-task-1.7-1.el7.x86_64.rpm jenkins-plugin-kubernetes-0.5-1.el7.x86_64.rpm jenkins-plugin-openshift-pipeline-1.0.9-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0788 https://access.redhat.com/security/cve/CVE-2016-0789 https://access.redhat.com/security/cve/CVE-2016-0790 https://access.redhat.com/security/cve/CVE-2016-0791 https://access.redhat.com/security/cve/CVE-2016-0792 https://access.redhat.com/security/updates/classification/#important https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 https://jenkins.io/changelog-stable/#v1.642.2 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXKMlZXlSAg2UNWIIRAmghAJ9vsRjeeNSEGt2bXQaNJiPQMoWpIQCgqy5t DgXG+/mabS+Scnd5BlE9/bs= =l9ab -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 3 20:19:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 May 2016 20:19:22 +0000 Subject: [RHSA-2016:0716-01] Critical: java-1.8.0-ibm security update Message-ID: <201605032019.u43KJMTE015269@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2016:0716-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0716.html Issue date: 2016-05-03 CVE Names: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1324044 - CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1330986 - CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix 1331359 - CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.ppc.rpm java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.ppc.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.s390.rpm java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.s390.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0264 https://access.redhat.com/security/cve/CVE-2016-0363 https://access.redhat.com/security/cve/CVE-2016-0376 https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXKQdpXlSAg2UNWIIRAqNhAJ9D4IY1jeB09Ms+q0Kxwmc4qM/rTgCfdOf5 vD0xzBMjsCKm+OmhwLBedzE= =QWX2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 4 08:08:48 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 May 2016 08:08:48 +0000 Subject: [RHSA-2016:0715-01] Moderate: kernel security, bug fix, and enhancement update Message-ID: <201605040807.u4487qYd013824@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:0715-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0715.html Issue date: 2016-05-03 CVE Names: CVE-2015-5157 CVE-2015-8767 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. (CVE-2015-8767, Moderate) Bug Fix(es): * When the nvme driver held the queue lock for too long, for example during DMA mapping, a lockup occurred leading to nvme hard-lockup panic. This update fixes the underlying source code, and nvme now works as expected.(BZ#1314209) * Due to a regression, a Unix domain datagram socket could come to a deadlock when sending a datagram to itself. The provided patch adds another "sk" check to the unix_dgram_sendmsg() function, and the aforementioned deadlock no longer occurs. (BZ#1315696) * Previously, writing a large file using direct I/O in 16 MB chunks sometimes caused a pathological allocation pattern where 16 MB chunks of large free extent were allocated to a file in reversed order. The provided patch avoids the backward allocation, and writing a large file using direct I/O now proceeds successfully. (BZ#1320031) * MD RAID1 devices that repeatedly became hot removed and re-added could become mismatched due to a race condition. This caused them to return stale data, leading to data corruption. The provided set of patches fixes this bug, and hot removals and re-additions of md devices now work as expected. (BZ#1320863) * A couple of previous fixes caused a deadlock on the "rq" lock leading to a kernel panic on CPU 0. The provided set of patches reverts the relevant commits, thus preventing the panic from occurring. (BZ#1326043) Enhancement(s): * VLAN support has been updated to integrate some of the latest upstream features. This update also makes sure that Null pointer crashes related to VLAN support in bonding mode no longer occur and that tag stripping and insertion work as expected. (BZ#1315706) * This update adds additional model numbers for Broadwell to perf. (BZ#1320035) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1259577 - CVE-2015-5157 kernel: x86-64: IRET faults during NMIs processing 1297389 - CVE-2015-8767 kernel: SCTP denial of service during timeout 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-573.26.1.el6.src.rpm i386: kernel-2.6.32-573.26.1.el6.i686.rpm kernel-debug-2.6.32-573.26.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm kernel-devel-2.6.32-573.26.1.el6.i686.rpm kernel-headers-2.6.32-573.26.1.el6.i686.rpm perf-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.26.1.el6.noarch.rpm kernel-doc-2.6.32-573.26.1.el6.noarch.rpm kernel-firmware-2.6.32-573.26.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.26.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm kernel-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-headers-2.6.32-573.26.1.el6.x86_64.rpm perf-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-573.26.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.26.1.el6.noarch.rpm kernel-doc-2.6.32-573.26.1.el6.noarch.rpm kernel-firmware-2.6.32-573.26.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.26.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm kernel-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-headers-2.6.32-573.26.1.el6.x86_64.rpm perf-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-573.26.1.el6.src.rpm i386: kernel-2.6.32-573.26.1.el6.i686.rpm kernel-debug-2.6.32-573.26.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm kernel-devel-2.6.32-573.26.1.el6.i686.rpm kernel-headers-2.6.32-573.26.1.el6.i686.rpm perf-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.26.1.el6.noarch.rpm kernel-doc-2.6.32-573.26.1.el6.noarch.rpm kernel-firmware-2.6.32-573.26.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.26.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.26.1.el6.ppc64.rpm kernel-debug-2.6.32-573.26.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.26.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.26.1.el6.ppc64.rpm kernel-devel-2.6.32-573.26.1.el6.ppc64.rpm kernel-headers-2.6.32-573.26.1.el6.ppc64.rpm perf-2.6.32-573.26.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.26.1.el6.s390x.rpm kernel-debug-2.6.32-573.26.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.26.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.26.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.26.1.el6.s390x.rpm kernel-devel-2.6.32-573.26.1.el6.s390x.rpm kernel-headers-2.6.32-573.26.1.el6.s390x.rpm kernel-kdump-2.6.32-573.26.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.26.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.26.1.el6.s390x.rpm perf-2.6.32-573.26.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.26.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.26.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm kernel-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-headers-2.6.32-573.26.1.el6.x86_64.rpm perf-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.26.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm python-perf-2.6.32-573.26.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.26.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.26.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.26.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.26.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.26.1.el6.s390x.rpm python-perf-2.6.32-573.26.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-573.26.1.el6.src.rpm i386: kernel-2.6.32-573.26.1.el6.i686.rpm kernel-debug-2.6.32-573.26.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm kernel-devel-2.6.32-573.26.1.el6.i686.rpm kernel-headers-2.6.32-573.26.1.el6.i686.rpm perf-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.26.1.el6.noarch.rpm kernel-doc-2.6.32-573.26.1.el6.noarch.rpm kernel-firmware-2.6.32-573.26.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.26.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm kernel-devel-2.6.32-573.26.1.el6.x86_64.rpm kernel-headers-2.6.32-573.26.1.el6.x86_64.rpm perf-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.26.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.26.1.el6.i686.rpm perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm python-perf-2.6.32-573.26.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.26.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm python-perf-2.6.32-573.26.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.26.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5157 https://access.redhat.com/security/cve/CVE-2015-8767 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXKa2dXlSAg2UNWIIRAqFwAKCGEt1RGmXrlgZrFsZH411coaR24QCffEES GDFwRm1xSMiHy+bOHnCWWBY= =Q1R+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 9 09:33:26 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 May 2016 09:33:26 +0000 Subject: [RHSA-2016:0722-01] Important: openssl security update Message-ID: <201605090933.u499XTCE032569@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B?ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 9 14:23:31 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 May 2016 14:23:31 +0000 Subject: [RHSA-2016:0723-01] Critical: java-1.6.0-openjdk security update Message-ID: <201605091423.u49ENVVa008096@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2016:0723-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0723.html Issue date: 2016-05-09 CVE Names: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 ===================================================================== 1. Summary: An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328022 - CVE-2016-0695 OpenJDK: insufficient DSA key parameters checks (Security, 8138593) 1328040 - CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2.s390x.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-0695 https://access.redhat.com/security/cve/CVE-2016-3425 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMJ1AXlSAg2UNWIIRAr+UAJ96l/JsxcEA2YpE/fVc9djR2YOKxwCfdylU AsFykZXpyIuhSFET9ou5lyo= =hz1W -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 9 18:05:12 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 May 2016 14:05:12 -0400 Subject: [RHSA-2016:0726-01] Important: ImageMagick security update Message-ID: <201605091805.u49I5Cbn011622@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ImageMagick security update Advisory ID: RHSA-2016:0726-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0726.html Issue date: 2016-05-09 CVE Names: CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 ===================================================================== 1. Summary: An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es): * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-3714) * It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717) * A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718) Note: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1332492 - CVE-2016-3714 ImageMagick: Insufficient shell characters filtering 1332500 - CVE-2016-3715 ImageMagick: File deletion 1332504 - CVE-2016-3716 ImageMagick: File moving 1332505 - CVE-2016-3717 ImageMagick: Local file read 1332802 - CVE-2016-3718 ImageMagick: SSRF vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ImageMagick-6.7.2.7-4.el6_7.src.rpm i386: ImageMagick-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm x86_64: ImageMagick-6.7.2.7-4.el6_7.i686.rpm ImageMagick-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-c++-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ImageMagick-c++-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-doc-6.7.2.7-4.el6_7.i686.rpm ImageMagick-perl-6.7.2.7-4.el6_7.i686.rpm x86_64: ImageMagick-c++-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-doc-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-perl-6.7.2.7-4.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ImageMagick-6.7.2.7-4.el6_7.src.rpm x86_64: ImageMagick-6.7.2.7-4.el6_7.i686.rpm ImageMagick-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-c++-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-doc-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-perl-6.7.2.7-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ImageMagick-6.7.2.7-4.el6_7.src.rpm i386: ImageMagick-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ppc64: ImageMagick-6.7.2.7-4.el6_7.ppc.rpm ImageMagick-6.7.2.7-4.el6_7.ppc64.rpm ImageMagick-c++-6.7.2.7-4.el6_7.ppc64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.ppc.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.ppc64.rpm s390x: ImageMagick-6.7.2.7-4.el6_7.s390.rpm ImageMagick-6.7.2.7-4.el6_7.s390x.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.s390.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.s390x.rpm x86_64: ImageMagick-6.7.2.7-4.el6_7.i686.rpm ImageMagick-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-c++-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ImageMagick-c++-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-doc-6.7.2.7-4.el6_7.i686.rpm ImageMagick-perl-6.7.2.7-4.el6_7.i686.rpm ppc64: ImageMagick-c++-6.7.2.7-4.el6_7.ppc.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.ppc.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.ppc64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.ppc.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.ppc64.rpm ImageMagick-devel-6.7.2.7-4.el6_7.ppc.rpm ImageMagick-devel-6.7.2.7-4.el6_7.ppc64.rpm ImageMagick-doc-6.7.2.7-4.el6_7.ppc64.rpm ImageMagick-perl-6.7.2.7-4.el6_7.ppc64.rpm s390x: ImageMagick-c++-6.7.2.7-4.el6_7.s390.rpm ImageMagick-c++-6.7.2.7-4.el6_7.s390x.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.s390.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.s390x.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.s390.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.s390x.rpm ImageMagick-devel-6.7.2.7-4.el6_7.s390.rpm ImageMagick-devel-6.7.2.7-4.el6_7.s390x.rpm ImageMagick-doc-6.7.2.7-4.el6_7.s390x.rpm ImageMagick-perl-6.7.2.7-4.el6_7.s390x.rpm x86_64: ImageMagick-c++-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-doc-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-perl-6.7.2.7-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ImageMagick-6.7.2.7-4.el6_7.src.rpm i386: ImageMagick-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm x86_64: ImageMagick-6.7.2.7-4.el6_7.i686.rpm ImageMagick-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-c++-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ImageMagick-c++-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-doc-6.7.2.7-4.el6_7.i686.rpm ImageMagick-perl-6.7.2.7-4.el6_7.i686.rpm x86_64: ImageMagick-c++-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-c++-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.i686.rpm ImageMagick-debuginfo-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-devel-6.7.2.7-4.el6_7.i686.rpm ImageMagick-devel-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-doc-6.7.2.7-4.el6_7.x86_64.rpm ImageMagick-perl-6.7.2.7-4.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ImageMagick-6.7.8.9-13.el7_2.src.rpm x86_64: ImageMagick-6.7.8.9-13.el7_2.i686.rpm ImageMagick-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-c++-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.i686.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: ImageMagick-c++-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.i686.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-doc-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-perl-6.7.8.9-13.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: ImageMagick-6.7.8.9-13.el7_2.src.rpm x86_64: ImageMagick-6.7.8.9-13.el7_2.i686.rpm ImageMagick-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-c++-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.i686.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-doc-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-perl-6.7.8.9-13.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ImageMagick-6.7.8.9-13.el7_2.src.rpm ppc64: ImageMagick-6.7.8.9-13.el7_2.ppc.rpm ImageMagick-6.7.8.9-13.el7_2.ppc64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.ppc.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.ppc64.rpm ImageMagick-perl-6.7.8.9-13.el7_2.ppc64.rpm ppc64le: ImageMagick-6.7.8.9-13.el7_2.ppc64le.rpm ImageMagick-c++-6.7.8.9-13.el7_2.ppc64le.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.ppc64le.rpm ImageMagick-perl-6.7.8.9-13.el7_2.ppc64le.rpm s390x: ImageMagick-6.7.8.9-13.el7_2.s390.rpm ImageMagick-6.7.8.9-13.el7_2.s390x.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.s390.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.s390x.rpm ImageMagick-perl-6.7.8.9-13.el7_2.s390x.rpm x86_64: ImageMagick-6.7.8.9-13.el7_2.i686.rpm ImageMagick-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-c++-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.i686.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-perl-6.7.8.9-13.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: ImageMagick-c++-6.7.8.9-13.el7_2.ppc.rpm ImageMagick-c++-6.7.8.9-13.el7_2.ppc64.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.ppc.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.ppc64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.ppc.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.ppc64.rpm ImageMagick-devel-6.7.8.9-13.el7_2.ppc.rpm ImageMagick-devel-6.7.8.9-13.el7_2.ppc64.rpm ImageMagick-doc-6.7.8.9-13.el7_2.ppc64.rpm ppc64le: ImageMagick-c++-devel-6.7.8.9-13.el7_2.ppc64le.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.ppc64le.rpm ImageMagick-devel-6.7.8.9-13.el7_2.ppc64le.rpm ImageMagick-doc-6.7.8.9-13.el7_2.ppc64le.rpm s390x: ImageMagick-c++-6.7.8.9-13.el7_2.s390.rpm ImageMagick-c++-6.7.8.9-13.el7_2.s390x.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.s390.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.s390x.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.s390.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.s390x.rpm ImageMagick-devel-6.7.8.9-13.el7_2.s390.rpm ImageMagick-devel-6.7.8.9-13.el7_2.s390x.rpm ImageMagick-doc-6.7.8.9-13.el7_2.s390x.rpm x86_64: ImageMagick-c++-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.i686.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-doc-6.7.8.9-13.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ImageMagick-6.7.8.9-13.el7_2.src.rpm x86_64: ImageMagick-6.7.8.9-13.el7_2.i686.rpm ImageMagick-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-c++-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.i686.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-perl-6.7.8.9-13.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: ImageMagick-c++-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-c++-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.i686.rpm ImageMagick-debuginfo-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-devel-6.7.8.9-13.el7_2.i686.rpm ImageMagick-devel-6.7.8.9-13.el7_2.x86_64.rpm ImageMagick-doc-6.7.8.9-13.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3714 https://access.redhat.com/security/cve/CVE-2016-3715 https://access.redhat.com/security/cve/CVE-2016-3716 https://access.redhat.com/security/cve/CVE-2016-3717 https://access.redhat.com/security/cve/CVE-2016-3718 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMNFVXlSAg2UNWIIRAvZ1AKCBJ9a4QBVN2v3AGApIA+saeaa3BQCgr4Nw 9sg8GZjFwNUqOcZ3mmXbpUI= =kR2o -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 9 18:36:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 May 2016 18:36:17 +0000 Subject: [RHSA-2016:0724-01] Important: qemu-kvm security update Message-ID: <201605091836.u49IaIeE020904@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2016:0724-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0724.html Issue date: 2016-05-09 CVE Names: CVE-2016-3710 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.4.src.rpm x86_64: libcacard-1.5.3-105.el7_2.4.i686.rpm libcacard-1.5.3-105.el7_2.4.x86_64.rpm qemu-img-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-105.el7_2.4.i686.rpm libcacard-devel-1.5.3-105.el7_2.4.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.4.src.rpm x86_64: libcacard-1.5.3-105.el7_2.4.i686.rpm libcacard-1.5.3-105.el7_2.4.x86_64.rpm libcacard-devel-1.5.3-105.el7_2.4.i686.rpm libcacard-devel-1.5.3-105.el7_2.4.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.4.x86_64.rpm qemu-img-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.4.src.rpm ppc64: qemu-img-1.5.3-105.el7_2.4.ppc64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.ppc64.rpm ppc64le: qemu-img-1.5.3-105.el7_2.4.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.ppc64le.rpm x86_64: libcacard-1.5.3-105.el7_2.4.i686.rpm libcacard-1.5.3-105.el7_2.4.x86_64.rpm qemu-img-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcacard-1.5.3-105.el7_2.4.ppc.rpm libcacard-1.5.3-105.el7_2.4.ppc64.rpm libcacard-devel-1.5.3-105.el7_2.4.ppc.rpm libcacard-devel-1.5.3-105.el7_2.4.ppc64.rpm libcacard-tools-1.5.3-105.el7_2.4.ppc64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.ppc.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.ppc64.rpm ppc64le: libcacard-1.5.3-105.el7_2.4.ppc64le.rpm libcacard-devel-1.5.3-105.el7_2.4.ppc64le.rpm libcacard-tools-1.5.3-105.el7_2.4.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.ppc64le.rpm x86_64: libcacard-devel-1.5.3-105.el7_2.4.i686.rpm libcacard-devel-1.5.3-105.el7_2.4.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-105.el7_2.4.src.rpm x86_64: libcacard-1.5.3-105.el7_2.4.i686.rpm libcacard-1.5.3-105.el7_2.4.x86_64.rpm qemu-img-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-105.el7_2.4.i686.rpm libcacard-devel-1.5.3-105.el7_2.4.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMNhAXlSAg2UNWIIRAj76AKC87LVmQky3SNlziqRW8z51jZ0QCQCgrfcR TBJmGdbkrWzP8nFTFvth69c= =ba51 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 05:23:50 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 05:23:50 +0000 Subject: [RHSA-2016:0999-01] Important: qemu-kvm-rhev security update Message-ID: <201605100523.u4A5NpXa017147@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2016:0999-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0999.html Issue date: 2016-05-10 CVE Names: CVE-2016-3710 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: qemu-kvm-rhev-2.3.0-31.el7_2.13.src.rpm x86_64: libcacard-devel-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXBUXlSAg2UNWIIRAlO8AKCyAlE6sWMkWo0/E7lQz64g2Kp+WwCggF68 BP+dYgUdnmWTqbMbQyRTa/A= =fi5T -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 05:24:37 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 05:24:37 +0000 Subject: [RHSA-2016:1000-01] Important: qemu-kvm-rhev security update Message-ID: <201605100524.u4A5Oc2w008864@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1000-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1000.html Issue date: 2016-05-10 CVE Names: CVE-2016-3710 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: qemu-kvm-rhev-2.3.0-31.el7_2.13.src.rpm x86_64: libcacard-devel-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXB+XlSAg2UNWIIRAnmQAJ0QhCbVxOEM0r1/SRdaEC4LeHywZACgvI5c eHquZK+2zIxyE+ZxC8Q6iuw= =usQz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 05:25:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 05:25:10 +0000 Subject: [RHSA-2016:1001-01] Important: qemu-kvm-rhev security update Message-ID: <201605100525.u4A5PBkf017652@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1001-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1001.html Issue date: 2016-05-10 CVE Names: CVE-2016-3710 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: qemu-kvm-rhev-2.3.0-31.el7_2.13.src.rpm x86_64: libcacard-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXCnXlSAg2UNWIIRAtNNAKC1ezhzue8mfE/28sSjpCvE4jwr0wCgvMyT 4GEfknb+fO93bDet54hwwL0= =z5/D -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 05:25:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 05:25:53 +0000 Subject: [RHSA-2016:1002-01] Important: qemu-kvm-rhev security update Message-ID: <201605100525.u4A5PsXT030192@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1002-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1002.html Issue date: 2016-05-10 CVE Names: CVE-2016-3710 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: qemu-kvm-rhev-2.3.0-31.el7_2.13.src.rpm x86_64: libcacard-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXDIXlSAg2UNWIIRAlIuAKCCpsoYH/HXweOWA8QwFmYA6gL48wCguo3s GPQ2IG9JozlNPySTDo7XCCo= =HPc5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 05:39:21 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 05:39:21 +0000 Subject: [RHSA-2016:0996-01] Important: openssl security update Message-ID: <201605100539.u4A5dLOF023636@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B?ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 05:41:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 05:41:10 +0000 Subject: [RHSA-2016:0997-01] Important: qemu-kvm security update Message-ID: <201605100541.u4A5fA5a016306@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2016:0997-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0997.html Issue date: 2016-05-10 CVE Names: CVE-2016-3710 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.1.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.1.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.1.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.i686.rpm ppc64: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.ppc64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.ppc64.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.1.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXRbXlSAg2UNWIIRAtSXAJ9PBuLA2HF60tNE5GST8Fh2EuDISwCgvB1c wLZ2vEBRd+pEYszkRmKhXMY= =wKx8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 18:55:39 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 18:55:39 +0000 Subject: [RHSA-2016:0741-01] Moderate: openssh security, bug fix, and enhancement update Message-ID: <201605101855.u4AItec8006427@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2016:0741-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0741.html Issue date: 2016-05-10 CVE Names: CVE-2015-5352 CVE-2015-6563 CVE-2015-6564 CVE-2016-1908 ===================================================================== 1. Summary: An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-5352) * A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563) * A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564) * An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1211673 - [RFE] Backport Match LocalAddress from OpenSSH 6.1 (and later) 1218070 - ECDSA host key not loaded by sshd by default (inconsistent with man page) 1219820 - Lack of clarity of Match block processing and RequiredAuthentications2 limitation 1238231 - CVE-2015-5352 openssh: XSECURITY restrictions bypass under certain conditions in ssh(1) 1252844 - CVE-2015-6563 openssh: Privilege separation weakness related to PAM support 1252852 - CVE-2015-6564 openssh: Use-after-free bug related to PAM support 1298741 - CVE-2016-1908 openssh: possible fallback from untrusted to trusted X11 forwarding 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssh-5.3p1-117.el6.src.rpm i386: openssh-5.3p1-117.el6.i686.rpm openssh-askpass-5.3p1-117.el6.i686.rpm openssh-clients-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-server-5.3p1-117.el6.i686.rpm x86_64: openssh-5.3p1-117.el6.x86_64.rpm openssh-askpass-5.3p1-117.el6.x86_64.rpm openssh-clients-5.3p1-117.el6.x86_64.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-server-5.3p1-117.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-ldap-5.3p1-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-ldap-5.3p1-117.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssh-5.3p1-117.el6.src.rpm x86_64: openssh-5.3p1-117.el6.x86_64.rpm openssh-clients-5.3p1-117.el6.x86_64.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-server-5.3p1-117.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssh-askpass-5.3p1-117.el6.x86_64.rpm openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-ldap-5.3p1-117.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssh-5.3p1-117.el6.src.rpm i386: openssh-5.3p1-117.el6.i686.rpm openssh-askpass-5.3p1-117.el6.i686.rpm openssh-clients-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-server-5.3p1-117.el6.i686.rpm ppc64: openssh-5.3p1-117.el6.ppc64.rpm openssh-askpass-5.3p1-117.el6.ppc64.rpm openssh-clients-5.3p1-117.el6.ppc64.rpm openssh-debuginfo-5.3p1-117.el6.ppc64.rpm openssh-server-5.3p1-117.el6.ppc64.rpm s390x: openssh-5.3p1-117.el6.s390x.rpm openssh-askpass-5.3p1-117.el6.s390x.rpm openssh-clients-5.3p1-117.el6.s390x.rpm openssh-debuginfo-5.3p1-117.el6.s390x.rpm openssh-server-5.3p1-117.el6.s390x.rpm x86_64: openssh-5.3p1-117.el6.x86_64.rpm openssh-askpass-5.3p1-117.el6.x86_64.rpm openssh-clients-5.3p1-117.el6.x86_64.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-server-5.3p1-117.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-ldap-5.3p1-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm ppc64: openssh-debuginfo-5.3p1-117.el6.ppc.rpm openssh-debuginfo-5.3p1-117.el6.ppc64.rpm openssh-ldap-5.3p1-117.el6.ppc64.rpm pam_ssh_agent_auth-0.9.3-117.el6.ppc.rpm pam_ssh_agent_auth-0.9.3-117.el6.ppc64.rpm s390x: openssh-debuginfo-5.3p1-117.el6.s390.rpm openssh-debuginfo-5.3p1-117.el6.s390x.rpm openssh-ldap-5.3p1-117.el6.s390x.rpm pam_ssh_agent_auth-0.9.3-117.el6.s390.rpm pam_ssh_agent_auth-0.9.3-117.el6.s390x.rpm x86_64: openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-ldap-5.3p1-117.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssh-5.3p1-117.el6.src.rpm i386: openssh-5.3p1-117.el6.i686.rpm openssh-askpass-5.3p1-117.el6.i686.rpm openssh-clients-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-server-5.3p1-117.el6.i686.rpm x86_64: openssh-5.3p1-117.el6.x86_64.rpm openssh-askpass-5.3p1-117.el6.x86_64.rpm openssh-clients-5.3p1-117.el6.x86_64.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-server-5.3p1-117.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-ldap-5.3p1-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-ldap-5.3p1-117.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5352 https://access.redhat.com/security/cve/CVE-2015-6563 https://access.redhat.com/security/cve/CVE-2015-6564 https://access.redhat.com/security/cve/CVE-2016-1908 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMi6FXlSAg2UNWIIRAmskAJ4tDD+j14lqLBFB9PbPvuSvTiECagCfQD/z yoZdbVrmYUcqI4w3JHF4Kow= =7ctO -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 18:56:36 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 18:56:36 +0000 Subject: [RHSA-2016:0760-01] Moderate: file security, bug fix, and enhancement update Message-ID: <201605101856.u4AIub4L029049@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: file security, bug fix, and enhancement update Advisory ID: RHSA-2016:0760-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0760.html Issue date: 2016-05-10 CVE Names: CVE-2014-3538 CVE-2014-3587 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9653 ===================================================================== 1. Summary: An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es): * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kalu?a (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 809898 - RFE: add detection of Python bytecode for recent versions of Python 1080453 - file: incorrectly applied magic/Magdir patch [rhel-6] 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1154802 - file reports "data" instead of zip file when the first file zipped is a file named "mime" 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers 1169509 - file: report full java version for 1.7 and 1.8 class files 1171580 - CVE-2014-8116 file: multiple denial of service issues (resource consumption) 1174606 - CVE-2014-8117 file: denial of service issue (resource consumption) 1180639 - CVE-2014-9620 file: limit the number of ELF notes processed 1190116 - CVE-2014-9653 file: malformed elf file causes access to uninitialized memory 1243650 - If we execute the file command against /var/log/messages then we see "/var/log/messages: ASCII Pascal program text" ? 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: file-5.04-30.el6.src.rpm i386: file-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.i686.rpm file-libs-5.04-30.el6.i686.rpm python-magic-5.04-30.el6.i686.rpm x86_64: file-5.04-30.el6.x86_64.rpm file-debuginfo-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.x86_64.rpm file-libs-5.04-30.el6.i686.rpm file-libs-5.04-30.el6.x86_64.rpm python-magic-5.04-30.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: file-debuginfo-5.04-30.el6.i686.rpm file-devel-5.04-30.el6.i686.rpm file-static-5.04-30.el6.i686.rpm x86_64: file-debuginfo-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.x86_64.rpm file-devel-5.04-30.el6.i686.rpm file-devel-5.04-30.el6.x86_64.rpm file-static-5.04-30.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: file-5.04-30.el6.src.rpm x86_64: file-5.04-30.el6.x86_64.rpm file-debuginfo-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.x86_64.rpm file-libs-5.04-30.el6.i686.rpm file-libs-5.04-30.el6.x86_64.rpm python-magic-5.04-30.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: file-debuginfo-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.x86_64.rpm file-devel-5.04-30.el6.i686.rpm file-devel-5.04-30.el6.x86_64.rpm file-static-5.04-30.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: file-5.04-30.el6.src.rpm i386: file-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.i686.rpm file-devel-5.04-30.el6.i686.rpm file-libs-5.04-30.el6.i686.rpm python-magic-5.04-30.el6.i686.rpm ppc64: file-5.04-30.el6.ppc64.rpm file-debuginfo-5.04-30.el6.ppc.rpm file-debuginfo-5.04-30.el6.ppc64.rpm file-devel-5.04-30.el6.ppc.rpm file-devel-5.04-30.el6.ppc64.rpm file-libs-5.04-30.el6.ppc.rpm file-libs-5.04-30.el6.ppc64.rpm python-magic-5.04-30.el6.ppc64.rpm s390x: file-5.04-30.el6.s390x.rpm file-debuginfo-5.04-30.el6.s390.rpm file-debuginfo-5.04-30.el6.s390x.rpm file-devel-5.04-30.el6.s390.rpm file-devel-5.04-30.el6.s390x.rpm file-libs-5.04-30.el6.s390.rpm file-libs-5.04-30.el6.s390x.rpm python-magic-5.04-30.el6.s390x.rpm x86_64: file-5.04-30.el6.x86_64.rpm file-debuginfo-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.x86_64.rpm file-devel-5.04-30.el6.i686.rpm file-devel-5.04-30.el6.x86_64.rpm file-libs-5.04-30.el6.i686.rpm file-libs-5.04-30.el6.x86_64.rpm python-magic-5.04-30.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: file-debuginfo-5.04-30.el6.i686.rpm file-static-5.04-30.el6.i686.rpm ppc64: file-debuginfo-5.04-30.el6.ppc64.rpm file-static-5.04-30.el6.ppc64.rpm s390x: file-debuginfo-5.04-30.el6.s390x.rpm file-static-5.04-30.el6.s390x.rpm x86_64: file-debuginfo-5.04-30.el6.x86_64.rpm file-static-5.04-30.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: file-5.04-30.el6.src.rpm i386: file-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.i686.rpm file-devel-5.04-30.el6.i686.rpm file-libs-5.04-30.el6.i686.rpm python-magic-5.04-30.el6.i686.rpm x86_64: file-5.04-30.el6.x86_64.rpm file-debuginfo-5.04-30.el6.i686.rpm file-debuginfo-5.04-30.el6.x86_64.rpm file-devel-5.04-30.el6.i686.rpm file-devel-5.04-30.el6.x86_64.rpm file-libs-5.04-30.el6.i686.rpm file-libs-5.04-30.el6.x86_64.rpm python-magic-5.04-30.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: file-debuginfo-5.04-30.el6.i686.rpm file-static-5.04-30.el6.i686.rpm x86_64: file-debuginfo-5.04-30.el6.x86_64.rpm file-static-5.04-30.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3538 https://access.redhat.com/security/cve/CVE-2014-3587 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/cve/CVE-2014-8116 https://access.redhat.com/security/cve/CVE-2014-8117 https://access.redhat.com/security/cve/CVE-2014-9620 https://access.redhat.com/security/cve/CVE-2014-9653 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMi7JXlSAg2UNWIIRAklWAJ9Jt2pZdQ/rY6HUCPDDJjvHLENrmACgtQz9 K6etaZq4Ij7gvyugZbR0OV0= =aYm2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 18:57:25 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 18:57:25 +0000 Subject: [RHSA-2016:0778-01] Moderate: icedtea-web security, bug fix, and enhancement update Message-ID: <201605101857.u4AIvQsj017448@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: icedtea-web security, bug fix, and enhancement update Advisory ID: RHSA-2016:0778-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0778.html Issue date: 2016-05-10 CVE Names: CVE-2015-5234 CVE-2015-5235 ===================================================================== 1. Summary: An update for icedtea-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. The following packages have been upgraded to a newer upstream version: icedtea-web (1.6.2). (BZ#1275523) Security Fix(es): * It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval. (CVE-2015-5234) * It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an incorrectly indicated applet origin. (CVE-2015-5235) Red Hat would like to thank Andrea Palazzo (Truel IT) for reporting these issues. For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1233667 - CVE-2015-5234 icedtea-web: unexpected permanent authorization of unsigned applets 1233697 - CVE-2015-5235 icedtea-web: applet origin spoofing 1299976 - jnlp.LaunchException: Fatal: Initialization Error - NullPointerException SecurityDialogs.showMissingALACAttributePanel when codebase not specified 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: icedtea-web-1.6.2-1.el6.src.rpm i386: icedtea-web-1.6.2-1.el6.i686.rpm icedtea-web-debuginfo-1.6.2-1.el6.i686.rpm x86_64: icedtea-web-1.6.2-1.el6.x86_64.rpm icedtea-web-debuginfo-1.6.2-1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): noarch: icedtea-web-javadoc-1.6.2-1.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: icedtea-web-1.6.2-1.el6.src.rpm x86_64: icedtea-web-1.6.2-1.el6.x86_64.rpm icedtea-web-debuginfo-1.6.2-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: icedtea-web-javadoc-1.6.2-1.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: icedtea-web-1.6.2-1.el6.src.rpm i386: icedtea-web-1.6.2-1.el6.i686.rpm icedtea-web-debuginfo-1.6.2-1.el6.i686.rpm x86_64: icedtea-web-1.6.2-1.el6.x86_64.rpm icedtea-web-debuginfo-1.6.2-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): noarch: icedtea-web-javadoc-1.6.2-1.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: icedtea-web-1.6.2-1.el6.src.rpm i386: icedtea-web-1.6.2-1.el6.i686.rpm icedtea-web-debuginfo-1.6.2-1.el6.i686.rpm x86_64: icedtea-web-1.6.2-1.el6.x86_64.rpm icedtea-web-debuginfo-1.6.2-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): noarch: icedtea-web-javadoc-1.6.2-1.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5234 https://access.redhat.com/security/cve/CVE-2015-5235 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMi7/XlSAg2UNWIIRAgbLAKCwhNuT9Ia67jJvTYE1L+/rR4fdawCcDojZ ft4zzBUGTcKyCf54Z1TIpjI= =HOFU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 18:58:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 18:58:35 +0000 Subject: [RHSA-2016:0780-01] Moderate: ntp security and bug fix update Message-ID: <201605101858.u4AIwZPv023496@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security and bug fix update Advisory ID: RHSA-2016:0780-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0780.html Issue date: 2016-05-10 CVE Names: CVE-2015-5194 CVE-2015-5195 CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7852 CVE-2015-7977 CVE-2015-7978 ===================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) * A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701) * An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852) * A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977) * A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978) * It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194) * It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195) * It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219) * It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-7703) The CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichv?r (Red Hat). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1254542 - CVE-2015-5194 ntp: crash with crafted logconfig configuration command 1254544 - CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type 1254547 - CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths 1255118 - CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet 1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c 1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC 1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability 1286969 - ntpstat reports synchronized even when the local ntpd doesn't synchronize with any time server. 1300269 - CVE-2015-7977 ntp: restriction list NULL pointer dereference 1300270 - CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-10.el6.src.rpm i386: ntp-4.2.6p5-10.el6.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.i686.rpm ntpdate-4.2.6p5-10.el6.i686.rpm x86_64: ntp-4.2.6p5-10.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntpdate-4.2.6p5-10.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.i686.rpm ntp-perl-4.2.6p5-10.el6.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntp-perl-4.2.6p5-10.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-10.el6.src.rpm x86_64: ntp-4.2.6p5-10.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntpdate-4.2.6p5-10.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-10.el6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntp-perl-4.2.6p5-10.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-10.el6.src.rpm i386: ntp-4.2.6p5-10.el6.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.i686.rpm ntpdate-4.2.6p5-10.el6.i686.rpm ppc64: ntp-4.2.6p5-10.el6.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.ppc64.rpm ntpdate-4.2.6p5-10.el6.ppc64.rpm s390x: ntp-4.2.6p5-10.el6.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.s390x.rpm ntpdate-4.2.6p5-10.el6.s390x.rpm x86_64: ntp-4.2.6p5-10.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntpdate-4.2.6p5-10.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.i686.rpm ntp-perl-4.2.6p5-10.el6.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-10.el6.ppc64.rpm ntp-perl-4.2.6p5-10.el6.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-10.el6.s390x.rpm ntp-perl-4.2.6p5-10.el6.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntp-perl-4.2.6p5-10.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-10.el6.src.rpm i386: ntp-4.2.6p5-10.el6.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.i686.rpm ntpdate-4.2.6p5-10.el6.i686.rpm x86_64: ntp-4.2.6p5-10.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntpdate-4.2.6p5-10.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.i686.rpm ntp-perl-4.2.6p5-10.el6.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.x86_64.rpm ntp-perl-4.2.6p5-10.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5194 https://access.redhat.com/security/cve/CVE-2015-5195 https://access.redhat.com/security/cve/CVE-2015-5219 https://access.redhat.com/security/cve/CVE-2015-7691 https://access.redhat.com/security/cve/CVE-2015-7692 https://access.redhat.com/security/cve/CVE-2015-7701 https://access.redhat.com/security/cve/CVE-2015-7702 https://access.redhat.com/security/cve/CVE-2015-7703 https://access.redhat.com/security/cve/CVE-2015-7852 https://access.redhat.com/security/cve/CVE-2015-7977 https://access.redhat.com/security/cve/CVE-2015-7978 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMi83XlSAg2UNWIIRAv9ZAJ9yqsR4x0WYMl50890odO9fRs+uaQCgqasG WLKXMEfadJmFxKSW7Qy6ZmA= =DRWk -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 18:59:55 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2016 18:59:55 +0000 Subject: [RHSA-2016:0855-01] Moderate: kernel security, bug fix, and enhancement update Message-ID: <201605101859.u4AIxtca010194@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:0855-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0855.html Issue date: 2016-05-10 CVE Names: CVE-2010-5313 CVE-2013-4312 CVE-2014-7842 CVE-2014-8134 CVE-2015-5156 CVE-2015-7509 CVE-2015-8215 CVE-2015-8324 CVE-2015-8543 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate) * It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate) * It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low) * A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low) * A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low) Red Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The CVE-2015-5156 issue was discovered by Jason Wang (Red Hat). Additional Changes: * Refer to Red Hat Enterprise Linux 6.8 Release Notes for information on new kernel features and known issues, and Red Hat Enterprise Linux Technical Notes for information on device driver updates, important changes to external kernel parameters, notable bug fixes, and technology previews. Both of these documents are linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 697750 - [xfs] concurrent aio/dio got stuck 723722 - BUG: SELinux is preventing /usr/bin/nautilus (deleted) "write" access on /media/TerraVolume. 889368 - LVM RAID: I/O can hang if entire stripe (mirror group) of RAID10 LV is killed while under snapshot 1066751 - tmpfs: creates files with inode number 0, rendering parent directory unremovable 1163762 - CVE-2010-5313 CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace 1172765 - CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests 1197875 - CIFS DFS shares fail to mount when specifying sec= option 1225359 - bonding: fail to configure master mac address by initscripts 1242239 - md raid1 writemostly feature broken 1243852 - CVE-2015-5156 kernel: buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net 1248507 - kernel: [drm:cpt_set_fifo_underrun_reporting] *ERROR* uncleared pch fifo underrun on pch transcoder A 1254020 - RHEL6.6: NFS client has kernel panic after seeing 'VFS: Busy inodes after unmount ... Self-destruct in 5 seconds. Have a nice day' 1259222 - CVE-2015-7509 kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system 1259870 - Incomplete nl80211 backport broke hostapd 1267261 - CVE-2015-8324 kernel: Null pointer dereference when mounting ext4 1283253 - CVE-2015-8215 kernel: MTU value is not validated in IPv6 stack causing packet loss 1290475 - CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference 1297813 - CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted 1310661 - BUG: unable to handle kernel paging request at 65642072 followed by kernel panic 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.el6.src.rpm i386: kernel-2.6.32-642.el6.i686.rpm kernel-debug-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-devel-2.6.32-642.el6.i686.rpm kernel-headers-2.6.32-642.el6.i686.rpm perf-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.el6.src.rpm i386: kernel-2.6.32-642.el6.i686.rpm kernel-debug-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-devel-2.6.32-642.el6.i686.rpm kernel-headers-2.6.32-642.el6.i686.rpm perf-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm ppc64: kernel-2.6.32-642.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.el6.ppc64.rpm kernel-debug-2.6.32-642.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.el6.ppc64.rpm kernel-devel-2.6.32-642.el6.ppc64.rpm kernel-headers-2.6.32-642.el6.ppc64.rpm perf-2.6.32-642.el6.ppc64.rpm perf-debuginfo-2.6.32-642.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.el6.ppc64.rpm s390x: kernel-2.6.32-642.el6.s390x.rpm kernel-debug-2.6.32-642.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debug-devel-2.6.32-642.el6.s390x.rpm kernel-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.el6.s390x.rpm kernel-devel-2.6.32-642.el6.s390x.rpm kernel-headers-2.6.32-642.el6.s390x.rpm kernel-kdump-2.6.32-642.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.el6.s390x.rpm perf-2.6.32-642.el6.s390x.rpm perf-debuginfo-2.6.32-642.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.el6.s390x.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.el6.ppc64.rpm perf-debuginfo-2.6.32-642.el6.ppc64.rpm python-perf-2.6.32-642.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.el6.s390x.rpm perf-debuginfo-2.6.32-642.el6.s390x.rpm python-perf-2.6.32-642.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.el6.src.rpm i386: kernel-2.6.32-642.el6.i686.rpm kernel-debug-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-devel-2.6.32-642.el6.i686.rpm kernel-headers-2.6.32-642.el6.i686.rpm perf-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2010-5313 https://access.redhat.com/security/cve/CVE-2013-4312 https://access.redhat.com/security/cve/CVE-2014-7842 https://access.redhat.com/security/cve/CVE-2014-8134 https://access.redhat.com/security/cve/CVE-2015-5156 https://access.redhat.com/security/cve/CVE-2015-7509 https://access.redhat.com/security/cve/CVE-2015-8215 https://access.redhat.com/security/cve/CVE-2015-8324 https://access.redhat.com/security/cve/CVE-2015-8543 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMi+PXlSAg2UNWIIRAuJHAJwOjS+hg3NOjNO8opcwy+d4snReCwCfdsxx DP1c9V9WW2D6inIyb6fF50k= =W0en -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 11 01:09:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 May 2016 01:09:01 +0000 Subject: [RHSA-2016:1019-01] Important: qemu-kvm-rhev security update Message-ID: <201605110109.u4B192bV014849@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2016:1019-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1019.html Issue date: 2016-05-11 CVE Names: CVE-2016-3710 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.491.el6_8.1.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMoYQXlSAg2UNWIIRAuQnAKCpVc7jYCn5Pkzi46soifPyvl0UhwCeLOOD a+nBB0b9bjN2HKtxxZ9MIX8= =4pb/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 11 14:26:55 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 May 2016 14:26:55 +0000 Subject: [RHSA-2016:1025-01] Important: pcre security update Message-ID: <201605111426.u4BEQtPb013892@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: pcre security update Advisory ID: RHSA-2016:1025-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1025.html Issue date: 2016-05-11 CVE Names: CVE-2015-2328 CVE-2015-3217 CVE-2015-5073 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2016-3191 ===================================================================== 1. Summary: An update for pcre is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PCRE is a Perl-compatible regular expression library. Security Fix(es): * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1311503 - CVE-2016-3191 pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: pcre-8.32-15.el7_2.1.src.rpm x86_64: pcre-8.32-15.el7_2.1.i686.rpm pcre-8.32-15.el7_2.1.x86_64.rpm pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm pcre-devel-8.32-15.el7_2.1.i686.rpm pcre-devel-8.32-15.el7_2.1.x86_64.rpm pcre-static-8.32-15.el7_2.1.i686.rpm pcre-static-8.32-15.el7_2.1.x86_64.rpm pcre-tools-8.32-15.el7_2.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: pcre-8.32-15.el7_2.1.src.rpm x86_64: pcre-8.32-15.el7_2.1.i686.rpm pcre-8.32-15.el7_2.1.x86_64.rpm pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm pcre-devel-8.32-15.el7_2.1.i686.rpm pcre-devel-8.32-15.el7_2.1.x86_64.rpm pcre-static-8.32-15.el7_2.1.i686.rpm pcre-static-8.32-15.el7_2.1.x86_64.rpm pcre-tools-8.32-15.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: pcre-8.32-15.el7_2.1.src.rpm ppc64: pcre-8.32-15.el7_2.1.ppc.rpm pcre-8.32-15.el7_2.1.ppc64.rpm pcre-debuginfo-8.32-15.el7_2.1.ppc.rpm pcre-debuginfo-8.32-15.el7_2.1.ppc64.rpm pcre-devel-8.32-15.el7_2.1.ppc.rpm pcre-devel-8.32-15.el7_2.1.ppc64.rpm ppc64le: pcre-8.32-15.el7_2.1.ppc64le.rpm pcre-debuginfo-8.32-15.el7_2.1.ppc64le.rpm pcre-devel-8.32-15.el7_2.1.ppc64le.rpm s390x: pcre-8.32-15.el7_2.1.s390.rpm pcre-8.32-15.el7_2.1.s390x.rpm pcre-debuginfo-8.32-15.el7_2.1.s390.rpm pcre-debuginfo-8.32-15.el7_2.1.s390x.rpm pcre-devel-8.32-15.el7_2.1.s390.rpm pcre-devel-8.32-15.el7_2.1.s390x.rpm x86_64: pcre-8.32-15.el7_2.1.i686.rpm pcre-8.32-15.el7_2.1.x86_64.rpm pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm pcre-devel-8.32-15.el7_2.1.i686.rpm pcre-devel-8.32-15.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: pcre-debuginfo-8.32-15.el7_2.1.ppc.rpm pcre-debuginfo-8.32-15.el7_2.1.ppc64.rpm pcre-static-8.32-15.el7_2.1.ppc.rpm pcre-static-8.32-15.el7_2.1.ppc64.rpm pcre-tools-8.32-15.el7_2.1.ppc64.rpm ppc64le: pcre-debuginfo-8.32-15.el7_2.1.ppc64le.rpm pcre-static-8.32-15.el7_2.1.ppc64le.rpm pcre-tools-8.32-15.el7_2.1.ppc64le.rpm s390x: pcre-debuginfo-8.32-15.el7_2.1.s390.rpm pcre-debuginfo-8.32-15.el7_2.1.s390x.rpm pcre-static-8.32-15.el7_2.1.s390.rpm pcre-static-8.32-15.el7_2.1.s390x.rpm pcre-tools-8.32-15.el7_2.1.s390x.rpm x86_64: pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm pcre-static-8.32-15.el7_2.1.i686.rpm pcre-static-8.32-15.el7_2.1.x86_64.rpm pcre-tools-8.32-15.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: pcre-8.32-15.el7_2.1.src.rpm x86_64: pcre-8.32-15.el7_2.1.i686.rpm pcre-8.32-15.el7_2.1.x86_64.rpm pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm pcre-devel-8.32-15.el7_2.1.i686.rpm pcre-devel-8.32-15.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: pcre-debuginfo-8.32-15.el7_2.1.i686.rpm pcre-debuginfo-8.32-15.el7_2.1.x86_64.rpm pcre-static-8.32-15.el7_2.1.i686.rpm pcre-static-8.32-15.el7_2.1.x86_64.rpm pcre-tools-8.32-15.el7_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2016-3191 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXM0BfXlSAg2UNWIIRAsFbAJ9D24++exjHvwJqcjcn2pswh7RkqQCePxOb UYs3e+5ltt2kQErmHEvicaM= =gDFj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 11 14:33:30 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 May 2016 14:33:30 +0000 Subject: [RHSA-2016:1038-01] Moderate: openshift security update Message-ID: <201605111433.u4BEXUn8003553@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openshift security update Advisory ID: RHSA-2016:1038-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1038 Issue date: 2016-05-11 CVE Names: CVE-2016-2142 ===================================================================== 1. Summary: Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file. (CVE-2016-2142) If you believe that the password in this file has been viewed by an attacker you should reset the password after installing this update. All installations with Active Directory integration are advised to upgrade to the updated software, which contains a backported patch to correct this issue. This update includes the following images: openshift3/ose:v3.1.1.6-19 openshift3/ose-deployer:v3.1.1.6-18 openshift3/ose-docker-builder:v3.1.1.6-17 openshift3/ose-f5-router:v3.1.1.6-18 openshift3/ose-sti-builder:v3.1.1.6-17 openshift3/node:v3.1.1.6-18 aep3_beta/aep-deployer:v3.1.1.6-18 aep3_beta/aep-f5-router:v3.1.1.6-18 aep3_beta/aep:v3.1.1.6-19 aep3_beta/node:v3.1.1.6-18 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1311220 - CVE-2016-2142 openshift: Bind password for AD account is stored in world readable file 1331038 - Pods are stuck in pending state due to failed image pulling 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: atomic-openshift-3.1.1.6-6.git.43.f583589.el7aos.src.rpm x86_64: atomic-openshift-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-clients-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-clients-redistributable-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-dockerregistry-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-master-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-node-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-pod-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-recycle-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm atomic-openshift-sdn-ovs-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm tuned-profiles-atomic-openshift-node-3.1.1.6-6.git.43.f583589.el7aos.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2142 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXM0FOXlSAg2UNWIIRAqqJAJ9E1zDpzlT5nMsTwpSBncZYM2o8VgCgo2pc EXXV6Tmgem7x8LlUs7YzT3k= =jW5m -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 11 14:34:22 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 May 2016 14:34:22 +0000 Subject: [RHSA-2016:1039-01] Critical: java-1.8.0-ibm security update Message-ID: <201605111434.u4BEYMx9004102@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2016:1039-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1039.html Issue date: 2016-05-11 CVE Names: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1324044 - CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) 1330986 - CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix 1331359 - CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.i686.rpm ppc64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.ppc64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.ppc64.rpm s390x: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.s390x.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.s390x.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.s390x.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.i686.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0264 https://access.redhat.com/security/cve/CVE-2016-0363 https://access.redhat.com/security/cve/CVE-2016-0376 https://access.redhat.com/security/cve/CVE-2016-0686 https://access.redhat.com/security/cve/CVE-2016-0687 https://access.redhat.com/security/cve/CVE-2016-3422 https://access.redhat.com/security/cve/CVE-2016-3426 https://access.redhat.com/security/cve/CVE-2016-3427 https://access.redhat.com/security/cve/CVE-2016-3443 https://access.redhat.com/security/cve/CVE-2016-3449 https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXM0LUXlSAg2UNWIIRAjtDAJ9SGsb6TWdQl41LmoGu8s1CaHoXAwCeOopM jFcIdy2JC5KCYNoP0y1k8Yg= =D6Yq -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 12 06:38:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 May 2016 06:38:16 +0000 Subject: [RHSA-2016:1041-01] Important: thunderbird security update Message-ID: <201605120638.u4C6cG1x011109@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2016:1041-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1041.html Issue date: 2016-05-12 CVE Names: CVE-2016-2805 CVE-2016-2807 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix(es): * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-2805, CVE-2016-2807) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, Christian Holler, and Tyson Smith as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1330266 - CVE-2016-2805 Mozilla: Miscellaneous memory safety hazards (rv:38.8) (MFSA 2016-39) 1330271 - CVE-2016-2807 Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) (MFSA 2016-39) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-38.8.0-1.el5_11.src.rpm i386: thunderbird-38.8.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.8.0-1.el5_11.i386.rpm x86_64: thunderbird-38.8.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.8.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-38.8.0-1.el5_11.src.rpm i386: thunderbird-38.8.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.8.0-1.el5_11.i386.rpm x86_64: thunderbird-38.8.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.8.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-38.8.0-2.el6_8.src.rpm i386: thunderbird-38.8.0-2.el6_8.i686.rpm thunderbird-debuginfo-38.8.0-2.el6_8.i686.rpm x86_64: thunderbird-38.8.0-2.el6_8.x86_64.rpm thunderbird-debuginfo-38.8.0-2.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-38.8.0-2.el6_8.src.rpm i386: thunderbird-38.8.0-2.el6_8.i686.rpm thunderbird-debuginfo-38.8.0-2.el6_8.i686.rpm ppc64: thunderbird-38.8.0-2.el6_8.ppc64.rpm thunderbird-debuginfo-38.8.0-2.el6_8.ppc64.rpm s390x: thunderbird-38.8.0-2.el6_8.s390x.rpm thunderbird-debuginfo-38.8.0-2.el6_8.s390x.rpm x86_64: thunderbird-38.8.0-2.el6_8.x86_64.rpm thunderbird-debuginfo-38.8.0-2.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-38.8.0-2.el6_8.src.rpm i386: thunderbird-38.8.0-2.el6_8.i686.rpm thunderbird-debuginfo-38.8.0-2.el6_8.i686.rpm x86_64: thunderbird-38.8.0-2.el6_8.x86_64.rpm thunderbird-debuginfo-38.8.0-2.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-38.8.0-1.el7_2.src.rpm x86_64: thunderbird-38.8.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.8.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-38.8.0-1.el7_2.src.rpm ppc64le: thunderbird-38.8.0-1.el7_2.ppc64le.rpm thunderbird-debuginfo-38.8.0-1.el7_2.ppc64le.rpm x86_64: thunderbird-38.8.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.8.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-38.8.0-1.el7_2.src.rpm x86_64: thunderbird-38.8.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.8.0-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2805 https://access.redhat.com/security/cve/CVE-2016-2807 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.8 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNCTTXlSAg2UNWIIRAhTpAJ94fHfzLKjCmHZtVE0LWju4a0MR4gCgjLLh CHHJTARX187L9bM8PiCSvrk= =WhWb -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 12 08:56:42 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 May 2016 08:56:42 +0000 Subject: [RHSA-2016:1055-01] Important: kernel-rt security and bug fix update Message-ID: <201605120855.u4C8tbuT025531@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2016:1055-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1055.html Issue date: 2016-05-12 CVE Names: CVE-2016-0758 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt (3.10.0-327.18.2). This version provides a number of bug fixes and enhancements, including: * [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts * [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO * [scsi] scsi_error: should not get sense for timeout IO in scsi error handler * [scsi] Revert libiscsi: Reduce locking contention in fast path * [mm] madvise: fix MADV_WILLNEED on shmem swapouts * [cpufreq] intel_pstate: decrease number of "HWP enabled" messages and enable HWP per CPU * [kernel] sched: Robustify topology setup * [kernel] sched/fair: Disable tg load_avg/runnable_avg update for root_task_group * [kernel] sched/fair: Move hot load_avg/runnable_avg into separate cacheline * [ib] mlx5: Fix RC transport send queue overhead computation * [fs] nfsd: fix clp->cl_revoked list deletion causing softlock in nfsd * [fs] ceph: multiple updates (BZ#1320168) Security Fix(es): * A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important) Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue. Bug Fix(es): * The hotplug lock and the console semaphore could be acquired in an incorrect order, which could previously lead to a deadlock causing the system console to freeze. The underlying code has been adjusted to acquire the locks in the correct order, resolving the bug with the console. (BZ#1267425) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1300257 - CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length() 1320168 - update the MRG 2.5.x 3.10 kernel-rt sources 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-327.rt56.183.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-327.rt56.183.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-327.rt56.183.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.183.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-327.rt56.183.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0758 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNETvXlSAg2UNWIIRAmn/AKCYQ8oVklhhr0UCc9S+NIEMs09DCQCfb7tv 8oZ5rruvWLnboyl6TPEk0mU= =pvE9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 12 10:12:10 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 May 2016 10:12:10 +0000 Subject: [RHSA-2016:1051-01] Important: kernel-rt security, bug fix, and enhancement update Message-ID: <201605121012.u4CACBmn008582@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2016:1051-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1051.html Issue date: 2016-05-12 CVE Names: CVE-2016-0758 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt (3.10.0-327.18.2). This version provides a number of bug fixes and enhancements, including: * [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts * [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO * [scsi] scsi_error: should not get sense for timeout IO in scsi error handler * [scsi] Revert libiscsi: Reduce locking contention in fast path * [mm] madvise: fix MADV_WILLNEED on shmem swapouts * [cpufreq] intel_pstate: decrease number of "HWP enabled" messages and enable HWP per CPU * [kernel] sched: Robustify topology setup * [kernel] sched/fair: Disable tg load_avg/runnable_avg update for root_task_group * [kernel] sched/fair: Move hot load_avg/runnable_avg into separate cacheline * [ib] mlx5: Fix RC transport send queue overhead computation * [fs] nfsd: fix clp->cl_revoked list deletion causing softlock in nfsd * [fs] ceph: multiple updates (BZ#1322033) Security Fix(es): * A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important) Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue. Bug Fix(es): * The hotplug lock and the console semaphore could be acquired in an incorrect order, which could previously lead to a deadlock causing the system console to freeze. The underlying code has been adjusted to acquire the locks in the correct order, resolving the bug with the console. (BZ#1324767) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1300257 - CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length() 1322033 - kernel-rt: update to the RHEL7.2.z batch#4 source tree 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.src.rpm noarch: kernel-rt-doc-3.10.0-327.18.2.rt56.223.el7_2.noarch.rpm x86_64: kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-kvm-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-kvm-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-kvm-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.src.rpm noarch: kernel-rt-doc-3.10.0-327.18.2.rt56.223.el7_2.noarch.rpm x86_64: kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0758 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNFbnXlSAg2UNWIIRAkVnAJ9Yw0l+7ujUjzhZZTkKi1Dde0x4MwCgsxPx y6n/RCihNggw65hPTJHc+H0= =Dhmr -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 12 10:13:05 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 May 2016 10:13:05 +0000 Subject: [RHSA-2016:1033-01] Important: kernel security and bug fix update Message-ID: <201605121013.u4CAD5vK020498@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:1033-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1033.html Issue date: 2016-05-12 CVE Names: CVE-2016-0758 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important) Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue. Bug Fix(es): * Under certain conditions, the migration threads could race with the CPU hotplug, which could cause a deadlock. A set of patches has been provided to fix this bug, and the deadlock no longer occurs in the system. (BZ#1299338) * A bug in the code that cleans up revoked delegations could previously cause a soft lockup in the NFS server. This patch fixes the underlying source code, so the lockup no longer occurs. (BZ#1311582) * The second attempt to reload Common Application Programming Interface (CAPI) devices on the little-endian variant of IBM Power Systems previously failed. The provided set of patches fixes this bug, and reloading works as intended. (BZ#1312396) * Due to inconsistencies in page size of IOMMU, the NVMe device, and the kernel, the BUG_ON signal previously occurred in the nvme_setup_prps() function, leading to the system crash while setting up the DMA transfer. The provided patch sets the default NVMe page size to 4k, thus preventing the system crash. (BZ#1312399) * Previously, on a system using the Infiniband mlx5 driver used for the SRP stack, a hard lockup previously occurred after the kernel exceeded time with lock held with interrupts blocked. As a consequence, the system panicked. This update fixes this bug, and the system no longer panics in this situation. (BZ#1313814) * On the little-endian variant of IBM Power Systems, the kernel previously crashed in the bitmap_weight() function while running the memory affinity script. The provided patch fortifies the topology setup and prevents sd->child from being set to NULL when it is already NULL. As a result, the memory affinity script runs successfully. (BZ#1316158) * When a KVM guest wrote random values to the special-purpose registers (SPR) Instruction Authority Mask Register (IAMR), the guest and the corresponding QEMU process previously hung. This update adds the code which sets SPRs to a suitable neutral value on guest exit, thus fixing this bug. (BZ#1316636) * Under heavy iSCSI traffic load, the system previously panicked due to a race in the locking code leading to a list corruption. This update fixes this bug, and the system no longer panics in this situation. (BZ#1316812) * During SCSI exception handling (triggered by some irregularities), the driver could previously use an already retired SCSI command. As a consequence, a kernel panic or data corruption occurred. The provided patches fix this bug, and exception handling now proceeds successfully. (BZ#1316820) * When the previously opened /dev/tty, which pointed to a pseudo terminal (pty) pair, was the last file closed, a kernel crash could previously occur. The underlying source code has been fixed, preventing this bug. (BZ#1320297) * Previously, when using VPLEX and FCoE via the bnx2fc driver, different degrees of data corruption occurred. The provided patch fixes the FCP Response (RSP) residual parsing in bnx2fc, which prevents the aforementioned corruption. (BZ#1322279) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1300257 - CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-327.18.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm kernel-doc-3.10.0-327.18.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm perf-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-327.18.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm kernel-doc-3.10.0-327.18.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm perf-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-327.18.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm kernel-doc-3.10.0-327.18.2.el7.noarch.rpm ppc64: kernel-3.10.0-327.18.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-327.18.2.el7.ppc64.rpm kernel-debug-3.10.0-327.18.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-327.18.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.18.2.el7.ppc64.rpm kernel-devel-3.10.0-327.18.2.el7.ppc64.rpm kernel-headers-3.10.0-327.18.2.el7.ppc64.rpm kernel-tools-3.10.0-327.18.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-327.18.2.el7.ppc64.rpm perf-3.10.0-327.18.2.el7.ppc64.rpm perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm python-perf-3.10.0-327.18.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-327.18.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.18.2.el7.ppc64le.rpm kernel-debug-3.10.0-327.18.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.18.2.el7.ppc64le.rpm kernel-devel-3.10.0-327.18.2.el7.ppc64le.rpm kernel-headers-3.10.0-327.18.2.el7.ppc64le.rpm kernel-tools-3.10.0-327.18.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.18.2.el7.ppc64le.rpm perf-3.10.0-327.18.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm python-perf-3.10.0-327.18.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm s390x: kernel-3.10.0-327.18.2.el7.s390x.rpm kernel-debug-3.10.0-327.18.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-327.18.2.el7.s390x.rpm kernel-debug-devel-3.10.0-327.18.2.el7.s390x.rpm kernel-debuginfo-3.10.0-327.18.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-327.18.2.el7.s390x.rpm kernel-devel-3.10.0-327.18.2.el7.s390x.rpm kernel-headers-3.10.0-327.18.2.el7.s390x.rpm kernel-kdump-3.10.0-327.18.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-327.18.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-327.18.2.el7.s390x.rpm perf-3.10.0-327.18.2.el7.s390x.rpm perf-debuginfo-3.10.0-327.18.2.el7.s390x.rpm python-perf-3.10.0-327.18.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.s390x.rpm x86_64: kernel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm perf-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.18.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-327.18.2.el7.ppc64.rpm perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.18.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.18.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.18.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-327.18.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm kernel-doc-3.10.0-327.18.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm perf-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0758 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNFcgXlSAg2UNWIIRAvt9AJ0fBllps1r1hDISfd2cZNny3Ks8MACfYYKN x3KiAlc6BOBfnnwkrsnheNY= =2l9y -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 12 16:30:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 May 2016 16:30:04 +0000 Subject: [RHSA-2016:1064-01] Important: Red Hat OpenShift Enterprise 3.2 security, bug fix, and enhancement update Message-ID: <201605121630.u4CGU5ZM028203@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 3.2 security, bug fix, and enhancement update Advisory ID: RHSA-2016:1064-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1064 Issue date: 2016-05-12 CVE Names: CVE-2016-2149 CVE-2016-2160 CVE-2016-3711 ===================================================================== 1. Summary: Red Hat OpenShift Enterprise 3.2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.2 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges. (CVE-2016-2160) * It was found that OpenShift Enterprise would disclose log file contents from reclaimed namespaces. An attacker could create a new namespace to access log files present in a previously deleted namespace using the same name. (CVE-2016-2149) * An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFT_[namespace]_SERVERID" was set, which contained the internal IP address of a pod. (CVE-2016-3711) The CVE-2016-2149 issue was discovered by Wesley Hearn (Red Hat). Additional Changes: * Space precludes documenting all of the bug fixes and enhancements in this advisory. For details on all new features, bug fixes, and known issues, see the OpenShift Enterprise 3.2 Release Notes linked to in the References section. This update includes the following images: openshift3/ose:v3.2.0.20-3 openshift3/ose-deployer:v3.2.0.20-3 openshift3/ose-docker-builder:v3.2.0.20-3 openshift3/ose-docker-registry:v3.2.0.20-3 openshift3/ose-f5-router:v3.2.0.20-3 openshift3/ose-haproxy-router:v3.2.0.20-3 openshift3/ose-keepalived-ipfailover:v3.2.0.20-3 openshift3/ose-pod:v3.2.0.20-3 openshift3/ose-recycler:v3.2.0.20-3 openshift3/ose-sti-builder:v3.2.0.20-3 openshift3/image-inspector:1.0.0-12 openshift3/jenkins-1-rhel7:1.642-31 openshift3/logging-auth-proxy:3.2.0-3 openshift3/logging-deployment:3.2.0-8 openshift3/logging-elasticsearch:3.2.0-7 openshift3/logging-fluentd:3.2.0-6 openshift3/logging-kibana:3.2.0-3 openshift3/metrics-cassandra:3.2.0-4 openshift3/metrics-deployer:3.2.0-5 openshift3/metrics-hawkular-metrics:3.2.0-6 openshift3/metrics-heapster:3.2.0-5 openshift3/mongodb-24-rhel7:2.4-27 openshift3/mysql-55-rhel7:5.5-25 openshift3/nodejs-010-rhel7:0.10-34 openshift3/node:v3.2.0.20-3 openshift3/openvswitch:v3.2.0.20-4 openshift3/perl-516-rhel7:5.16-37 openshift3/php-55-rhel7:5.5-34 openshift3/postgresql-92-rhel7:9.2-24 openshift3/python-33-rhel7:3.3-34 openshift3/ruby-20-rhel7:2.0-34 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, see: https://access.redhat.com/articles/11258 For instructions on new installations, see the following documentation: https://docs.openshift.com/enterprise/3.2/install_config/install/ For instructions on how to properly upgrade your OpenShift Enterprise cluster from release 3.1 to release 3.2, see the following documentation: https://docs.openshift.com/enterprise/3.2/install_config/upgrading/ For more information about OpenShift Enterprise, see the full documentation: https://docs.openshift.com/enterprise/3.2 5. Bugs fixed (https://bugzilla.redhat.com/): 1252520 - Openshift master spawns pods when out of disk space 1264500 - cannot pass comma-delimted values with oc parameters 1273149 - openshift-master keeps getting killed due to memory usage after upgrade 1276038 - Can't access files from the downward API volume 1278719 - [userinterface_public_561]There is no "View Archive" button in build log page 1278974 - Unable to pull from another Secured Registry 1279344 - Inconsistent PV and PVC bound displayed 1282733 - [openshift3/postgresql-92-rhel7] Postgresql pod is CrashLoopBackOff if using persistent storage 1284700 - Heapster is using the deprecated externalID value to identify metrics 1285763 - A-MQ hawt.io console Browse message detail view header obscured 1291958 - Kubernetes service exposes wrong port for DNS 1293805 - Default SCC forbid recycler pod to be create, cause Persistent Volume failed to recycle 1293830 - Claim remains in 'Pending' status after it bounds dynamically created Persistent Volume 1293850 - Failed to delete dynamically provisioned PV when PVC is deleted 1296232 - EBS volume remains in 'detached' state 1297521 - Scaling up pod causes loop with Node is out of disk 1298942 - atomic-openshift-node crash 1299466 - heapster pod crashes repeatedly: invalid memory address or nil pointer dereference 1299756 - The existing pods loss network connection after remove lbr0 and restart node service 1300214 - Failed to build with openshift/golang-ex 1300298 - [RFE] keepalived vrrp id should be configurable 1300570 - Image garbage collection setting should be more specific for different disk configuration. 1301425 - OpenShift v3's LDAP authentication doesn't handle inheritance group (groups-in-groups) 1302512 - oc tag does not work as our document 1302894 - 'oc rsh' and 'oc exec' fail behind an authenticated proxy 1303085 - InternalIP node configuration fails when using OpenStack as cloud provider with OpenShift: hardcoded OpenStack network names 1303171 - LDAP group sync can return errors for very large result sets 1304526 - iSCSI storage does not work after following the documentation 1304582 - Node or Master will not start when /etc/hosts has 127.0.0.1 equal to hostname 1304975 - Failed to build when add Create resources in OpenShift with Add Build Step in config page for jenkins-1-rhel7 image 1305165 - oadm create-master-certs does not check FQDN 1305417 - Verify claim UID when releasing and binding volumes 1305765 - windows oc cli doesn't use home env variable as home directory 1306011 - Deployer pods incorrectly using the host entry from openshiftLoopbackKubeconfig 1306590 - Optionally reject connection from older client versions 1306805 - Metrics updates fail with 'closed network connection' 1307013 - Deployment fails if "replicas" is set to 0. 1307170 - hawkular-cassandra deployment issues 1308312 - The latest metrics deployer image can't work with character "_" in HAWKULAR_METRICS_HOSTNAME anymore 1308540 - mysql container image: no rsync or tar available in container 1309192 - The latest cassandra image encounter fatal exception during initialization 1309205 - Web console is displayed as OPENSHIFT ORIGIN env 1309435 - namedCertificates do not match the wild card certificate 1310001 - [platformmanagement_public_595]Can't pull the image through integrated registry 1310062 - Prune Image failed with nil error 1310498 - "Invalid value: 9300: must be equal to targetPort when clusterIP = None" in logging-deployer pod 1310567 - [online]BuildConfig field for 'Perform builds in OpenShift' build step in Jenkins configure Job form is populated with default value of 'frontend' instead of actual stored value. 1310572 - Routes cannot be synced to F5 router 1310587 - PV recycle racing 1310606 - Could not create new app using docker image 1310616 - oc new-build with docker strategy should prompt error when using absolute path for "--build-secret" (when testing compatibility between latest oc and old openshift) 1310959 - oc tag does not point to correct image of image stream 1311024 - Can't trigger job successfully in jenkins webconsole 1311048 - Error appears when creating resource(s) in openshift via jenkins 1311049 - [AEP]Not able to list any existing resources by running "oc get all" after logging on AEP 1311312 - AWS and GCE Dynamic provisioners do not work 1311396 - oc download link should not be origin released link on ose web console 1312819 - Can not add Environment Variables on buildconfig edit page 1312826 - [devexp_public_640] Failed to "Cancel deployments in Openshift" via jenkins 1313158 - Only the first deployment of router could be successful 1313210 - Cinder volume could not be attached to disk before the '60s' timeout duration on containerized openshift 1313391 - Node of pod using a NFS PVC, successfully mount but immediately unmount it. 1313779 - Cannot install some dependencies for php image 1314142 - Updating deployment config gets error "timed out waiting for any update progress to be made" 1314270 - Canceling a deployment doesn't cancel a deployment 1314645 - Upgrade failed with "One or more undefined variables 'dict object' has no attribute 'stdout'" 1315157 - f5 plugin hardcodes admin user name 1315190 - Can't upgrade to v3.2 by atomic-openshift-installer 1315563 - Upgrade failed to containerized install OSE 3.1 on RHEL 1315564 - upgrade to ose3.2 failed on Atomic Hosts 1315595 - mongodb cannot be ready once update the admin password 1315607 - Cannot do incremental build 1315637 - The docker wasn't upgraded on node during upgrade 1316050 - Can't get the correct images version for the containerized OSE during upgrade 1316127 - CVE-2016-2160 Privilege escalation when changing root password in sti builder image 1316216 - Logging is not restricted to to current owner/group of a namespace 1316233 - openshift3/node unable to format EBS volumes with error "mkfs.ext4 executable file not found in $PATH" 1316267 - CVE-2016-2149 OpenShift Enterprise 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created 1316698 - Re-Encrypt Termination destinationCACertificate ca-file not created when route does not include key and cert 1316761 - It should compare curr_version with g_new_version in pre.yml 1317097 - Runtime Error when using registry.access.redhat.com/rhel6 image for oc new-app 1317577 - postgresql-persistent template pv enters failed state when started from the web ui 1317835 - Update host for route doesn't take effect 1317851 - openvswitch isn't restart during upgrade 1318395 - Build hangs indefinitely during container creation when running simultaneous builds 1318681 - The pod's state is different from web UI and CLI 1318726 - Deploying a new pod after metrics is running stops metrics collection 1318975 - AWS volumes remains in "in-use" status after deleting OSE pods which used them 1319439 - When no --cloud-provider flag node providerID is "aws:///" on openstack env 1320053 - Failed to run 'lsof' when router is using scc 'hostnetwork' 1320335 - mysql deployment config has bad readinessProbe 1320430 - Existing pods lose network connection after merge network 1320719 - [RFE] Expose secret keys in environment variables 1320752 - Ose-3.1 yum repo is showing 0 rpms 1320939 - oadm diagnostics failed at "Check if master is also running node" step. 1320951 - The IMAGE_VERSION isn't correct when upgrade the containerized OSE 1321258 - Get error ContainerCannotRun in logging deployer pod with the latest image 1321289 - The route info on some routers will not be reported back to client after route gets updated 1321308 - Overriding Builder Image Scripts by "scripts" in buildConfig doesn't output any message when it failed to download scripts 1321309 - Overriding Builder Image Scripts by "scripts: URL" in buildConfig doesn't work under proxy 1321569 - [RFE] consume secrets in builds 1322077 - TeardownNetworkError for deploy pod on all deployments in AWS scale cluster. 1322314 - Diagnostics container did not report the missing of router pod 1322335 - The package name is wrong for rpm upgrade 1322338 - The upgrade should keep the option insecure-registry=172.30.0.0/16 1322538 - Project delete leads to unexpected items in namespace and causes reliability cluster to eventually go unusable 1322718 - CVE-2016-3711 haproxy: Setting cookie containing internal IP address of a pod 1322788 - The IMAGE_VERSION wasn't added to atomic-openshift-master-api and atomic-openshift-master-controllers 1322942 - Service with active endpoints not routing traffic, returns connection refused 1323123 - upgrade failed to containerized OSE on RHEL Host without ose3.2 repo 1323633 - RHBA-2016:0510 packages missing from rhel-7-server-ose-3.1-rpms channel 1324273 - Save button on buildconfig edit page cannot be enabled by only deleting env vars 1324357 - The delay from logging deployment to when logs show up in kibana is too long 1324418 - Unable to bound recycled nfs pv after release 1326214 - Should disable scale up for cancelled deployment on overview page 1326319 - oc delete user makes user unable to log in again 1326446 - Default IMAGE_PREFIX incorrect in metrics-deployer.yaml 1327126 - [DOC] cannot ping pod ip from F5 server with multitenant plugin 1328067 - The Jboss version of hawkular-metrics is rolled back to JBoss EAP 6.4.4.GA 1328822 - build strategy Source is not allowed after upgrade 1329370 - Openshift AWS Persistent Volumes are unable to auto format XFS 1330050 - Output info is not correct when debug a pod with invalid node name. 1331038 - Pods are stuck in pending state due to failed image pulling 6. Package List: Red Hat OpenShift Enterprise 3.2: Source: ansible-1.9.4-1.el7aos.src.rpm atomic-openshift-3.2.0.20-1.git.0.f44746c.el7.src.rpm cockpit-0.93-3.el7.src.rpm elastic-curator-3.5.0-2.el7.src.rpm elasticsearch-1.5.2.redhat_1-11.el7.src.rpm elasticsearch-cloud-kubernetes-1.2.1.redhat_1-1.el7.src.rpm fluentd-0.12.20-1.el7.src.rpm heapster-0.18.2-4.gitaf4752e.el7.src.rpm http-parser-2.0-4.20121128gitcd01361.el7ost.src.rpm image-inspector-1.0.0-1.el7aos.src.rpm jenkins-1.642.2-1.el7.src.rpm jenkins-plugin-credentials-1.24-2.el7.src.rpm jenkins-plugin-durable-task-1.7-1.el7.src.rpm jenkins-plugin-kubernetes-0.5-1.el7.src.rpm jenkins-plugin-openshift-0.6.41-1.el7aos.src.rpm jenkins-plugin-openshift-pipeline-1.0.9-1.el7.src.rpm jenkins-plugin-promoted-builds-2.23-1.el7aos.src.rpm jenkins-plugin-swarm-2.0-2.el7aos.src.rpm kibana-4.1.2-2.el7aos.src.rpm libuv-0.10.34-1.el7ost.src.rpm lucene-4.10.4.redhat_1-5.el7.src.rpm nodejs-0.10.36-3.el7ost.src.rpm nodejs-abbrev-1.0.7-1.el7aos.src.rpm nodejs-accepts-1.2.13-1.el7aos.src.rpm nodejs-align-text-0.1.3-2.el7aos.src.rpm nodejs-ansi-green-0.1.1-1.el7aos.src.rpm nodejs-ansi-regex-2.0.0-1.el7aos.src.rpm nodejs-ansi-styles-2.1.0-1.el7aos.src.rpm nodejs-ansi-wrap-0.1.0-1.el7aos.src.rpm nodejs-anymatch-1.3.0-1.el7aos.src.rpm nodejs-arr-diff-2.0.0-1.el7aos.src.rpm nodejs-arr-flatten-1.0.1-1.el7aos.src.rpm nodejs-array-flatten-1.1.1-1.el7aos.src.rpm nodejs-array-unique-0.2.1-1.el7aos.src.rpm nodejs-arrify-1.0.0-1.el7aos.src.rpm nodejs-asn1-0.1.11-4.el7aos.src.rpm nodejs-assert-plus-0.1.4-1.el7aos.src.rpm nodejs-async-1.4.2-1.el7aos.src.rpm nodejs-async-each-1.0.0-1.el7aos.src.rpm nodejs-aws-sign2-0.5.0-1.el7aos.src.rpm nodejs-balanced-match-0.2.1-1.el7aos.src.rpm nodejs-base64url-1.0.4-2.el7aos.src.rpm nodejs-basic-auth-1.0.3-1.el7aos.src.rpm nodejs-binary-extensions-1.3.1-1.el7aos.src.rpm nodejs-bl-1.0.0-3.el7aos.src.rpm nodejs-bluebird-2.10.0-1.el7aos.src.rpm nodejs-body-parser-1.14.1-1.el7aos.src.rpm nodejs-boom-2.8.0-1.el7aos.src.rpm nodejs-brace-expansion-1.1.1-1.el7aos.src.rpm nodejs-braces-1.8.2-2.el7aos.src.rpm nodejs-bytes-2.1.0-1.el7aos.src.rpm nodejs-camelcase-1.2.1-2.el7aos.src.rpm nodejs-camelcase-keys-1.0.0-2.el7aos.src.rpm nodejs-capture-stack-trace-1.0.0-2.el7aos.src.rpm nodejs-caseless-0.11.0-1.el7aos.src.rpm nodejs-center-align-0.1.1-1.el7aos.src.rpm nodejs-chalk-1.1.1-2.el7aos.src.rpm nodejs-chokidar-1.4.1-2.el7aos.src.rpm nodejs-client-sessions-0.7.0-2.el7aos.src.rpm nodejs-cliui-2.1.0-2.el7aos.src.rpm nodejs-combined-stream-1.0.5-1.el7aos.src.rpm nodejs-commander-2.8.1-2.el7aos.src.rpm nodejs-concat-map-0.0.1-1.el7aos.src.rpm nodejs-concat-stream-1.4.7-3.el7aos.src.rpm nodejs-configstore-1.4.0-1.el7aos.src.rpm nodejs-content-disposition-0.5.0-1.el7aos.src.rpm nodejs-content-type-1.0.1-1.el7aos.src.rpm nodejs-cookie-0.2.0-1.el7aos.src.rpm nodejs-cookie-signature-1.0.6-1.el7aos.src.rpm nodejs-cookies-0.5.0-2.el7aos.src.rpm nodejs-core-util-is-1.0.1-1.el7aos.src.rpm nodejs-create-error-class-2.0.1-2.el7aos.src.rpm nodejs-cryptiles-2.0.5-2.el7aos.src.rpm nodejs-ctype-0.5.3-3.el7aos.src.rpm nodejs-debug-2.2.0-1.el7aos.src.rpm nodejs-decamelize-1.0.0-1.el7aos.src.rpm nodejs-deep-extend-0.3.2-2.el7aos.src.rpm nodejs-delayed-stream-1.0.0-1.el7aos.src.rpm nodejs-depd-1.1.0-1.el7aos.src.rpm nodejs-destroy-1.0.3-1.el7aos.src.rpm nodejs-duplexer-0.1.1-2.el7aos.src.rpm nodejs-duplexify-3.4.2-1.el7aos.src.rpm nodejs-ee-first-1.1.1-1.el7aos.src.rpm nodejs-end-of-stream-1.1.0-2.el7aos.src.rpm nodejs-error-ex-1.2.0-1.el7aos.src.rpm nodejs-es6-promise-3.0.2-2.el7aos.src.rpm nodejs-escape-html-1.0.3-1.el7aos.src.rpm nodejs-escape-string-regexp-1.0.3-1.el7aos.src.rpm nodejs-etag-1.7.0-1.el7aos.src.rpm nodejs-event-stream-3.3.2-1.el7aos.src.rpm nodejs-eventemitter3-1.1.1-2.el7aos.src.rpm nodejs-expand-brackets-0.1.4-1.el7aos.src.rpm nodejs-expand-range-1.8.1-1.el7aos.src.rpm nodejs-express-4.13.3-3.el7aos.src.rpm nodejs-extend-3.0.0-2.el7aos.src.rpm nodejs-extglob-0.3.1-1.el7aos.src.rpm nodejs-filename-regex-2.0.0-1.el7aos.src.rpm nodejs-fill-range-2.2.3-1.el7aos.src.rpm nodejs-finalhandler-0.4.0-2.el7aos.src.rpm nodejs-findup-sync-0.3.0-2.el7aos.src.rpm nodejs-for-in-0.1.4-1.el7aos.src.rpm nodejs-for-own-0.1.3-1.el7aos.src.rpm nodejs-forever-agent-0.6.1-1.el7aos.src.rpm nodejs-form-data-1.0.0-rc3.1.el7aos.src.rpm nodejs-forwarded-0.1.0-1.el7aos.src.rpm nodejs-fresh-0.3.0-1.el7aos.src.rpm nodejs-from-0.1.3-2.el7aos.src.rpm nodejs-generate-function-2.0.0-1.el7aos.src.rpm nodejs-generate-object-property-1.2.0-1.el7aos.src.rpm nodejs-glob-5.0.15-1.el7aos.src.rpm nodejs-glob-base-0.3.0-1.el7aos.src.rpm nodejs-glob-parent-2.0.0-1.el7aos.src.rpm nodejs-got-5.2.1-1.el7aos.src.rpm nodejs-graceful-fs-4.1.2-1.el7aos.src.rpm nodejs-graceful-readlink-1.0.1-1.el7aos.src.rpm nodejs-har-validator-1.8.0-1.el7aos.src.rpm nodejs-has-ansi-2.0.0-1.el7aos.src.rpm nodejs-has-color-0.1.7-2.el7aos.src.rpm nodejs-has-flag-1.0.0-1.el7aos.src.rpm nodejs-hawk-3.1.0-1.el7aos.src.rpm nodejs-hoek-2.14.0-1.el7aos.src.rpm nodejs-http-errors-1.3.1-1.el7aos.src.rpm nodejs-http-proxy-1.11.2-2.el7aos.src.rpm nodejs-http-signature-0.11.0-1.el7aos.src.rpm nodejs-iconv-lite-0.4.13-1.el7aos.src.rpm nodejs-indent-string-2.1.0-2.el7aos.src.rpm nodejs-inflight-1.0.4-6.el7aos.src.rpm nodejs-inherits-2.0.1-1.el7aos.src.rpm nodejs-ini-1.1.0-6.el7aos.src.rpm nodejs-invert-kv-1.0.0-1.el7aos.src.rpm nodejs-ipaddr.js-1.0.3-1.el7aos.src.rpm nodejs-is-binary-path-1.0.1-1.el7aos.src.rpm nodejs-is-buffer-1.0.2-1.el7aos.src.rpm nodejs-is-dotfile-1.0.2-1.el7aos.src.rpm nodejs-is-equal-shallow-0.1.3-1.el7aos.src.rpm nodejs-is-extendable-0.1.1-1.el7aos.src.rpm nodejs-is-extglob-1.0.0-1.el7aos.src.rpm nodejs-is-finite-1.0.1-2.el7aos.src.rpm nodejs-is-glob-2.0.1-1.el7aos.src.rpm nodejs-is-my-json-valid-2.12.2-1.el7aos.src.rpm nodejs-is-npm-1.0.0-1.el7aos.src.rpm nodejs-is-number-2.1.0-1.el7aos.src.rpm nodejs-is-plain-obj-1.0.0-1.el7aos.src.rpm nodejs-is-primitive-2.0.0-1.el7aos.src.rpm nodejs-is-property-1.0.2-1.el7aos.src.rpm nodejs-is-redirect-1.0.0-1.el7aos.src.rpm nodejs-is-stream-1.0.1-2.el7aos.src.rpm nodejs-isarray-0.0.1-1.el7aos.src.rpm nodejs-isobject-2.0.0-1.el7aos.src.rpm nodejs-isstream-0.1.2-1.el7aos.src.rpm nodejs-json-stringify-safe-5.0.1-1.el7aos.src.rpm nodejs-jsonpointer-2.0.0-1.el7aos.src.rpm nodejs-keygrip-1.0.1-2.el7aos.src.rpm nodejs-kind-of-3.0.2-1.el7aos.src.rpm nodejs-latest-version-2.0.0-1.el7aos.src.rpm nodejs-lazy-cache-1.0.2-1.el7aos.src.rpm nodejs-lcid-1.0.0-1.el7aos.src.rpm nodejs-lodash.assign-3.2.0-1.el7aos.src.rpm nodejs-lodash.baseassign-3.2.0-1.el7aos.src.rpm nodejs-lodash.basecopy-3.0.1-1.el7aos.src.rpm nodejs-lodash.bindcallback-3.0.1-1.el7aos.src.rpm nodejs-lodash.createassigner-3.1.1-1.el7aos.src.rpm nodejs-lodash.defaults-3.1.2-1.el7aos.src.rpm nodejs-lodash.getnative-3.9.1-1.el7aos.src.rpm nodejs-lodash.isarguments-3.0.4-1.el7aos.src.rpm nodejs-lodash.isarray-3.0.4-1.el7aos.src.rpm nodejs-lodash.isiterateecall-3.0.9-1.el7aos.src.rpm nodejs-lodash.keys-3.1.2-1.el7aos.src.rpm nodejs-lodash.restparam-3.6.1-1.el7aos.src.rpm nodejs-longest-1.0.1-1.el7aos.src.rpm nodejs-lowercase-keys-1.0.0-2.el7aos.src.rpm nodejs-map-obj-1.0.1-1.el7aos.src.rpm nodejs-map-stream-0.1.0-2.el7aos.src.rpm nodejs-media-typer-0.3.0-1.el7aos.src.rpm nodejs-meow-2.0.0-3.el7aos.src.rpm nodejs-merge-descriptors-1.0.0-1.el7aos.src.rpm nodejs-methods-1.1.1-1.el7aos.src.rpm nodejs-micromatch-2.3.5-2.el7aos.src.rpm nodejs-mime-1.3.4-1.el7aos.src.rpm nodejs-mime-db-1.19.0-1.el7aos.src.rpm nodejs-mime-types-2.1.7-1.el7aos.src.rpm nodejs-minimatch-3.0.0-2.el7aos.src.rpm nodejs-minimist-1.2.0-2.el7aos.src.rpm nodejs-mkdirp-0.5.0-2.el7aos.src.rpm nodejs-morgan-1.6.1-3.el7aos.src.rpm nodejs-ms-0.7.1-1.el7aos.src.rpm nodejs-negotiator-0.5.3-1.el7aos.src.rpm nodejs-node-status-codes-1.0.0-1.el7aos.src.rpm nodejs-node-uuid-1.4.3-1.el7aos.src.rpm nodejs-nodemon-1.8.1-2.el7aos.src.rpm nodejs-nopt-3.0.4-1.el7aos.src.rpm nodejs-normalize-path-2.0.1-1.el7aos.src.rpm nodejs-number-is-nan-1.0.0-2.el7aos.src.rpm nodejs-oauth-0.9.13-3.el7aos.src.rpm nodejs-oauth-sign-0.8.0-1.el7aos.src.rpm nodejs-object-assign-4.0.1-1.el7aos.src.rpm nodejs-object.omit-2.0.0-1.el7aos.src.rpm nodejs-on-finished-2.3.0-1.el7aos.src.rpm nodejs-on-headers-1.0.0-1.el7aos.src.rpm nodejs-once-1.3.2-5.el7aos.src.rpm nodejs-openshift-auth-proxy-0.0.20-1.el7aos.src.rpm nodejs-optimist-0.4.0-5.el7aos.src.rpm nodejs-os-homedir-1.0.1-1.el7aos.src.rpm nodejs-os-locale-1.4.0-1.el7aos.src.rpm nodejs-os-tmpdir-1.0.1-1.el7aos.src.rpm nodejs-osenv-0.1.0-2.el7aos.src.rpm nodejs-package-json-2.3.0-1.el7aos.src.rpm nodejs-packaging-7-1.el7ost.src.rpm nodejs-parse-duration-0.1.1-2.el7aos.src.rpm nodejs-parse-glob-3.0.4-1.el7aos.src.rpm nodejs-parse-json-2.2.0-2.el7aos.src.rpm nodejs-parseurl-1.3.0-1.el7aos.src.rpm nodejs-passport-0.2.2-4.el7aos.src.rpm nodejs-passport-http-bearer-1.0.1-2.el7aos.src.rpm nodejs-passport-oauth2-1.1.2-4.el7aos.src.rpm nodejs-passport-strategy-1.0.0-4.el7aos.src.rpm nodejs-path-is-absolute-1.0.0-1.el7aos.src.rpm nodejs-path-to-regexp-1.2.1-1.el7aos.src.rpm nodejs-patternfly-2.2.0-2.el7aos.src.rpm nodejs-pause-0.0.1-3.el7aos.src.rpm nodejs-pause-stream-0.0.11-2.el7aos.src.rpm nodejs-pinkie-2.0.1-1.el7aos.src.rpm nodejs-pinkie-promise-2.0.0-1.el7aos.src.rpm nodejs-prepend-http-1.0.1-2.el7aos.src.rpm nodejs-preserve-0.2.0-1.el7aos.src.rpm nodejs-process-nextick-args-1.0.2-1.el7aos.src.rpm nodejs-proxy-addr-1.0.8-2.el7aos.src.rpm nodejs-ps-tree-1.0.1-1.el7aos.src.rpm nodejs-qs-5.2.0-1.el7aos.src.rpm nodejs-randomatic-1.1.5-1.el7aos.src.rpm nodejs-range-parser-1.0.2-1.el7aos.src.rpm nodejs-raw-body-2.1.4-2.el7aos.src.rpm nodejs-rc-1.1.2-1.el7aos.src.rpm nodejs-read-all-stream-3.0.1-3.el7aos.src.rpm nodejs-readable-stream-2.0.2-1.el7aos.src.rpm nodejs-readdirp-2.0.0-2.el7aos.src.rpm nodejs-regex-cache-0.4.2-1.el7aos.src.rpm nodejs-registry-url-3.0.3-1.el7aos.src.rpm nodejs-repeat-element-1.1.2-1.el7aos.src.rpm nodejs-repeat-string-1.5.2-1.el7aos.src.rpm nodejs-repeating-2.0.0-2.el7aos.src.rpm nodejs-request-2.61.0-2.el7aos.src.rpm nodejs-requires-port-0.0.1-2.el7aos.src.rpm nodejs-resolve-1.1.6-1.el7aos.src.rpm nodejs-right-align-0.1.3-1.el7aos.src.rpm nodejs-semver-5.1.0-1.el7aos.src.rpm nodejs-semver-diff-2.1.0-1.el7aos.src.rpm nodejs-send-0.13.0-3.el7aos.src.rpm nodejs-serve-static-1.10.0-2.el7aos.src.rpm nodejs-slide-1.1.5-3.el7aos.src.rpm nodejs-sntp-1.0.9-2.el7aos.src.rpm nodejs-split-0.3.3-2.el7aos.src.rpm nodejs-statuses-1.2.1-3.el7aos.src.rpm nodejs-stream-combiner-0.2.1-2.el7aos.src.rpm nodejs-string-length-1.0.1-1.el7aos.src.rpm nodejs-string_decoder-0.10.31-2.el7aos.src.rpm nodejs-stringstream-0.0.4-1.el7aos.src.rpm nodejs-strip-ansi-3.0.0-1.el7aos.src.rpm nodejs-strip-json-comments-1.0.2-2.el7aos.src.rpm nodejs-success-symbol-0.1.0-1.el7aos.src.rpm nodejs-supports-color-3.1.1-1.el7aos.src.rpm nodejs-through-2.3.4-4.el7aos.src.rpm nodejs-timed-out-2.0.0-3.el7aos.src.rpm nodejs-touch-1.0.0-2.el7aos.src.rpm nodejs-tough-cookie-2.0.0-1.el7aos.src.rpm nodejs-tunnel-agent-0.4.1-1.el7aos.src.rpm nodejs-type-is-1.6.9-1.el7aos.src.rpm nodejs-typedarray-0.0.6-1.el7aos.src.rpm nodejs-uid2-0.0.3-3.el7aos.src.rpm nodejs-undefsafe-0.0.3-1.el7aos.src.rpm nodejs-unpipe-1.0.0-1.el7aos.src.rpm nodejs-unzip-response-1.0.0-1.el7aos.src.rpm nodejs-update-notifier-0.6.0-1.el7aos.src.rpm nodejs-url-join-0.0.1-2.el7aos.src.rpm nodejs-url-parse-lax-1.0.0-1.el7aos.src.rpm nodejs-util-deprecate-1.0.1-1.el7aos.src.rpm nodejs-utils-merge-1.0.0-1.el7aos.src.rpm nodejs-uuid-2.0.1-1.el7aos.src.rpm nodejs-vary-1.0.1-1.el7aos.src.rpm nodejs-window-size-0.1.2-1.el7aos.src.rpm nodejs-wordwrap-1.0.0-1.el7aos.src.rpm nodejs-wrappy-1.0.1-4.el7aos.src.rpm nodejs-write-file-atomic-1.1.2-2.el7aos.src.rpm nodejs-xdg-basedir-2.0.0-1.el7aos.src.rpm nodejs-xtend-4.0.0-4.el7aos.src.rpm nodejs-y18n-3.1.0-1.el7aos.src.rpm nodejs-yargs-3.24.0-1.el7aos.src.rpm nss_wrapper-1.0.3-1.el7.src.rpm openshift-elasticsearch-plugin-0.13.0.redhat_1-1.el7.src.rpm openvswitch-2.4.0-2.el7_2.src.rpm origin-kibana-0.5.0-1.el7aos.src.rpm php55-php-pecl-imagick-3.1.2-6.el7.src.rpm php55-php-pecl-xdebug-2.2.7-3.el7.src.rpm python-click-4.1-2.el7aos.src.rpm python-contextlib2-0.5.1-2.el7.src.rpm python-crypto-2.6.1-1.el7aos.src.rpm python-ecdsa-0.11-3.el7aos.src.rpm python-elasticsearch-2.3.0-1.el7.src.rpm python-extras-0.0.3-2.el7.src.rpm python-fixtures-0.3.14-3.el7.src.rpm python-httplib2-0.9.1-2.el7aos.src.rpm python-keyczar-0.71c-2.el7aos.src.rpm python-linecache2-1.0.0-3.el7.src.rpm python-mimeparse-0.1.4-2.el7.src.rpm python-mock-1.0.1-9.2.el7.src.rpm python-nose-xcover-1.0.10-1.el7.src.rpm python-paramiko-1.15.2-1.el7aos.src.rpm python-pbr-1.8.1-2.el7.src.rpm python-setuptools-17.1.1-3.el7aos.src.rpm python-testtools-1.1.0-1.el7.src.rpm python-traceback2-1.4.0-2.el7.src.rpm python-unittest2-1.1.0-5.el7.src.rpm python33-python-pip-1.5.6-5.el7.src.rpm rubygem-activesupport-4.2.4-3.el7aos.src.rpm rubygem-addressable-2.3.6-6.el7aos.src.rpm rubygem-atomic-1.1.16-3.el7aos.src.rpm rubygem-builder-3.1.4-3.el7aos.src.rpm rubygem-configuration-1.3.2-3.el7aos.src.rpm rubygem-cool.io-1.2.4-2.el7aos.src.rpm rubygem-crack-0.3.2-1.el7aos.src.rpm rubygem-dalli-2.7.4-2.el7aos.src.rpm rubygem-diff-lcs-1.1.3-2.2.el7aos.src.rpm rubygem-docker-api-1.22.4-1.el7aos.src.rpm rubygem-elasticsearch-1.0.8-1.el7aos.src.rpm rubygem-elasticsearch-api-1.0.7-1.el7aos.src.rpm rubygem-elasticsearch-extensions-0.0.15-2.el7aos.src.rpm rubygem-elasticsearch-transport-1.0.7-1.el7aos.src.rpm rubygem-excon-0.39.6-1.el7aos.src.rpm rubygem-faraday-0.9.0-3.el7aos.src.rpm rubygem-fluent-plugin-add-0.0.3-1.el7aos.src.rpm rubygem-fluent-plugin-docker_metadata_filter-0.1.1-1.el7aos.src.rpm rubygem-fluent-plugin-elasticsearch-1.3.0-2.el7.src.rpm rubygem-fluent-plugin-flatten-hash-0.2.0-1.el7aos.src.rpm rubygem-fluent-plugin-kubernetes_metadata_filter-0.12.0-1.el7aos.src.rpm rubygem-http_parser.rb-0.6.0-1.el7aos.src.rpm rubygem-i18n-0.7.0-3.el7aos.src.rpm rubygem-introspection-0.0.2-8.el7aos.src.rpm rubygem-jnunemaker-matchy-0.4.0-10.el7aos.src.rpm rubygem-json_pure-1.6.3-9.el7aos.src.rpm rubygem-kubeclient-0.7.0-1.el7aos.src.rpm rubygem-launchy-0.4.0-9.el7aos.src.rpm rubygem-lru_redux-1.1.0-1.el7aos.src.rpm rubygem-metaclass-0.0.1-8.el7aos.src.rpm rubygem-mime-types-1.19-3.el7aos.src.rpm rubygem-minitest-4.7.0-2.el7aos.src.rpm rubygem-mocha-0.14.0-1.el7aos.src.rpm rubygem-msgpack-0.5.11-1.el7aos.src.rpm rubygem-multi_json-1.10.1-1.el7aos.src.rpm rubygem-multipart-post-2.0.0-2.el7aos.src.rpm rubygem-netrc-0.7.7-3.el7aos.src.rpm rubygem-rack-1.5.2-4.el7aos.src.rpm rubygem-recursive-open-struct-0.6.5-1.el7aos.src.rpm rubygem-rest-client-1.6.7-4.el7aos.src.rpm rubygem-rr-1.1.2-4.el7aos.src.rpm rubygem-rspec-2.14.1-1.el7aos.src.rpm rubygem-rspec-core-2.14.8-1.el7aos.0.src.rpm rubygem-rspec-expectations-2.14.5-2.el7aos.1.src.rpm rubygem-rspec-mocks-2.14.6-2.el7aos.1.src.rpm rubygem-session-3.1.0-10.el7aos.src.rpm rubygem-shoulda-2.11.3-8.el7aos.src.rpm rubygem-sigdump-0.2.2-1.el7aos.src.rpm rubygem-string-scrub-0.0.5-1.el7aos.src.rpm rubygem-test-unit-2.5.5-1.el7aos.src.rpm rubygem-test-unit-rr-1.0.3-3.el7aos.src.rpm rubygem-test_declarative-0.0.5-5.el7aos.src.rpm rubygem-thread_safe-0.3.4-1.el7aos.src.rpm rubygem-tzinfo-1.2.2-2.el7aos.src.rpm rubygem-tzinfo-data-1.2014.10-2.el7aos.src.rpm rubygem-webmock-1.17.1-3.el7aos.src.rpm rubygem-yajl-ruby-1.2.1-1.el7aos.src.rpm search-guard-0.5.1.redhat_1-1.el7.src.rpm sshpass-1.05-5.el7aos.src.rpm thrift-0.9.1-12.el7.src.rpm v8-3.14.5.10-17.el7ost.src.rpm noarch: ansible-1.9.4-1.el7aos.noarch.rpm elastic-curator-3.5.0-2.el7.noarch.rpm elasticsearch-1.5.2.redhat_1-11.el7.noarch.rpm elasticsearch-cloud-kubernetes-1.2.1.redhat_1-1.el7.noarch.rpm fb303-java-0.9.1-12.el7.noarch.rpm fluentd-0.12.20-1.el7.noarch.rpm fluentd-doc-0.12.20-1.el7.noarch.rpm jenkins-1.642.2-1.el7.noarch.rpm libthrift-java-0.9.1-12.el7.noarch.rpm libthrift-javadoc-0.9.1-12.el7.noarch.rpm lucene-4.10.4.redhat_1-5.el7.noarch.rpm lucene-contrib-4.10.4.redhat_1-5.el7.noarch.rpm nodejs-abbrev-1.0.7-1.el7aos.noarch.rpm nodejs-accepts-1.2.13-1.el7aos.noarch.rpm nodejs-align-text-0.1.3-2.el7aos.noarch.rpm nodejs-ansi-green-0.1.1-1.el7aos.noarch.rpm nodejs-ansi-regex-2.0.0-1.el7aos.noarch.rpm nodejs-ansi-styles-2.1.0-1.el7aos.noarch.rpm nodejs-ansi-wrap-0.1.0-1.el7aos.noarch.rpm nodejs-anymatch-1.3.0-1.el7aos.noarch.rpm nodejs-arr-diff-2.0.0-1.el7aos.noarch.rpm nodejs-arr-flatten-1.0.1-1.el7aos.noarch.rpm nodejs-array-flatten-1.1.1-1.el7aos.noarch.rpm nodejs-array-unique-0.2.1-1.el7aos.noarch.rpm nodejs-arrify-1.0.0-1.el7aos.noarch.rpm nodejs-asn1-0.1.11-4.el7aos.noarch.rpm nodejs-assert-plus-0.1.4-1.el7aos.noarch.rpm nodejs-async-1.4.2-1.el7aos.noarch.rpm nodejs-async-each-1.0.0-1.el7aos.noarch.rpm nodejs-aws-sign2-0.5.0-1.el7aos.noarch.rpm nodejs-balanced-match-0.2.1-1.el7aos.noarch.rpm nodejs-base64url-1.0.4-2.el7aos.noarch.rpm nodejs-basic-auth-1.0.3-1.el7aos.noarch.rpm nodejs-binary-extensions-1.3.1-1.el7aos.noarch.rpm nodejs-bl-1.0.0-3.el7aos.noarch.rpm nodejs-bluebird-2.10.0-1.el7aos.noarch.rpm nodejs-body-parser-1.14.1-1.el7aos.noarch.rpm nodejs-boom-2.8.0-1.el7aos.noarch.rpm nodejs-brace-expansion-1.1.1-1.el7aos.noarch.rpm nodejs-braces-1.8.2-2.el7aos.noarch.rpm nodejs-bytes-2.1.0-1.el7aos.noarch.rpm nodejs-camelcase-1.2.1-2.el7aos.noarch.rpm nodejs-camelcase-keys-1.0.0-2.el7aos.noarch.rpm nodejs-capture-stack-trace-1.0.0-2.el7aos.noarch.rpm nodejs-caseless-0.11.0-1.el7aos.noarch.rpm nodejs-center-align-0.1.1-1.el7aos.noarch.rpm nodejs-chalk-1.1.1-2.el7aos.noarch.rpm nodejs-chokidar-1.4.1-2.el7aos.noarch.rpm nodejs-client-sessions-0.7.0-2.el7aos.noarch.rpm nodejs-cliui-2.1.0-2.el7aos.noarch.rpm nodejs-combined-stream-1.0.5-1.el7aos.noarch.rpm nodejs-commander-2.8.1-2.el7aos.noarch.rpm nodejs-concat-map-0.0.1-1.el7aos.noarch.rpm nodejs-concat-stream-1.4.7-3.el7aos.noarch.rpm nodejs-configstore-1.4.0-1.el7aos.noarch.rpm nodejs-content-disposition-0.5.0-1.el7aos.noarch.rpm nodejs-content-type-1.0.1-1.el7aos.noarch.rpm nodejs-cookie-0.2.0-1.el7aos.noarch.rpm nodejs-cookie-signature-1.0.6-1.el7aos.noarch.rpm nodejs-cookies-0.5.0-2.el7aos.noarch.rpm nodejs-core-util-is-1.0.1-1.el7aos.noarch.rpm nodejs-create-error-class-2.0.1-2.el7aos.noarch.rpm nodejs-cryptiles-2.0.5-2.el7aos.noarch.rpm nodejs-ctype-0.5.3-3.el7aos.noarch.rpm nodejs-debug-2.2.0-1.el7aos.noarch.rpm nodejs-decamelize-1.0.0-1.el7aos.noarch.rpm nodejs-deep-extend-0.3.2-2.el7aos.noarch.rpm nodejs-delayed-stream-1.0.0-1.el7aos.noarch.rpm nodejs-depd-1.1.0-1.el7aos.noarch.rpm nodejs-destroy-1.0.3-1.el7aos.noarch.rpm nodejs-docs-0.10.36-3.el7ost.noarch.rpm nodejs-duplexer-0.1.1-2.el7aos.noarch.rpm nodejs-duplexify-3.4.2-1.el7aos.noarch.rpm nodejs-ee-first-1.1.1-1.el7aos.noarch.rpm nodejs-end-of-stream-1.1.0-2.el7aos.noarch.rpm nodejs-error-ex-1.2.0-1.el7aos.noarch.rpm nodejs-es6-promise-3.0.2-2.el7aos.noarch.rpm nodejs-escape-html-1.0.3-1.el7aos.noarch.rpm nodejs-escape-string-regexp-1.0.3-1.el7aos.noarch.rpm nodejs-etag-1.7.0-1.el7aos.noarch.rpm nodejs-event-stream-3.3.2-1.el7aos.noarch.rpm nodejs-eventemitter3-1.1.1-2.el7aos.noarch.rpm nodejs-expand-brackets-0.1.4-1.el7aos.noarch.rpm nodejs-expand-range-1.8.1-1.el7aos.noarch.rpm nodejs-express-4.13.3-3.el7aos.noarch.rpm nodejs-extend-3.0.0-2.el7aos.noarch.rpm nodejs-extglob-0.3.1-1.el7aos.noarch.rpm nodejs-filename-regex-2.0.0-1.el7aos.noarch.rpm nodejs-fill-range-2.2.3-1.el7aos.noarch.rpm nodejs-finalhandler-0.4.0-2.el7aos.noarch.rpm nodejs-findup-sync-0.3.0-2.el7aos.noarch.rpm nodejs-for-in-0.1.4-1.el7aos.noarch.rpm nodejs-for-own-0.1.3-1.el7aos.noarch.rpm nodejs-forever-agent-0.6.1-1.el7aos.noarch.rpm nodejs-form-data-1.0.0-rc3.1.el7aos.noarch.rpm nodejs-forwarded-0.1.0-1.el7aos.noarch.rpm nodejs-fresh-0.3.0-1.el7aos.noarch.rpm nodejs-from-0.1.3-2.el7aos.noarch.rpm nodejs-generate-function-2.0.0-1.el7aos.noarch.rpm nodejs-generate-object-property-1.2.0-1.el7aos.noarch.rpm nodejs-glob-5.0.15-1.el7aos.noarch.rpm nodejs-glob-base-0.3.0-1.el7aos.noarch.rpm nodejs-glob-parent-2.0.0-1.el7aos.noarch.rpm nodejs-got-5.2.1-1.el7aos.noarch.rpm nodejs-graceful-fs-4.1.2-1.el7aos.noarch.rpm nodejs-graceful-readlink-1.0.1-1.el7aos.noarch.rpm nodejs-har-validator-1.8.0-1.el7aos.noarch.rpm nodejs-has-ansi-2.0.0-1.el7aos.noarch.rpm nodejs-has-color-0.1.7-2.el7aos.noarch.rpm nodejs-has-flag-1.0.0-1.el7aos.noarch.rpm nodejs-hawk-3.1.0-1.el7aos.noarch.rpm nodejs-hoek-2.14.0-1.el7aos.noarch.rpm nodejs-http-errors-1.3.1-1.el7aos.noarch.rpm nodejs-http-proxy-1.11.2-2.el7aos.noarch.rpm nodejs-http-signature-0.11.0-1.el7aos.noarch.rpm nodejs-iconv-lite-0.4.13-1.el7aos.noarch.rpm nodejs-indent-string-2.1.0-2.el7aos.noarch.rpm nodejs-inflight-1.0.4-6.el7aos.noarch.rpm nodejs-inherits-2.0.1-1.el7aos.noarch.rpm nodejs-ini-1.1.0-6.el7aos.noarch.rpm nodejs-invert-kv-1.0.0-1.el7aos.noarch.rpm nodejs-ipaddr.js-1.0.3-1.el7aos.noarch.rpm nodejs-is-binary-path-1.0.1-1.el7aos.noarch.rpm nodejs-is-buffer-1.0.2-1.el7aos.noarch.rpm nodejs-is-dotfile-1.0.2-1.el7aos.noarch.rpm nodejs-is-equal-shallow-0.1.3-1.el7aos.noarch.rpm nodejs-is-extendable-0.1.1-1.el7aos.noarch.rpm nodejs-is-extglob-1.0.0-1.el7aos.noarch.rpm nodejs-is-finite-1.0.1-2.el7aos.noarch.rpm nodejs-is-glob-2.0.1-1.el7aos.noarch.rpm nodejs-is-my-json-valid-2.12.2-1.el7aos.noarch.rpm nodejs-is-npm-1.0.0-1.el7aos.noarch.rpm nodejs-is-number-2.1.0-1.el7aos.noarch.rpm nodejs-is-plain-obj-1.0.0-1.el7aos.noarch.rpm nodejs-is-primitive-2.0.0-1.el7aos.noarch.rpm nodejs-is-property-1.0.2-1.el7aos.noarch.rpm nodejs-is-redirect-1.0.0-1.el7aos.noarch.rpm nodejs-is-stream-1.0.1-2.el7aos.noarch.rpm nodejs-isarray-0.0.1-1.el7aos.noarch.rpm nodejs-isobject-2.0.0-1.el7aos.noarch.rpm nodejs-isstream-0.1.2-1.el7aos.noarch.rpm nodejs-json-stringify-safe-5.0.1-1.el7aos.noarch.rpm nodejs-jsonpointer-2.0.0-1.el7aos.noarch.rpm nodejs-keygrip-1.0.1-2.el7aos.noarch.rpm nodejs-kind-of-3.0.2-1.el7aos.noarch.rpm nodejs-latest-version-2.0.0-1.el7aos.noarch.rpm nodejs-lazy-cache-1.0.2-1.el7aos.noarch.rpm nodejs-lcid-1.0.0-1.el7aos.noarch.rpm nodejs-lodash.assign-3.2.0-1.el7aos.noarch.rpm nodejs-lodash.baseassign-3.2.0-1.el7aos.noarch.rpm nodejs-lodash.basecopy-3.0.1-1.el7aos.noarch.rpm nodejs-lodash.bindcallback-3.0.1-1.el7aos.noarch.rpm nodejs-lodash.createassigner-3.1.1-1.el7aos.noarch.rpm nodejs-lodash.defaults-3.1.2-1.el7aos.noarch.rpm nodejs-lodash.getnative-3.9.1-1.el7aos.noarch.rpm nodejs-lodash.isarguments-3.0.4-1.el7aos.noarch.rpm nodejs-lodash.isarray-3.0.4-1.el7aos.noarch.rpm nodejs-lodash.isiterateecall-3.0.9-1.el7aos.noarch.rpm nodejs-lodash.keys-3.1.2-1.el7aos.noarch.rpm nodejs-lodash.restparam-3.6.1-1.el7aos.noarch.rpm nodejs-longest-1.0.1-1.el7aos.noarch.rpm nodejs-lowercase-keys-1.0.0-2.el7aos.noarch.rpm nodejs-map-obj-1.0.1-1.el7aos.noarch.rpm nodejs-map-stream-0.1.0-2.el7aos.noarch.rpm nodejs-media-typer-0.3.0-1.el7aos.noarch.rpm nodejs-meow-2.0.0-3.el7aos.noarch.rpm nodejs-merge-descriptors-1.0.0-1.el7aos.noarch.rpm nodejs-methods-1.1.1-1.el7aos.noarch.rpm nodejs-micromatch-2.3.5-2.el7aos.noarch.rpm nodejs-mime-1.3.4-1.el7aos.noarch.rpm nodejs-mime-db-1.19.0-1.el7aos.noarch.rpm nodejs-mime-types-2.1.7-1.el7aos.noarch.rpm nodejs-minimatch-3.0.0-2.el7aos.noarch.rpm nodejs-minimist-1.2.0-2.el7aos.noarch.rpm nodejs-mkdirp-0.5.0-2.el7aos.noarch.rpm nodejs-morgan-1.6.1-3.el7aos.noarch.rpm nodejs-ms-0.7.1-1.el7aos.noarch.rpm nodejs-negotiator-0.5.3-1.el7aos.noarch.rpm nodejs-node-status-codes-1.0.0-1.el7aos.noarch.rpm nodejs-node-uuid-1.4.3-1.el7aos.noarch.rpm nodejs-nodemon-1.8.1-2.el7aos.noarch.rpm nodejs-nopt-3.0.4-1.el7aos.noarch.rpm nodejs-normalize-path-2.0.1-1.el7aos.noarch.rpm nodejs-number-is-nan-1.0.0-2.el7aos.noarch.rpm nodejs-oauth-0.9.13-3.el7aos.noarch.rpm nodejs-oauth-sign-0.8.0-1.el7aos.noarch.rpm nodejs-object-assign-4.0.1-1.el7aos.noarch.rpm nodejs-object.omit-2.0.0-1.el7aos.noarch.rpm nodejs-on-finished-2.3.0-1.el7aos.noarch.rpm nodejs-on-headers-1.0.0-1.el7aos.noarch.rpm nodejs-once-1.3.2-5.el7aos.noarch.rpm nodejs-openshift-auth-proxy-0.0.20-1.el7aos.noarch.rpm nodejs-optimist-0.4.0-5.el7aos.noarch.rpm nodejs-os-homedir-1.0.1-1.el7aos.noarch.rpm nodejs-os-locale-1.4.0-1.el7aos.noarch.rpm nodejs-os-tmpdir-1.0.1-1.el7aos.noarch.rpm nodejs-osenv-0.1.0-2.el7aos.noarch.rpm nodejs-package-json-2.3.0-1.el7aos.noarch.rpm nodejs-packaging-7-1.el7ost.noarch.rpm nodejs-parse-duration-0.1.1-2.el7aos.noarch.rpm nodejs-parse-glob-3.0.4-1.el7aos.noarch.rpm nodejs-parse-json-2.2.0-2.el7aos.noarch.rpm nodejs-parseurl-1.3.0-1.el7aos.noarch.rpm nodejs-passport-0.2.2-4.el7aos.noarch.rpm nodejs-passport-http-bearer-1.0.1-2.el7aos.noarch.rpm nodejs-passport-oauth2-1.1.2-4.el7aos.noarch.rpm nodejs-passport-strategy-1.0.0-4.el7aos.noarch.rpm nodejs-path-is-absolute-1.0.0-1.el7aos.noarch.rpm nodejs-path-to-regexp-1.2.1-1.el7aos.noarch.rpm nodejs-patternfly-2.2.0-2.el7aos.noarch.rpm nodejs-pause-0.0.1-3.el7aos.noarch.rpm nodejs-pause-stream-0.0.11-2.el7aos.noarch.rpm nodejs-pinkie-2.0.1-1.el7aos.noarch.rpm nodejs-pinkie-promise-2.0.0-1.el7aos.noarch.rpm nodejs-prepend-http-1.0.1-2.el7aos.noarch.rpm nodejs-preserve-0.2.0-1.el7aos.noarch.rpm nodejs-process-nextick-args-1.0.2-1.el7aos.noarch.rpm nodejs-proxy-addr-1.0.8-2.el7aos.noarch.rpm nodejs-ps-tree-1.0.1-1.el7aos.noarch.rpm nodejs-qs-5.2.0-1.el7aos.noarch.rpm nodejs-randomatic-1.1.5-1.el7aos.noarch.rpm nodejs-range-parser-1.0.2-1.el7aos.noarch.rpm nodejs-raw-body-2.1.4-2.el7aos.noarch.rpm nodejs-rc-1.1.2-1.el7aos.noarch.rpm nodejs-read-all-stream-3.0.1-3.el7aos.noarch.rpm nodejs-readable-stream-2.0.2-1.el7aos.noarch.rpm nodejs-readdirp-2.0.0-2.el7aos.noarch.rpm nodejs-regex-cache-0.4.2-1.el7aos.noarch.rpm nodejs-registry-url-3.0.3-1.el7aos.noarch.rpm nodejs-repeat-element-1.1.2-1.el7aos.noarch.rpm nodejs-repeat-string-1.5.2-1.el7aos.noarch.rpm nodejs-repeating-2.0.0-2.el7aos.noarch.rpm nodejs-request-2.61.0-2.el7aos.noarch.rpm nodejs-requires-port-0.0.1-2.el7aos.noarch.rpm nodejs-resolve-1.1.6-1.el7aos.noarch.rpm nodejs-right-align-0.1.3-1.el7aos.noarch.rpm nodejs-semver-5.1.0-1.el7aos.noarch.rpm nodejs-semver-diff-2.1.0-1.el7aos.noarch.rpm nodejs-send-0.13.0-3.el7aos.noarch.rpm nodejs-serve-static-1.10.0-2.el7aos.noarch.rpm nodejs-slide-1.1.5-3.el7aos.noarch.rpm nodejs-sntp-1.0.9-2.el7aos.noarch.rpm nodejs-split-0.3.3-2.el7aos.noarch.rpm nodejs-statuses-1.2.1-3.el7aos.noarch.rpm nodejs-stream-combiner-0.2.1-2.el7aos.noarch.rpm nodejs-string-length-1.0.1-1.el7aos.noarch.rpm nodejs-string_decoder-0.10.31-2.el7aos.noarch.rpm nodejs-stringstream-0.0.4-1.el7aos.noarch.rpm nodejs-strip-ansi-3.0.0-1.el7aos.noarch.rpm nodejs-strip-json-comments-1.0.2-2.el7aos.noarch.rpm nodejs-success-symbol-0.1.0-1.el7aos.noarch.rpm nodejs-supports-color-3.1.1-1.el7aos.noarch.rpm nodejs-through-2.3.4-4.el7aos.noarch.rpm nodejs-timed-out-2.0.0-3.el7aos.noarch.rpm nodejs-touch-1.0.0-2.el7aos.noarch.rpm nodejs-tough-cookie-2.0.0-1.el7aos.noarch.rpm nodejs-tunnel-agent-0.4.1-1.el7aos.noarch.rpm nodejs-type-is-1.6.9-1.el7aos.noarch.rpm nodejs-typedarray-0.0.6-1.el7aos.noarch.rpm nodejs-uid2-0.0.3-3.el7aos.noarch.rpm nodejs-undefsafe-0.0.3-1.el7aos.noarch.rpm nodejs-unpipe-1.0.0-1.el7aos.noarch.rpm nodejs-unzip-response-1.0.0-1.el7aos.noarch.rpm nodejs-update-notifier-0.6.0-1.el7aos.noarch.rpm nodejs-url-join-0.0.1-2.el7aos.noarch.rpm nodejs-url-parse-lax-1.0.0-1.el7aos.noarch.rpm nodejs-util-deprecate-1.0.1-1.el7aos.noarch.rpm nodejs-utils-merge-1.0.0-1.el7aos.noarch.rpm nodejs-uuid-2.0.1-1.el7aos.noarch.rpm nodejs-vary-1.0.1-1.el7aos.noarch.rpm nodejs-window-size-0.1.2-1.el7aos.noarch.rpm nodejs-wordwrap-1.0.0-1.el7aos.noarch.rpm nodejs-wrappy-1.0.1-4.el7aos.noarch.rpm nodejs-write-file-atomic-1.1.2-2.el7aos.noarch.rpm nodejs-xdg-basedir-2.0.0-1.el7aos.noarch.rpm nodejs-xtend-4.0.0-4.el7aos.noarch.rpm nodejs-y18n-3.1.0-1.el7aos.noarch.rpm nodejs-yargs-3.24.0-1.el7aos.noarch.rpm openshift-elasticsearch-plugin-0.13.0.redhat_1-1.el7.noarch.rpm openvswitch-test-2.4.0-2.el7_2.noarch.rpm origin-kibana-0.5.0-1.el7aos.noarch.rpm perl-thrift-0.9.1-12.el7.noarch.rpm python-click-4.1-2.el7aos.noarch.rpm python-contextlib2-0.5.1-2.el7.noarch.rpm python-ecdsa-0.11-3.el7aos.noarch.rpm python-elasticsearch-2.3.0-1.el7.noarch.rpm python-extras-0.0.3-2.el7.noarch.rpm python-fixtures-0.3.14-3.el7.noarch.rpm python-httplib2-0.9.1-2.el7aos.noarch.rpm python-keyczar-0.71c-2.el7aos.noarch.rpm python-linecache2-1.0.0-3.el7.noarch.rpm python-mimeparse-0.1.4-2.el7.noarch.rpm python-nose-xcover-1.0.10-1.el7.noarch.rpm python-openvswitch-2.4.0-2.el7_2.noarch.rpm python-paramiko-1.15.2-1.el7aos.noarch.rpm python-pbr-1.8.1-2.el7.noarch.rpm python-setuptools-17.1.1-3.el7aos.noarch.rpm python-testtools-1.1.0-1.el7.noarch.rpm python-testtools-doc-1.1.0-1.el7.noarch.rpm python-traceback2-1.4.0-2.el7.noarch.rpm python-unittest2-1.1.0-5.el7.noarch.rpm python2-mock-1.0.1-9.2.el7.noarch.rpm python33-python-pip-1.5.6-5.el7.noarch.rpm rubygem-activesupport-4.2.4-3.el7aos.noarch.rpm rubygem-addressable-2.3.6-6.el7aos.noarch.rpm rubygem-addressable-doc-2.3.6-6.el7aos.noarch.rpm rubygem-atomic-doc-1.1.16-3.el7aos.noarch.rpm rubygem-builder-3.1.4-3.el7aos.noarch.rpm rubygem-builder-doc-3.1.4-3.el7aos.noarch.rpm rubygem-configuration-1.3.2-3.el7aos.noarch.rpm rubygem-configuration-doc-1.3.2-3.el7aos.noarch.rpm rubygem-cool.io-doc-1.2.4-2.el7aos.noarch.rpm rubygem-crack-0.3.2-1.el7aos.noarch.rpm rubygem-crack-doc-0.3.2-1.el7aos.noarch.rpm rubygem-dalli-2.7.4-2.el7aos.noarch.rpm rubygem-dalli-doc-2.7.4-2.el7aos.noarch.rpm rubygem-diff-lcs-1.1.3-2.2.el7aos.noarch.rpm rubygem-diff-lcs-doc-1.1.3-2.2.el7aos.noarch.rpm rubygem-docker-api-1.22.4-1.el7aos.noarch.rpm rubygem-docker-api-doc-1.22.4-1.el7aos.noarch.rpm rubygem-elasticsearch-1.0.8-1.el7aos.noarch.rpm rubygem-elasticsearch-api-1.0.7-1.el7aos.noarch.rpm rubygem-elasticsearch-api-doc-1.0.7-1.el7aos.noarch.rpm rubygem-elasticsearch-doc-1.0.8-1.el7aos.noarch.rpm rubygem-elasticsearch-extensions-0.0.15-2.el7aos.noarch.rpm rubygem-elasticsearch-extensions-doc-0.0.15-2.el7aos.noarch.rpm rubygem-elasticsearch-transport-1.0.7-1.el7aos.noarch.rpm rubygem-elasticsearch-transport-doc-1.0.7-1.el7aos.noarch.rpm rubygem-excon-0.39.6-1.el7aos.noarch.rpm rubygem-excon-doc-0.39.6-1.el7aos.noarch.rpm rubygem-faraday-0.9.0-3.el7aos.noarch.rpm rubygem-faraday-doc-0.9.0-3.el7aos.noarch.rpm rubygem-fluent-plugin-add-0.0.3-1.el7aos.noarch.rpm rubygem-fluent-plugin-add-doc-0.0.3-1.el7aos.noarch.rpm rubygem-fluent-plugin-docker_metadata_filter-0.1.1-1.el7aos.noarch.rpm rubygem-fluent-plugin-docker_metadata_filter-doc-0.1.1-1.el7aos.noarch.rpm rubygem-fluent-plugin-elasticsearch-1.3.0-2.el7.noarch.rpm rubygem-fluent-plugin-elasticsearch-doc-1.3.0-2.el7.noarch.rpm rubygem-fluent-plugin-flatten-hash-0.2.0-1.el7aos.noarch.rpm rubygem-fluent-plugin-flatten-hash-doc-0.2.0-1.el7aos.noarch.rpm rubygem-fluent-plugin-kubernetes_metadata_filter-0.12.0-1.el7aos.noarch.rpm rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0.12.0-1.el7aos.noarch.rpm rubygem-http_parser.rb-doc-0.6.0-1.el7aos.noarch.rpm rubygem-i18n-0.7.0-3.el7aos.noarch.rpm rubygem-i18n-doc-0.7.0-3.el7aos.noarch.rpm rubygem-introspection-0.0.2-8.el7aos.noarch.rpm rubygem-introspection-doc-0.0.2-8.el7aos.noarch.rpm rubygem-jnunemaker-matchy-0.4.0-10.el7aos.noarch.rpm rubygem-jnunemaker-matchy-doc-0.4.0-10.el7aos.noarch.rpm rubygem-json_pure-1.6.3-9.el7aos.noarch.rpm rubygem-json_pure-doc-1.6.3-9.el7aos.noarch.rpm rubygem-kubeclient-0.7.0-1.el7aos.noarch.rpm rubygem-kubeclient-doc-0.7.0-1.el7aos.noarch.rpm rubygem-launchy-0.4.0-9.el7aos.noarch.rpm rubygem-lru_redux-1.1.0-1.el7aos.noarch.rpm rubygem-lru_redux-doc-1.1.0-1.el7aos.noarch.rpm rubygem-metaclass-0.0.1-8.el7aos.noarch.rpm rubygem-metaclass-doc-0.0.1-8.el7aos.noarch.rpm rubygem-mime-types-1.19-3.el7aos.noarch.rpm rubygem-mime-types-doc-1.19-3.el7aos.noarch.rpm rubygem-minitest-4.7.0-2.el7aos.noarch.rpm rubygem-minitest-doc-4.7.0-2.el7aos.noarch.rpm rubygem-mocha-0.14.0-1.el7aos.noarch.rpm rubygem-mocha-doc-0.14.0-1.el7aos.noarch.rpm rubygem-msgpack-doc-0.5.11-1.el7aos.noarch.rpm rubygem-multi_json-1.10.1-1.el7aos.noarch.rpm rubygem-multi_json-doc-1.10.1-1.el7aos.noarch.rpm rubygem-multipart-post-2.0.0-2.el7aos.noarch.rpm rubygem-multipart-post-doc-2.0.0-2.el7aos.noarch.rpm rubygem-netrc-0.7.7-3.el7aos.noarch.rpm rubygem-netrc-doc-0.7.7-3.el7aos.noarch.rpm rubygem-rack-1.5.2-4.el7aos.noarch.rpm rubygem-rack-doc-1.5.2-4.el7aos.noarch.rpm rubygem-recursive-open-struct-0.6.5-1.el7aos.noarch.rpm rubygem-recursive-open-struct-doc-0.6.5-1.el7aos.noarch.rpm rubygem-rest-client-1.6.7-4.el7aos.noarch.rpm rubygem-rr-1.1.2-4.el7aos.noarch.rpm rubygem-rr-doc-1.1.2-4.el7aos.noarch.rpm rubygem-rspec-2.14.1-1.el7aos.noarch.rpm rubygem-rspec-core-2.14.8-1.el7aos.0.noarch.rpm rubygem-rspec-core-doc-2.14.8-1.el7aos.0.noarch.rpm rubygem-rspec-expectations-2.14.5-2.el7aos.1.noarch.rpm rubygem-rspec-expectations-doc-2.14.5-2.el7aos.1.noarch.rpm rubygem-rspec-mocks-2.14.6-2.el7aos.1.noarch.rpm rubygem-rspec-mocks-doc-2.14.6-2.el7aos.1.noarch.rpm rubygem-session-3.1.0-10.el7aos.noarch.rpm rubygem-session-doc-3.1.0-10.el7aos.noarch.rpm rubygem-shoulda-2.11.3-8.el7aos.noarch.rpm rubygem-shoulda-doc-2.11.3-8.el7aos.noarch.rpm rubygem-sigdump-0.2.2-1.el7aos.noarch.rpm rubygem-sigdump-doc-0.2.2-1.el7aos.noarch.rpm rubygem-string-scrub-doc-0.0.5-1.el7aos.noarch.rpm rubygem-test-unit-2.5.5-1.el7aos.noarch.rpm rubygem-test-unit-doc-2.5.5-1.el7aos.noarch.rpm rubygem-test-unit-rr-1.0.3-3.el7aos.noarch.rpm rubygem-test-unit-rr-doc-1.0.3-3.el7aos.noarch.rpm rubygem-test_declarative-0.0.5-5.el7aos.noarch.rpm rubygem-test_declarative-doc-0.0.5-5.el7aos.noarch.rpm rubygem-thread_safe-0.3.4-1.el7aos.noarch.rpm rubygem-thread_safe-doc-0.3.4-1.el7aos.noarch.rpm rubygem-tzinfo-1.2.2-2.el7aos.noarch.rpm rubygem-tzinfo-data-1.2014.10-2.el7aos.noarch.rpm rubygem-tzinfo-data-doc-1.2014.10-2.el7aos.noarch.rpm rubygem-tzinfo-doc-1.2.2-2.el7aos.noarch.rpm rubygem-webmock-1.17.1-3.el7aos.noarch.rpm rubygem-webmock-doc-1.17.1-3.el7aos.noarch.rpm rubygem-yajl-ruby-doc-1.2.1-1.el7aos.noarch.rpm search-guard-0.5.1.redhat_1-1.el7.noarch.rpm x86_64: atomic-openshift-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-clients-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-dockerregistry-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-master-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-node-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-pod-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-recycle-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm atomic-openshift-tests-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm cockpit-debuginfo-0.93-3.el7.x86_64.rpm cockpit-kubernetes-0.93-3.el7.x86_64.rpm fb303-0.9.1-12.el7.x86_64.rpm fb303-devel-0.9.1-12.el7.x86_64.rpm heapster-0.18.2-4.gitaf4752e.el7.x86_64.rpm http-parser-2.0-4.20121128gitcd01361.el7ost.x86_64.rpm http-parser-debuginfo-2.0-4.20121128gitcd01361.el7ost.x86_64.rpm http-parser-devel-2.0-4.20121128gitcd01361.el7ost.x86_64.rpm image-inspector-1.0.0-1.el7aos.x86_64.rpm jenkins-plugin-credentials-1.24-2.el7.x86_64.rpm jenkins-plugin-durable-task-1.7-1.el7.x86_64.rpm jenkins-plugin-kubernetes-0.5-1.el7.x86_64.rpm jenkins-plugin-openshift-0.6.41-1.el7aos.x86_64.rpm jenkins-plugin-openshift-pipeline-1.0.9-1.el7.x86_64.rpm jenkins-plugin-promoted-builds-2.23-1.el7aos.x86_64.rpm jenkins-plugin-swarm-2.0-2.el7aos.x86_64.rpm kibana-4.1.2-2.el7aos.x86_64.rpm kibana-debuginfo-4.1.2-2.el7aos.x86_64.rpm libuv-0.10.34-1.el7ost.x86_64.rpm libuv-debuginfo-0.10.34-1.el7ost.x86_64.rpm libuv-devel-0.10.34-1.el7ost.x86_64.rpm libuv-static-0.10.34-1.el7ost.x86_64.rpm nodejs-0.10.36-3.el7ost.x86_64.rpm nodejs-debuginfo-0.10.36-3.el7ost.x86_64.rpm nodejs-devel-0.10.36-3.el7ost.x86_64.rpm nss_wrapper-1.0.3-1.el7.x86_64.rpm nss_wrapper-debuginfo-1.0.3-1.el7.x86_64.rpm openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm openvswitch-devel-2.4.0-2.el7_2.x86_64.rpm php55-php-pecl-imagick-3.1.2-6.el7.x86_64.rpm php55-php-pecl-imagick-debuginfo-3.1.2-6.el7.x86_64.rpm php55-php-pecl-xdebug-2.2.7-3.el7.x86_64.rpm php55-php-pecl-xdebug-debuginfo-2.2.7-3.el7.x86_64.rpm python-crypto-2.6.1-1.el7aos.x86_64.rpm python-crypto-debuginfo-2.6.1-1.el7aos.x86_64.rpm python-fb303-0.9.1-12.el7.x86_64.rpm python-thrift-0.9.1-12.el7.x86_64.rpm rubygem-atomic-1.1.16-3.el7aos.x86_64.rpm rubygem-atomic-debuginfo-1.1.16-3.el7aos.x86_64.rpm rubygem-cool.io-1.2.4-2.el7aos.x86_64.rpm rubygem-cool.io-debuginfo-1.2.4-2.el7aos.x86_64.rpm rubygem-http_parser.rb-0.6.0-1.el7aos.x86_64.rpm rubygem-http_parser.rb-debuginfo-0.6.0-1.el7aos.x86_64.rpm rubygem-msgpack-0.5.11-1.el7aos.x86_64.rpm rubygem-msgpack-debuginfo-0.5.11-1.el7aos.x86_64.rpm rubygem-string-scrub-0.0.5-1.el7aos.x86_64.rpm rubygem-string-scrub-debuginfo-0.0.5-1.el7aos.x86_64.rpm rubygem-yajl-ruby-1.2.1-1.el7aos.x86_64.rpm rubygem-yajl-ruby-debuginfo-1.2.1-1.el7aos.x86_64.rpm sshpass-1.05-5.el7aos.x86_64.rpm sshpass-debuginfo-1.05-5.el7aos.x86_64.rpm thrift-0.9.1-12.el7.x86_64.rpm thrift-debuginfo-0.9.1-12.el7.x86_64.rpm thrift-devel-0.9.1-12.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.2.0.20-1.git.0.f44746c.el7.x86_64.rpm v8-3.14.5.10-17.el7ost.x86_64.rpm v8-debuginfo-3.14.5.10-17.el7ost.x86_64.rpm v8-devel-3.14.5.10-17.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2149 https://access.redhat.com/security/cve/CVE-2016-2160 https://access.redhat.com/security/cve/CVE-2016-3711 https://access.redhat.com/security/updates/classification/#important https://docs.openshift.com/enterprise/3.2/release_notes/ose_3_2_release_notes.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNK9yXlSAg2UNWIIRAlplAJ9u/BNYpZNtllslLiZ6AWveIPvJ4ACgoZDI 8Bm3xH06Gkr6jn7EmcOoZJg= =MaDn -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 12 19:30:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 May 2016 19:30:53 +0000 Subject: [RHSA-2016:1034-01] Moderate: docker security, bug fix, and enhancement update Message-ID: <201605121930.u4CJUsWk030141@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: docker security, bug fix, and enhancement update Advisory ID: RHSA-2016:1034-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1034.html Issue date: 2016-05-12 CVE Names: CVE-2016-3697 ===================================================================== 1. Summary: An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - x86_64 3. Description: Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Security Fix(es): * It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. (CVE-2016-3697) This issue was discovered by Mrunal Patel (Red Hat). Bug Fix(es): * The process of pulling an image spawns a new "goroutine" for each layer in the image manifest. If any of these downloads, everything stops and an error is returned, even though other goroutines would still be running and writing output through a progress reader which is attached to an http response writer. Since the request handler had already returned from the first error, the http server panics when one of these download goroutines makes a write to the response writer buffer. This bug has been fixed, and docker no longer panics when pulling an image. (BZ#1264562) * Previously, in certain situations, a container rootfs remained busy during container removal. This typically happened if a container mount point leaked into another mount namespace. As a consequence, container removal failed. To fix this bug, a new docker daemon option "dm.use_deferred_deletion" has been provided. If set to true, this option will defer the container rootfs deletion. The user will see success on container removal but the actual thin device backing the rootfs will be deleted later when it is not busy anymore. (BZ#1190492) * Previously, the Docker unit file had the "Restart" option set to "on-failure". Consequently, the docker daemon was forced to restart even in cases where it couldn't be started because of configuration or other issues and this situation forced unnecessary restarts of the docker-storage-setup service in a loop. This also caused real error messages to be lost due to so many restarts. To fix this bug, "Restart=on-failure" has been replaced with "Restart=on-abnormal" in the docker unit file. As a result, the docker daemon will not automatically restart if it fails with an unclean exit code. (BZ#1319783) * Previously, the request body was incorrectly read twice by the docker daemon and consequently, an EOF error was returned. To fix this bug, the code which incorrectly read the request body the first time has been removed. As a result, the EOF error is no longer returned and the body is correctly read when really needed. (BZ#1329743) Enhancement(s): * The /usr/bin/docker script now calls /usr/bin/docker-current or /usr/bin/docker-latest based on the value of the sysconfig variable DOCKERBINARY present in /etc/sysconfig/docker. /usr/bin/docker and /etc/sysconfig/docker provided by the docker-common package allow the admin to configure which docker client binary gets called. /usr/bin/docker will call /usr/bin/docker-latest by default when docker is not installed. If docker is installed, /usr/bin/docker will call /usr/bin/docker-current by default, unless DOCKERBINARY is set to /usr/bin/docker-latest in /etc/sysconfig/docker. This way, you can use docker-latest or docker without the need to check which version of the daemon is currently running. (BZ#1328219) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1186066 - The docker stop operation doesn't work with --pid=host containers containing multiple processes 1261565 - docker-storage-setup service fails after initial successful run if DEVS is defined in /etc/sysconfig/docker-storage-setup 1266307 - Capture information about the remote user connecting over socket in /run/docker 1268059 - docker exec setting the wrong cgroups 1272143 - Can't start containers that use supplemental groups but lack /etc/groups 1303110 - [extras-rhel-7.2.4] Docker does not own /usr/lib/docker-storage-setup 1309739 - docker push fails when pushing image to docker hub 1316651 - Docker run read-only: System error: read-only file system 1319783 - [docker] Use Restart=on-abnormal instead of Restart=on-failure 1322762 - sha256 Conflict while pull images after upgrade 1328219 - [extras-rhel-7.2.4] include docker-common subpackage in 'docker' to handle /usr/bin/docker for docker and docker-latest 1329423 - Skip /dev setup in container when it is bind mounted in 1329450 - CVE-2016-3697 docker: privilege escalation via confusion of usernames and UIDs 1329743 - Unable to push images to private registry using docker-1.9.1-25 and python-docker-py-1.7.2-1 1330595 - /usr/bin/docker wrapper script: $@ must be quoted 1330622 - enhance condition judgement in /usr/bin/docker script 1331007 - SELinux regression in docker-selinux-1.9.1-37 1332592 - Incomplete requirement on docker-common 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: docker-1.9.1-40.el7.src.rpm x86_64: docker-1.9.1-40.el7.x86_64.rpm docker-common-1.9.1-40.el7.x86_64.rpm docker-forward-journald-1.9.1-40.el7.x86_64.rpm docker-logrotate-1.9.1-40.el7.x86_64.rpm docker-selinux-1.9.1-40.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3697 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNNmjXlSAg2UNWIIRAiykAJsFs/yFnQFjyl2Yy/SEvNqQEkMkAQCfaZQg 27AS5B9QUiqNaHl08y1kvTs= =GZkL -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri May 13 07:51:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 13 May 2016 07:51:01 +0000 Subject: [RHSA-2016:1079-01] Critical: flash-plugin security update Message-ID: <201605130751.u4D7p2VP021977@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1079-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1079.html Issue date: 2016-05-13 CVE Names: CVE-2016-1096 CVE-2016-1097 CVE-2016-1098 CVE-2016-1099 CVE-2016-1100 CVE-2016-1101 CVE-2016-1102 CVE-2016-1103 CVE-2016-1104 CVE-2016-1105 CVE-2016-1106 CVE-2016-1107 CVE-2016-1108 CVE-2016-1109 CVE-2016-1110 CVE-2016-4108 CVE-2016-4109 CVE-2016-4110 CVE-2016-4111 CVE-2016-4112 CVE-2016-4113 CVE-2016-4114 CVE-2016-4115 CVE-2016-4116 CVE-2016-4117 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.621. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1335058 - flash-plugin: multiple code execution issues fixed in APSB16-15 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.621-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.621-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.621-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.621-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.621-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.621-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.621-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.621-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.621-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.621-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1096 https://access.redhat.com/security/cve/CVE-2016-1097 https://access.redhat.com/security/cve/CVE-2016-1098 https://access.redhat.com/security/cve/CVE-2016-1099 https://access.redhat.com/security/cve/CVE-2016-1100 https://access.redhat.com/security/cve/CVE-2016-1101 https://access.redhat.com/security/cve/CVE-2016-1102 https://access.redhat.com/security/cve/CVE-2016-1103 https://access.redhat.com/security/cve/CVE-2016-1104 https://access.redhat.com/security/cve/CVE-2016-1105 https://access.redhat.com/security/cve/CVE-2016-1106 https://access.redhat.com/security/cve/CVE-2016-1107 https://access.redhat.com/security/cve/CVE-2016-1108 https://access.redhat.com/security/cve/CVE-2016-1109 https://access.redhat.com/security/cve/CVE-2016-1110 https://access.redhat.com/security/cve/CVE-2016-4108 https://access.redhat.com/security/cve/CVE-2016-4109 https://access.redhat.com/security/cve/CVE-2016-4110 https://access.redhat.com/security/cve/CVE-2016-4111 https://access.redhat.com/security/cve/CVE-2016-4112 https://access.redhat.com/security/cve/CVE-2016-4113 https://access.redhat.com/security/cve/CVE-2016-4114 https://access.redhat.com/security/cve/CVE-2016-4115 https://access.redhat.com/security/cve/CVE-2016-4116 https://access.redhat.com/security/cve/CVE-2016-4117 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-15.html https://helpx.adobe.com/security/products/flash-player/apsa16-02.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNYc9XlSAg2UNWIIRAtopAKDCq8K7AWR/+AAKrOpY2PWlaTYsUQCffEl1 I1hRJ8VqBTq66tQjdN0l5dE= =xrRV -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri May 13 07:51:30 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 13 May 2016 07:51:30 +0000 Subject: [RHSA-2016:1080-01] Important: chromium-browser security update Message-ID: <201605130751.u4D7pU9R006194@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:1080-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1080.html Issue date: 2016-05-13 CVE Names: CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 50.0.2661.102. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1335447 - CVE-2016-1667 chromium-browser: same origin bypass in dom 1335448 - CVE-2016-1668 chromium-browser: same origin bypass in blink v8 bindings 1335449 - CVE-2016-1669 chromium-browser: buffer overflow in v8 1335450 - CVE-2016-1670 chromium-browser: race condition in loader 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-50.0.2661.102-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.102-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.102-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.102-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-50.0.2661.102-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.102-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.102-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.102-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-50.0.2661.102-1.el6.i686.rpm chromium-browser-debuginfo-50.0.2661.102-1.el6.i686.rpm x86_64: chromium-browser-50.0.2661.102-1.el6.x86_64.rpm chromium-browser-debuginfo-50.0.2661.102-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1667 https://access.redhat.com/security/cve/CVE-2016-1668 https://access.redhat.com/security/cve/CVE-2016-1669 https://access.redhat.com/security/cve/CVE-2016-1670 https://access.redhat.com/security/updates/classification/#important http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXNYd0XlSAg2UNWIIRAv5dAKC82YIB7NpAwiNQ4XzpwgufvD7VIwCgsUGI HDSCLv6eXdzhGrAXQWPzT2o= =vR4G -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 17 12:05:58 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 May 2016 12:05:58 +0000 Subject: [RHSA-2016:1086-01] Moderate: libndp security update Message-ID: <201605171205.u4HC5wHd014967@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libndp security update Advisory ID: RHSA-2016:1086-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1086.html Issue date: 2016-05-17 CVE Names: CVE-2016-3698 ===================================================================== 1. Summary: An update for libndp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix(es): * It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698) Red Hat would like to thank Julien Bernard (Viag?nie) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, all running applications using libndp (for example, Network Manager) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1329366 - CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libndp-1.2-6.el7_2.src.rpm x86_64: libndp-1.2-6.el7_2.i686.rpm libndp-1.2-6.el7_2.x86_64.rpm libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm libndp-devel-1.2-6.el7_2.i686.rpm libndp-devel-1.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libndp-1.2-6.el7_2.src.rpm x86_64: libndp-1.2-6.el7_2.i686.rpm libndp-1.2-6.el7_2.x86_64.rpm libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm libndp-devel-1.2-6.el7_2.i686.rpm libndp-devel-1.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libndp-1.2-6.el7_2.src.rpm ppc64: libndp-1.2-6.el7_2.ppc.rpm libndp-1.2-6.el7_2.ppc64.rpm libndp-debuginfo-1.2-6.el7_2.ppc.rpm libndp-debuginfo-1.2-6.el7_2.ppc64.rpm ppc64le: libndp-1.2-6.el7_2.ppc64le.rpm libndp-debuginfo-1.2-6.el7_2.ppc64le.rpm s390x: libndp-1.2-6.el7_2.s390.rpm libndp-1.2-6.el7_2.s390x.rpm libndp-debuginfo-1.2-6.el7_2.s390.rpm libndp-debuginfo-1.2-6.el7_2.s390x.rpm x86_64: libndp-1.2-6.el7_2.i686.rpm libndp-1.2-6.el7_2.x86_64.rpm libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libndp-debuginfo-1.2-6.el7_2.ppc.rpm libndp-debuginfo-1.2-6.el7_2.ppc64.rpm libndp-devel-1.2-6.el7_2.ppc.rpm libndp-devel-1.2-6.el7_2.ppc64.rpm ppc64le: libndp-debuginfo-1.2-6.el7_2.ppc64le.rpm libndp-devel-1.2-6.el7_2.ppc64le.rpm s390x: libndp-debuginfo-1.2-6.el7_2.s390.rpm libndp-debuginfo-1.2-6.el7_2.s390x.rpm libndp-devel-1.2-6.el7_2.s390.rpm libndp-devel-1.2-6.el7_2.s390x.rpm x86_64: libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm libndp-devel-1.2-6.el7_2.i686.rpm libndp-devel-1.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libndp-1.2-6.el7_2.src.rpm x86_64: libndp-1.2-6.el7_2.i686.rpm libndp-1.2-6.el7_2.x86_64.rpm libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libndp-debuginfo-1.2-6.el7_2.i686.rpm libndp-debuginfo-1.2-6.el7_2.x86_64.rpm libndp-devel-1.2-6.el7_2.i686.rpm libndp-devel-1.2-6.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3698 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXOwkFXlSAg2UNWIIRAjNkAKDC4cGXdR8OrGfFvHoXNR+WWuSAGQCeIAbb 7ug6NGbWvaHaD5eRAyt4LTY= =78vq -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 23:13:29 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2016 23:13:29 +0000 Subject: [RHSA-2016:1094-01] Important: Red Hat OpenShift Enterprise 3.2 security update Message-ID: <201605192313.u4JNDTYO004330@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 3.2 security update Advisory ID: RHSA-2016:1094-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1094 Issue date: 2016-05-19 CVE Names: CVE-2016-3703 CVE-2016-3708 CVE-2016-3738 ===================================================================== 1. Summary: An update for atomic-openshift and nodejs-node-uuid is now available for Red Hat OpenShift Enterprise 3.2. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.2 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges. (CVE-2016-3738) * An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter. (CVE-2016-3703) * A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it. (CVE-2016-3708) The CVE-2016-3738 issue was discovered by David Eads (Red Hat); the CVE-2016-3703 issue was discovered by Jordan Liggitt (Red Hat); and the CVE-2016-3708 issue was discovered by Ben Parees (Red Hat). This update includes the following images: openshift3/ose:v3.2.0.44-2 openshift3/ose-deployer:v3.2.0.44-2 openshift3/ose-docker-builder:v3.2.0.44-2 openshift3/ose-docker-registry:v3.2.0.44-2 openshift3/ose-f5-router:v3.2.0.44-2 openshift3/ose-haproxy-router:v3.2.0.44-2 openshift3/ose-keepalived-ipfailover:v3.2.0.44-2 openshift3/ose-pod:v3.2.0.44-2 openshift3/ose-recycler:v3.2.0.44-2 openshift3/ose-sti-builder:v3.2.0.44-2 openshift3/jenkins-1-rhel7:1.642-32 openshift3/logging-auth-proxy:3.2.0-4 openshift3/logging-deployment:3.2.0-9 openshift3/logging-elasticsearch:3.2.0-8 openshift3/logging-fluentd:3.2.0-8 openshift3/logging-kibana:3.2.0-4 openshift3/metrics-deployer:3.2.0-6 openshift3/metrics-heapster:3.2.0-6 openshift3/mongodb-24-rhel7:2.4-28 openshift3/mysql-55-rhel7:5.5-26 openshift3/nodejs-010-rhel7:0.10-35 openshift3/node:v3.2.0.44-2 openshift3/openvswitch:v3.2.0.44-2 openshift3/perl-516-rhel7:5.16-38 openshift3/php-55-rhel7:5.5-35 openshift3/postgresql-92-rhel7:9.2-25 openshift3/python-33-rhel7:3.3-35 openshift3/ruby-20-rhel7:2.0-35 aep3_beta/aep:v3.2.0.44-2 aep3_beta/aep-deployer:v3.2.0.44-2 aep3_beta/aep-docker-registry:v3.2.0.44-2 aep3_beta/aep-f5-router:v3.2.0.44-2 aep3_beta/aep-haproxy-router:v3.2.0.44-2 aep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2 aep3_beta/aep-pod:v3.2.0.44-2 aep3_beta/aep-recycler:v3.2.0.44-2 aep3_beta/logging-auth-proxy:3.2.0-4 aep3_beta/logging-deployment:3.2.0-9 aep3_beta/logging-elasticsearch:3.2.0-8 aep3_beta/logging-fluentd:3.2.0-8 aep3_beta/logging-kibana:3.2.0-4 aep3_beta/metrics-deployer:3.2.0-6 aep3_beta/metrics-heapster:3.2.0-6 aep3_beta/node:v3.2.0.44-2 aep3_beta/openvswitch:v3.2.0.44-2 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1306011 - Deployer pods incorrectly using the host entry from openshiftLoopbackKubeconfig 1318974 - Creating pods on OSE with awsElasticBlockStore only assigns devices /dev/xvdb - /dev/xvdp to openshift node 1324996 - JSON message fields are getting overwritten 1329044 - console.dev-preview-int.openshift.com setting of memory limit confusing 1330233 - CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain 1330364 - Should update the role name in the prompt on the web console 1331229 - CVE-2016-3708 OpenShiftEnterprise 3: s2i builds implicitly perform docker builds 1333168 - Node.js images crash with DEV_MODE=true 1333461 - CVE-2016-3738 origin: pod update allows docker socket access via build-pod 6. Package List: Red Hat OpenShift Enterprise 3.2: Source: atomic-openshift-3.2.0.44-1.git.0.a4463d9.el7.src.rpm nodejs-node-uuid-1.4.7-1.el7.src.rpm noarch: nodejs-node-uuid-1.4.7-1.el7.noarch.rpm x86_64: atomic-openshift-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-clients-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-dockerregistry-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-master-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-node-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-pod-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-recycle-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm atomic-openshift-tests-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.2.0.44-1.git.0.a4463d9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3703 https://access.redhat.com/security/cve/CVE-2016-3708 https://access.redhat.com/security/cve/CVE-2016-3738 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXPkiKXlSAg2UNWIIRAsa4AKDBVV9n5rX0BrQhspq/Kd1wNoTr8wCguVmp 9WTmxUn/XuRDJFzqxtZpCVI= =n+fK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 23:13:50 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2016 23:13:50 +0000 Subject: [RHSA-2016:1095-01] Moderate: Red Hat OpenShift Enterprise 3.1 security update Message-ID: <201605192313.u4JNDodC002491@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise 3.1 security update Advisory ID: RHSA-2016:1095-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1095 Issue date: 2016-05-19 CVE Names: CVE-2016-3703 ===================================================================== 1. Summary: An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.1. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter. (CVE-2016-3703) This issue was discovered by Jordan Liggitt (Red Hat). This update includes the following images: openshift3/ose:v3.1.1.6-21 openshift3/ose-deployer:v3.1.1.6-20 openshift3/ose-docker-builder:v3.1.1.6-19 openshift3/ose-docker-registry:v3.1.1.6-9 openshift3/ose-f5-router:v3.1.1.6-20 openshift3/ose-haproxy-router:v3.1.1.6-9 openshift3/ose-keepalived-ipfailover:v3.1.1.6-9 openshift3/ose-pod:v3.1.1.6-9 openshift3/ose-recycler:v3.1.1.6-9 openshift3/ose-sti-builder:v3.1.1.6-19 openshift3/logging-auth-proxy:3.1.1-9 openshift3/logging-deployment:3.1.1-17 openshift3/logging-elasticsearch:3.1.1-11 openshift3/logging-fluentd:3.1.1-11 openshift3/logging-kibana:3.1.1-8 openshift3/metrics-deployer:3.1.1-7 openshift3/metrics-heapster:3.1.1-7 openshift3/node:v3.1.1.6-20 openshift3/openvswitch:v3.1.1.6-10 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1330233 - CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: atomic-openshift-3.1.1.6-8.git.64.80b61da.el7aos.src.rpm x86_64: atomic-openshift-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-clients-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-clients-redistributable-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-dockerregistry-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-master-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-node-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-pod-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-recycle-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm atomic-openshift-sdn-ovs-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm tuned-profiles-atomic-openshift-node-3.1.1.6-8.git.64.80b61da.el7aos.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3703 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXPkigXlSAg2UNWIIRAhFEAJ4qTXT3KjhykUCw862jtc30PaJKLwCeK/+Y SKLTdLV3ELGncfFP8s+oaMg= =ZMQp -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 23 13:53:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 May 2016 13:53:07 +0000 Subject: [RHSA-2016:1096-01] Important: kernel security and bug fix update Message-ID: <201605231352.u4NDqsSR030521@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:1096-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1096.html Issue date: 2016-05-23 CVE Names: CVE-2015-5364 CVE-2015-5366 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) Bug Fix(es): * Prior to this update, if processes that generate interrupts were active during the guest shutdown sequence, the virtio driver in some cases did not correctly clear the interrupts. As a consequence, the guest kernel became unresponsive, which prevented the shutdown from completing. With this update, the virtio driver processes interrupts more effectively, and guests now shut down reliably in the described scenario. (BZ#1323568) * At a process or thread exit, when the Linux kernel undoes any SysV semaphore operations done previously (the ones done using semop with the SEM_UNDO flag), there was a possible flaw and race with another process or thread removing the same semaphore set where the operations occurred, leading to possible use of in-kernel-freed memory and then to possible unpredictable behavior. This bug could be noticed with software which uses IPC SysV semaphores, such as IBM DB2, which for example in certain cases could lead to some of its processes or utilities to get incorrectly stalled in some IPC semaphore operation or syscall after the race or problem happened. A patch has been provided to fix this bug, and the kernel now behaves as expected in the aforementioned scenario. (BZ#1326341) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1239029 - CVE-2015-5366 CVE-2015-5364 kernel: net: incorrect processing of checksums in UDP implementation 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.71.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.71.1.el6.noarch.rpm kernel-firmware-2.6.32-358.71.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.71.1.el6.x86_64.rpm kernel-debug-2.6.32-358.71.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.71.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.71.1.el6.x86_64.rpm kernel-devel-2.6.32-358.71.1.el6.x86_64.rpm kernel-headers-2.6.32-358.71.1.el6.x86_64.rpm perf-2.6.32-358.71.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.71.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.71.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm python-perf-2.6.32-358.71.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5364 https://access.redhat.com/security/cve/CVE-2015-5366 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXQwsMXlSAg2UNWIIRAqQGAJ4rAvyXoPPGVAneJMtohEKPeXMIGwCeK6qR BXlMhXfyGRME/4hnOYmg4DQ= =falh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 24 00:25:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 May 2016 00:25:51 +0000 Subject: [RHSA-2016:1099-01] Moderate: jq security update Message-ID: <201605240025.u4O0PqHL028137@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: jq security update Advisory ID: RHSA-2016:1099-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1099.html Issue date: 2016-05-23 CVE Names: CVE-2015-8863 ===================================================================== 1. Summary: An update for jq is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64 3. Description: jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): * A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. (CVE-2015-8863) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1328747 - CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: jq-1.3-3.el7ost.src.rpm x86_64: jq-1.3-3.el7ost.x86_64.rpm jq-debuginfo-1.3-3.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8863 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXQ58cXlSAg2UNWIIRAuoVAJoDM5VeHHmJomsk2GVT3QrPa0IsgACbB0Q6 As7/hUV/9ZGV4wVBLMk/sBo= =qYUQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 24 00:26:30 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 May 2016 00:26:30 +0000 Subject: [RHSA-2016:1098-01] Moderate: jq security update Message-ID: <201605240026.u4O0QUhK025554@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: jq security update Advisory ID: RHSA-2016:1098-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1098.html Issue date: 2016-05-23 CVE Names: CVE-2015-8863 ===================================================================== 1. Summary: An update for jq is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64 3. Description: jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): * A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. (CVE-2015-8863) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1328747 - CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: jq-1.3-3.el7ost.src.rpm x86_64: jq-1.3-3.el7ost.x86_64.rpm jq-debuginfo-1.3-3.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8863 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXQ5+wXlSAg2UNWIIRAi2FAJ4wQEdFFI32UzkH5wnrUF+EHND9dgCfe/Kw qhiT4OdOsGG00HHpPdr9PuU= =dVkx -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 24 14:58:54 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 May 2016 14:58:54 +0000 Subject: [RHSA-2016:1100-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201605241458.u4OEwfUt028431@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:1100-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1100.html Issue date: 2016-05-24 CVE Names: CVE-2015-5364 CVE-2015-5366 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) Bug Fix(es): * In anon_vma data structure, the degree counts number of child anon_vmas and of VMAs that point to this anon_vma. In the unlink_anon_vma() function, when its list is empty, anon_vma is going to be freed whether the external refcount is zero or not, so the parent's degree should be decremented. However, failure to decrement the degree triggered a BUG_ON() signal in unlink_anon_vma(). The provided patch fixes this bug, and the degree is now decremented as expected. (BZ#1326027) Enhancement(s): * The ixgbe NIC driver has been upgraded to upstream version 4.2.1, which provides a number of bug fixes and enhancements over the previous version. Notably: NULL pointer crashes related to VLAN support have been fixed Two more devices from the Intel X550 Ethernet controller family are now supported: IDs 15AC and 15AD Several PHY-related problems have been addressed: link disruptions and link flapping Added PHY-related support for Intel X550 System performance has been improved (BZ#1315702) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1239029 - CVE-2015-5366 CVE-2015-5364 kernel: net: incorrect processing of checksums in UDP implementation 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: kernel-2.6.32-504.49.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.49.1.el6.noarch.rpm kernel-doc-2.6.32-504.49.1.el6.noarch.rpm kernel-firmware-2.6.32-504.49.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.49.1.el6.x86_64.rpm kernel-debug-2.6.32-504.49.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.49.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.49.1.el6.x86_64.rpm kernel-devel-2.6.32-504.49.1.el6.x86_64.rpm kernel-headers-2.6.32-504.49.1.el6.x86_64.rpm perf-2.6.32-504.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm python-perf-2.6.32-504.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: kernel-2.6.32-504.49.1.el6.src.rpm i386: kernel-2.6.32-504.49.1.el6.i686.rpm kernel-debug-2.6.32-504.49.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.49.1.el6.i686.rpm kernel-devel-2.6.32-504.49.1.el6.i686.rpm kernel-headers-2.6.32-504.49.1.el6.i686.rpm perf-2.6.32-504.49.1.el6.i686.rpm perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.49.1.el6.noarch.rpm kernel-doc-2.6.32-504.49.1.el6.noarch.rpm kernel-firmware-2.6.32-504.49.1.el6.noarch.rpm ppc64: kernel-2.6.32-504.49.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.49.1.el6.ppc64.rpm kernel-debug-2.6.32-504.49.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.49.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.49.1.el6.ppc64.rpm kernel-devel-2.6.32-504.49.1.el6.ppc64.rpm kernel-headers-2.6.32-504.49.1.el6.ppc64.rpm perf-2.6.32-504.49.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm s390x: kernel-2.6.32-504.49.1.el6.s390x.rpm kernel-debug-2.6.32-504.49.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.49.1.el6.s390x.rpm kernel-debug-devel-2.6.32-504.49.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.49.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.49.1.el6.s390x.rpm kernel-devel-2.6.32-504.49.1.el6.s390x.rpm kernel-headers-2.6.32-504.49.1.el6.s390x.rpm kernel-kdump-2.6.32-504.49.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.49.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.49.1.el6.s390x.rpm perf-2.6.32-504.49.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.49.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.s390x.rpm x86_64: kernel-2.6.32-504.49.1.el6.x86_64.rpm kernel-debug-2.6.32-504.49.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.49.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.49.1.el6.x86_64.rpm kernel-devel-2.6.32-504.49.1.el6.x86_64.rpm kernel-headers-2.6.32-504.49.1.el6.x86_64.rpm perf-2.6.32-504.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: kernel-debug-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.49.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.49.1.el6.i686.rpm perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm python-perf-2.6.32-504.49.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.49.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm python-perf-2.6.32-504.49.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.49.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.49.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.49.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.49.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.49.1.el6.s390x.rpm python-perf-2.6.32-504.49.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.49.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm python-perf-2.6.32-504.49.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.49.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5364 https://access.redhat.com/security/cve/CVE-2015-5366 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXRGwVXlSAg2UNWIIRAnQ5AKDACcVloVC0HQd5lP5vWetMEU0/9wCeOEWe 6Nm17I+6OFkY0wGsPYWJfKE= =ad5j -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 25 07:19:37 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 May 2016 07:19:37 +0000 Subject: [RHSA-2016:1106-01] Moderate: jq security update Message-ID: <201605250719.u4P7JcbE011398@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: jq security update Advisory ID: RHSA-2016:1106-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1106.html Issue date: 2016-05-25 CVE Names: CVE-2015-8863 ===================================================================== 1. Summary: An update for jq is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - x86_64 3. Description: jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): * A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. (CVE-2015-8863) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1328747 - CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: jq-1.3-3.el7ost.src.rpm x86_64: jq-1.3-3.el7ost.x86_64.rpm jq-debuginfo-1.3-3.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8863 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXRVHtXlSAg2UNWIIRAvv9AKCEhqoisx2BAGZ6O35Rl5LWFTdjcwCeMjvK 4L9eiLVSudVfNET63AmcHAY= =bfko -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 26 09:53:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 May 2016 09:53:32 +0000 Subject: [RHSA-2016:1132-01] Important: rh-mariadb100-mariadb security update Message-ID: <201605260953.u4Q9rW8Q009138@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mariadb100-mariadb security update Advisory ID: RHSA-2016:1132-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1132 Issue date: 2016-05-26 CVE Names: CVE-2015-3210 CVE-2015-3217 CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4895 CVE-2015-4913 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0610 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-1283 CVE-2016-2047 CVE-2016-3191 ===================================================================== 1. Summary: An update for rh-mariadb100-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries. Security Fix(es): * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0655, CVE-2016-0666, CVE-2016-0668) * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make MariaDB execute an SQL query with a specially crafted regular expression could use these flaws to cause it to crash or, possibly, execute arbitrary code. (CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395, CVE-2016-1283, CVE-2016-3191) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1274752 - CVE-2015-4792 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274756 - CVE-2015-4802 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015) 1274759 - CVE-2015-4815 mysql: unspecified vulnerability related to Server:DDL (CPU October 2015) 1274761 - CVE-2015-4816 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274764 - CVE-2015-4819 mysql: unspecified vulnerability related to Client programs (CPU October 2015) 1274766 - CVE-2015-4826 mysql: unspecified vulnerability related to Server:Types (CPU October 2015) 1274767 - CVE-2015-4830 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015) 1274771 - CVE-2015-4836 mysql: unspecified vulnerability related to Server:SP (CPU October 2015) 1274773 - CVE-2015-4858 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274776 - CVE-2015-4861 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274781 - CVE-2015-4870 mysql: unspecified vulnerability related to Server:Parser (CPU October 2015) 1274783 - CVE-2015-4879 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1274786 - CVE-2015-4895 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015) 1274794 - CVE-2015-4913 mysql: unspecified vulnerability related to Server:DML (CPU October 2015) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1295385 - CVE-2016-1283 pcre: heap buffer overflow in handling of duplicate named groups (8.39/14) 1301492 - CVE-2016-0505 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU January 2016) 1301493 - CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016) 1301496 - CVE-2016-0596 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301497 - CVE-2016-0597 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301498 - CVE-2016-0598 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016) 1301501 - CVE-2016-0600 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016) 1301504 - CVE-2016-0606 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016) 1301506 - CVE-2016-0608 mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016) 1301507 - CVE-2016-0609 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU January 2016) 1301508 - CVE-2016-0610 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016) 1301510 - CVE-2016-0616 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016) 1301874 - CVE-2016-2047 mysql: ssl-validate-cert incorrect hostname check 1311503 - CVE-2016-3191 pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12) 1329239 - CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329241 - CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016) 1329243 - CVE-2016-0642 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016) 1329245 - CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329247 - CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016) 1329248 - CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329249 - CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016) 1329251 - CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329252 - CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329253 - CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016) 1329254 - CVE-2016-0651 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU April 2016) 1329259 - CVE-2016-0655 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU April 2016) 1329270 - CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016) 1329273 - CVE-2016-0668 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU April 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mariadb100-mariadb-10.0.25-4.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mariadb100-mariadb-10.0.25-4.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mariadb100-mariadb-10.0.25-4.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mariadb100-mariadb-10.0.25-4.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mariadb100-mariadb-10.0.25-4.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mariadb100-mariadb-10.0.25-4.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-mariadb100-mariadb-10.0.25-4.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mariadb100-mariadb-10.0.25-4.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.25-4.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.25-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-4792 https://access.redhat.com/security/cve/CVE-2015-4802 https://access.redhat.com/security/cve/CVE-2015-4815 https://access.redhat.com/security/cve/CVE-2015-4816 https://access.redhat.com/security/cve/CVE-2015-4819 https://access.redhat.com/security/cve/CVE-2015-4826 https://access.redhat.com/security/cve/CVE-2015-4830 https://access.redhat.com/security/cve/CVE-2015-4836 https://access.redhat.com/security/cve/CVE-2015-4858 https://access.redhat.com/security/cve/CVE-2015-4861 https://access.redhat.com/security/cve/CVE-2015-4870 https://access.redhat.com/security/cve/CVE-2015-4879 https://access.redhat.com/security/cve/CVE-2015-4895 https://access.redhat.com/security/cve/CVE-2015-4913 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2016-0505 https://access.redhat.com/security/cve/CVE-2016-0546 https://access.redhat.com/security/cve/CVE-2016-0596 https://access.redhat.com/security/cve/CVE-2016-0597 https://access.redhat.com/security/cve/CVE-2016-0598 https://access.redhat.com/security/cve/CVE-2016-0600 https://access.redhat.com/security/cve/CVE-2016-0606 https://access.redhat.com/security/cve/CVE-2016-0608 https://access.redhat.com/security/cve/CVE-2016-0609 https://access.redhat.com/security/cve/CVE-2016-0610 https://access.redhat.com/security/cve/CVE-2016-0616 https://access.redhat.com/security/cve/CVE-2016-0640 https://access.redhat.com/security/cve/CVE-2016-0641 https://access.redhat.com/security/cve/CVE-2016-0642 https://access.redhat.com/security/cve/CVE-2016-0643 https://access.redhat.com/security/cve/CVE-2016-0644 https://access.redhat.com/security/cve/CVE-2016-0646 https://access.redhat.com/security/cve/CVE-2016-0647 https://access.redhat.com/security/cve/CVE-2016-0648 https://access.redhat.com/security/cve/CVE-2016-0649 https://access.redhat.com/security/cve/CVE-2016-0650 https://access.redhat.com/security/cve/CVE-2016-0651 https://access.redhat.com/security/cve/CVE-2016-0655 https://access.redhat.com/security/cve/CVE-2016-0666 https://access.redhat.com/security/cve/CVE-2016-0668 https://access.redhat.com/security/cve/CVE-2016-1283 https://access.redhat.com/security/cve/CVE-2016-2047 https://access.redhat.com/security/cve/CVE-2016-3191 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXRsXVXlSAg2UNWIIRAiBuAJ0fv8biYOa0j27Np31UolAa+DC2owCgjmbJ TdOZ9Zu0jrH48W4vcsP311I= =zizu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 06:21:02 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2016 06:21:02 +0000 Subject: [RHSA-2016:1137-01] Important: openssl security update Message-ID: <201605310621.u4V6L3kZ022668@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1137-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1137 Issue date: 2016-05-31 CVE Names: CVE-2016-2108 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B?ck, and David Benjamin (Google) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: openssl-0.9.8e-40.el5_11.src.rpm i386: openssl-0.9.8e-40.el5_11.i386.rpm openssl-0.9.8e-40.el5_11.i686.rpm openssl-debuginfo-0.9.8e-40.el5_11.i386.rpm openssl-debuginfo-0.9.8e-40.el5_11.i686.rpm openssl-perl-0.9.8e-40.el5_11.i386.rpm x86_64: openssl-0.9.8e-40.el5_11.i686.rpm openssl-0.9.8e-40.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-40.el5_11.i686.rpm openssl-debuginfo-0.9.8e-40.el5_11.x86_64.rpm openssl-perl-0.9.8e-40.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: openssl-0.9.8e-40.el5_11.src.rpm i386: openssl-debuginfo-0.9.8e-40.el5_11.i386.rpm openssl-devel-0.9.8e-40.el5_11.i386.rpm x86_64: openssl-debuginfo-0.9.8e-40.el5_11.i386.rpm openssl-debuginfo-0.9.8e-40.el5_11.x86_64.rpm openssl-devel-0.9.8e-40.el5_11.i386.rpm openssl-devel-0.9.8e-40.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: openssl-0.9.8e-40.el5_11.src.rpm i386: openssl-0.9.8e-40.el5_11.i386.rpm openssl-0.9.8e-40.el5_11.i686.rpm openssl-debuginfo-0.9.8e-40.el5_11.i386.rpm openssl-debuginfo-0.9.8e-40.el5_11.i686.rpm openssl-devel-0.9.8e-40.el5_11.i386.rpm openssl-perl-0.9.8e-40.el5_11.i386.rpm ia64: openssl-0.9.8e-40.el5_11.i686.rpm openssl-0.9.8e-40.el5_11.ia64.rpm openssl-debuginfo-0.9.8e-40.el5_11.i686.rpm openssl-debuginfo-0.9.8e-40.el5_11.ia64.rpm openssl-devel-0.9.8e-40.el5_11.ia64.rpm openssl-perl-0.9.8e-40.el5_11.ia64.rpm ppc: openssl-0.9.8e-40.el5_11.ppc.rpm openssl-0.9.8e-40.el5_11.ppc64.rpm openssl-debuginfo-0.9.8e-40.el5_11.ppc.rpm openssl-debuginfo-0.9.8e-40.el5_11.ppc64.rpm openssl-devel-0.9.8e-40.el5_11.ppc.rpm openssl-devel-0.9.8e-40.el5_11.ppc64.rpm openssl-perl-0.9.8e-40.el5_11.ppc.rpm s390x: openssl-0.9.8e-40.el5_11.s390.rpm openssl-0.9.8e-40.el5_11.s390x.rpm openssl-debuginfo-0.9.8e-40.el5_11.s390.rpm openssl-debuginfo-0.9.8e-40.el5_11.s390x.rpm openssl-devel-0.9.8e-40.el5_11.s390.rpm openssl-devel-0.9.8e-40.el5_11.s390x.rpm openssl-perl-0.9.8e-40.el5_11.s390x.rpm x86_64: openssl-0.9.8e-40.el5_11.i686.rpm openssl-0.9.8e-40.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-40.el5_11.i386.rpm openssl-debuginfo-0.9.8e-40.el5_11.i686.rpm openssl-debuginfo-0.9.8e-40.el5_11.x86_64.rpm openssl-devel-0.9.8e-40.el5_11.i386.rpm openssl-devel-0.9.8e-40.el5_11.x86_64.rpm openssl-perl-0.9.8e-40.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTS0/XlSAg2UNWIIRAtIxAKCSiiYIucEkdc4w9pNSn/lnvi+UeACcCpON +u2gKnPG1WRg1N8sodue5yU= =UQzD -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 06:21:56 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2016 06:21:56 +0000 Subject: [RHSA-2016:1138-01] Moderate: squid security update Message-ID: <201605310621.u4V6LvKk030804@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2016:1138-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1138 Issue date: 2016-05-31 CVE Names: CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4554 CVE-2016-4556 ===================================================================== 1. Summary: An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051) * Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) * An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. (CVE-2016-4554) * An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. (CVE-2016-4556) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the squid service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1329126 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi 1329136 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing 1334241 - CVE-2016-4554 squid: Header Smuggling issue in HTTP Request processing 1334786 - CVE-2016-4556 squid: SIGSEGV in ESIContext response handling 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: squid-3.1.23-16.el6_8.4.src.rpm i386: squid-3.1.23-16.el6_8.4.i686.rpm squid-debuginfo-3.1.23-16.el6_8.4.i686.rpm ppc64: squid-3.1.23-16.el6_8.4.ppc64.rpm squid-debuginfo-3.1.23-16.el6_8.4.ppc64.rpm s390x: squid-3.1.23-16.el6_8.4.s390x.rpm squid-debuginfo-3.1.23-16.el6_8.4.s390x.rpm x86_64: squid-3.1.23-16.el6_8.4.x86_64.rpm squid-debuginfo-3.1.23-16.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: squid-3.1.23-16.el6_8.4.src.rpm i386: squid-3.1.23-16.el6_8.4.i686.rpm squid-debuginfo-3.1.23-16.el6_8.4.i686.rpm x86_64: squid-3.1.23-16.el6_8.4.x86_64.rpm squid-debuginfo-3.1.23-16.el6_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4051 https://access.redhat.com/security/cve/CVE-2016-4052 https://access.redhat.com/security/cve/CVE-2016-4053 https://access.redhat.com/security/cve/CVE-2016-4054 https://access.redhat.com/security/cve/CVE-2016-4554 https://access.redhat.com/security/cve/CVE-2016-4556 https://access.redhat.com/security/updates/classification/#moderate http://www.squid-cache.org/Advisories/SQUID-2016_5.txt http://www.squid-cache.org/Advisories/SQUID-2016_6.txt http://www.squid-cache.org/Advisories/SQUID-2016_8.txt http://www.squid-cache.org/Advisories/SQUID-2016_9.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTS1iXlSAg2UNWIIRAtfwAJ4j1CVztfjtzlLcAXcfC2q+CTovwgCcDEnM AkjRLWOPUFQ8GtHRIhjkp/Q= =Bdvj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 06:22:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2016 06:22:53 +0000 Subject: [RHSA-2016:1139-01] Moderate: squid security update Message-ID: <201605310622.u4V6MrFG023475@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2016:1139-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1139 Issue date: 2016-05-31 CVE Names: CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 ===================================================================== 1. Summary: An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051) * Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) * An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid. (CVE-2016-4553) * An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. (CVE-2016-4554) * A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process. (CVE-2016-4555) * An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. (CVE-2016-4556) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the squid service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1329126 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi 1329136 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing 1334233 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling 1334241 - CVE-2016-4554 squid: Header Smuggling issue in HTTP Request processing 1334246 - CVE-2016-4555 squid: SegFault from ESIInclude::Start 1334786 - CVE-2016-4556 squid: SIGSEGV in ESIContext response handling 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: squid-3.3.8-26.el7_2.3.src.rpm ppc64: squid-3.3.8-26.el7_2.3.ppc64.rpm squid-debuginfo-3.3.8-26.el7_2.3.ppc64.rpm ppc64le: squid-3.3.8-26.el7_2.3.ppc64le.rpm squid-debuginfo-3.3.8-26.el7_2.3.ppc64le.rpm s390x: squid-3.3.8-26.el7_2.3.s390x.rpm squid-debuginfo-3.3.8-26.el7_2.3.s390x.rpm x86_64: squid-3.3.8-26.el7_2.3.x86_64.rpm squid-debuginfo-3.3.8-26.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: squid-debuginfo-3.3.8-26.el7_2.3.ppc64.rpm squid-sysvinit-3.3.8-26.el7_2.3.ppc64.rpm ppc64le: squid-debuginfo-3.3.8-26.el7_2.3.ppc64le.rpm squid-sysvinit-3.3.8-26.el7_2.3.ppc64le.rpm s390x: squid-debuginfo-3.3.8-26.el7_2.3.s390x.rpm squid-sysvinit-3.3.8-26.el7_2.3.s390x.rpm x86_64: squid-debuginfo-3.3.8-26.el7_2.3.x86_64.rpm squid-sysvinit-3.3.8-26.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: squid-3.3.8-26.el7_2.3.src.rpm x86_64: squid-3.3.8-26.el7_2.3.x86_64.rpm squid-debuginfo-3.3.8-26.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: squid-debuginfo-3.3.8-26.el7_2.3.x86_64.rpm squid-sysvinit-3.3.8-26.el7_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4051 https://access.redhat.com/security/cve/CVE-2016-4052 https://access.redhat.com/security/cve/CVE-2016-4053 https://access.redhat.com/security/cve/CVE-2016-4054 https://access.redhat.com/security/cve/CVE-2016-4553 https://access.redhat.com/security/cve/CVE-2016-4554 https://access.redhat.com/security/cve/CVE-2016-4555 https://access.redhat.com/security/cve/CVE-2016-4556 https://access.redhat.com/security/updates/classification/#moderate http://www.squid-cache.org/Advisories/SQUID-2016_5.txt http://www.squid-cache.org/Advisories/SQUID-2016_6.txt http://www.squid-cache.org/Advisories/SQUID-2016_7.txt http://www.squid-cache.org/Advisories/SQUID-2016_8.txt http://www.squid-cache.org/Advisories/SQUID-2016_9.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTS26XlSAg2UNWIIRAgGXAKCUUJCPift+x00t5mWx0vTXqkRvGACgjk5Z 2yeGJSARyEwp3OzfyumvjfQ= =0Myb -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 06:24:00 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2016 06:24:00 +0000 Subject: [RHSA-2016:1140-01] Moderate: squid34 security update Message-ID: <201605310624.u4V6O0Y3020148@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid34 security update Advisory ID: RHSA-2016:1140-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1140 Issue date: 2016-05-31 CVE Names: CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 ===================================================================== 1. Summary: An update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The "squid34" packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from "squid34", this version of Red Hat Enterprise Linux also includes the "squid" packages which provide Squid version 3.1. Security Fix(es): * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051) * Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) * An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid. (CVE-2016-4553) * An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. (CVE-2016-4554) * A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process. (CVE-2016-4555) * An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. (CVE-2016-4556) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the squid service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1329126 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi 1329136 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing 1334233 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling 1334241 - CVE-2016-4554 squid: Header Smuggling issue in HTTP Request processing 1334246 - CVE-2016-4555 squid: SegFault from ESIInclude::Start 1334786 - CVE-2016-4556 squid: SIGSEGV in ESIContext response handling 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: squid34-3.4.14-9.el6_8.3.src.rpm i386: squid34-3.4.14-9.el6_8.3.i686.rpm squid34-debuginfo-3.4.14-9.el6_8.3.i686.rpm ppc64: squid34-3.4.14-9.el6_8.3.ppc64.rpm squid34-debuginfo-3.4.14-9.el6_8.3.ppc64.rpm s390x: squid34-3.4.14-9.el6_8.3.s390x.rpm squid34-debuginfo-3.4.14-9.el6_8.3.s390x.rpm x86_64: squid34-3.4.14-9.el6_8.3.x86_64.rpm squid34-debuginfo-3.4.14-9.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: squid34-3.4.14-9.el6_8.3.src.rpm i386: squid34-3.4.14-9.el6_8.3.i686.rpm squid34-debuginfo-3.4.14-9.el6_8.3.i686.rpm x86_64: squid34-3.4.14-9.el6_8.3.x86_64.rpm squid34-debuginfo-3.4.14-9.el6_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4051 https://access.redhat.com/security/cve/CVE-2016-4052 https://access.redhat.com/security/cve/CVE-2016-4053 https://access.redhat.com/security/cve/CVE-2016-4054 https://access.redhat.com/security/cve/CVE-2016-4553 https://access.redhat.com/security/cve/CVE-2016-4554 https://access.redhat.com/security/cve/CVE-2016-4555 https://access.redhat.com/security/cve/CVE-2016-4556 https://access.redhat.com/security/updates/classification/#moderate http://www.squid-cache.org/Advisories/SQUID-2016_5.txt http://www.squid-cache.org/Advisories/SQUID-2016_6.txt http://www.squid-cache.org/Advisories/SQUID-2016_7.txt http://www.squid-cache.org/Advisories/SQUID-2016_8.txt http://www.squid-cache.org/Advisories/SQUID-2016_9.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTS35XlSAg2UNWIIRAmWpAJ0eIlHSQ3Y08fA9h1/92SX9t0T8BACglO0C 007+HStidaeo4GKvo6RPeFg= =yxXK -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 08:25:31 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2016 08:25:31 +0000 Subject: [RHSA-2016:1141-01] Moderate: ntp security update Message-ID: <201605310825.u4V8PWLK003732@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1141 Issue date: 2016-05-31 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 ===================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm ppc64: ntp-4.2.6p5-10.el6.1.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntpdate-4.2.6p5-10.el6.1.ppc64.rpm s390x: ntp-4.2.6p5-10.el6.1.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntpdate-4.2.6p5-10.el6.1.s390x.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntp-perl-4.2.6p5-10.el6.1.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntp-perl-4.2.6p5-10.el6.1.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm ppc64: ntp-4.2.6p5-22.el7_2.2.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm ppc64le: ntp-4.2.6p5-22.el7_2.2.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm s390x: ntp-4.2.6p5-22.el7_2.2.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm ntpdate-4.2.6p5-22.el7_2.2.s390x.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm sntp-4.2.6p5-22.el7_2.2.ppc64.rpm ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm sntp-4.2.6p5-22.el7_2.2.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm sntp-4.2.6p5-22.el7_2.2.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx SULnKXrtTJd5iJ6eQVtDnxA= =hETy -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 11:22:27 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2016 11:22:27 +0000 Subject: [RHSA-2016:1166-01] Moderate: python27 security, bug fix, and enhancement update Message-ID: <201605311122.u4VBMS0n013226@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python27 security, bug fix, and enhancement update Advisory ID: RHSA-2016:1166-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1166 Issue date: 2016-05-31 CVE Names: CVE-2013-2099 CVE-2013-7440 ===================================================================== 1. Summary: Updated python27 packages are now available as a part of Red Hat Software Collections 2.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): The following fix was applied to the python component: * The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1311044, BZ#1319774) The following fix was applied to the python-pymongo component: * A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. (CVE-2013-2099) The following fix was applied to the python-pymongo and python-virtualenv components: * Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC 6125 recommendations. (CVE-2013-7440) The CVE-2013-2099 issue was discovered by Florian Weimer (Red Hat Product Security). Bug Fix(es) and Enhancement(s): The python27 Software?Collection has been updated to a later version, which provides a number of bug fixes and enhancements over the previous version. Among others: * The python27-PyYAML package has been added, which contains a Python YAML module. PyYAML is a YAML parser and emitter for Python; it is applicable for a broad range of tasks from complex configuration files to object serialization and persistance. * Network security enhancements, described in the Python Enhancent Proposal 466, have been backported to the Python standard library. The security enhancements include, for example, new features in the ssl module, such as support for Server Name Indication (SNI) as well as support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and much more. * The python27-python-pip package has been upgraded to version 7.1.0. * The python27-python-virtualenv package has been upgraded to verion 13.1.0. * The python27-python-pymongo package has been upgraded to version 3.2.1. (BZ#1301481, BZ#1297784, BZ#1111464, BZ#1319774) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 963260 - CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns 1173041 - CVE-2014-9365 python: failure to validate certificates in the HTTP client with TLS (PEP 476) 1224999 - CVE-2013-7440 python: wildcard matching rules do not follow RFC 6125 1266529 - Applications breaks when certain software collections are enabled 1297783 - Update python-pymongo package 1297784 - Add PyYAML package 1318319 - python-2.7.5-34 breaks hashlib (md4) 1329141 - Python installation is not 64 bit clean 1329944 - python27-PyYAML: wrong interpreter 1330041 - python27-python-docutils: wrong interpreter 1334447 - leftovers after the un-install 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2099 https://access.redhat.com/security/cve/CVE-2013-7440 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2039753 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTXLkXlSAg2UNWIIRAv24AJ9J57HmPRP4kf9eb0lTpOLR037sawCgszMI JJ7o6x06U7KR/MKESCy6YX8= =bWhu -----END PGP SIGNATURE-----