From bugzilla at redhat.com Tue Nov 1 13:26:51 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Nov 2016 13:26:51 +0000 Subject: [RHSA-2016:2132-01] Important: kernel security and bug fix update Message-ID: <201611011326.uA1DQo6F010740@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:2132-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2132.html Issue date: 2016-11-01 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. Bug Fix(es): * Previously, the BUG_ON() signal appeared in the fs_clear_inode() function where the nfs_have_writebacks() function reported a positive value for nfs_inode->npages. As a consequence, a kernel panic occurred. The provided patch performs a serialization by holding the inode i_lock over the check of PagePrivate and locking the request, which fixes this bug. (BZ#1365157) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: kernel-2.6.32-220.68.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.68.1.el6.noarch.rpm kernel-firmware-2.6.32-220.68.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.68.1.el6.x86_64.rpm kernel-debug-2.6.32-220.68.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.68.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.68.1.el6.x86_64.rpm kernel-devel-2.6.32-220.68.1.el6.x86_64.rpm kernel-headers-2.6.32-220.68.1.el6.x86_64.rpm perf-2.6.32-220.68.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.68.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.68.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm python-perf-2.6.32-220.68.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.68.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGJgSXlSAg2UNWIIRAjSsAKDBZosbNG/fp+RvGldspm5VwF17KQCdFfuL a6xl/AAR6Sp4dNXHQtW5xgI= =cYAw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 1 13:27:05 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Nov 2016 13:27:05 +0000 Subject: [RHSA-2016:2133-01] Important: kernel security update Message-ID: <201611011327.uA1DR4mH032103@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2133-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2133.html Issue date: 2016-11-01 CVE Names: CVE-2016-4470 CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. (CVE-2016-4470, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. The CVE-2016-4470 issue was discovered by David Howells (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.75.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.75.1.el6.noarch.rpm kernel-firmware-2.6.32-358.75.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.75.1.el6.x86_64.rpm kernel-debug-2.6.32-358.75.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.75.1.el6.x86_64.rpm kernel-devel-2.6.32-358.75.1.el6.x86_64.rpm kernel-headers-2.6.32-358.75.1.el6.x86_64.rpm perf-2.6.32-358.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.75.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm python-perf-2.6.32-358.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.75.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGJggXlSAg2UNWIIRAmjIAJ9Hv+CFW/7G9pWkwyCccCUjLGWYaQCgkVuO VBItM1/0m2DIAPJoL6l4Gkg= =mjf6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 1 16:45:34 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Nov 2016 16:45:34 +0000 Subject: [RHSA-2016:2134-01] Low: Red Hat Enterprise Developer Toolset Version 3.x Retirement Notice Message-ID: <201611011645.uA1GjYcL026282@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Developer Toolset Version 3.x Retirement Notice Advisory ID: RHSA-2016:2134-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2134.html Issue date: 2016-11-01 ===================================================================== 1. Summary: This is the final notification for the retirement of Red Hat Developer Toolset Version 3.x. This notification applies only to those customers subscribed to the channel for Red Hat Developer Toolset Version 3.x. 2. Description: In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers using Red Hat Enterprise Developer Toolset Version 3.x to migrate to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product. Details of the Red Hat Enterprise Developer Toolset life cycle can be found here: https://access.redhat.com/support/policy/updates/dts/ 3. Solution: Red Hat Enterprise Developer Toolset Version 3.x was retired on October 31, 2016. Customers using Red Hat Enterprise Developer Toolset Version 3.x are encouraged to migrate to a newer release of Red Hat Enterprise Developer Toolset, and can find additional details on the Red Hat Enterprise Developer Toolset life cycle page at https://access.redhat.com/support/policy/updates/dts/ 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/dts/ 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGMaZXlSAg2UNWIIRAoOeAJ9c7OjaipfqhnqBHl5zgRg9cy+mrQCgvMUu TNwgpaY7orEMZhSI+phAle8= =7O35 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 1 19:16:37 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Nov 2016 15:16:37 -0400 Subject: [RHSA-2016:2135-01] Low: Red Hat Enterprise Linux 6.6 Extended Update Support Retirement Notice Message-ID: <201611011916.uA1JGbpr031490@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.6 Extended Update Support Retirement Notice Advisory ID: RHSA-2016:2135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2135.html Issue date: 2016-11-01 ===================================================================== 1. Summary: This is the final notification for the retirement of Red Hat Enterprise Linux 6.6 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.6. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.6 was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.6 EUS after October 31, 2016. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.6 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.6): Source: redhat-release-server-6Server-6.6.0.5.el6_6.src.rpm i386: redhat-release-server-6Server-6.6.0.5.el6_6.i686.rpm ppc64: redhat-release-server-6Server-6.6.0.5.el6_6.ppc64.rpm s390x: redhat-release-server-6Server-6.6.0.5.el6_6.s390x.rpm x86_64: redhat-release-server-6Server-6.6.0.5.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/articles/64664 https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGOoSXlSAg2UNWIIRAmp+AKC8ZMA74fsu4wUQKi2A52BrF2cOCwCfc/tp DVh0OZUNDYK/BSZkpxDO5vI= =Ckvo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 12:28:24 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2016 12:28:24 +0000 Subject: [RHSA-2016:2136-01] Critical: java-1.8.0-ibm security update Message-ID: <201611021228.uA2CSOu6016076@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2016:2136-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2136.html Issue date: 2016-11-02 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 1386408 - CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.i686.rpm ppc64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.ppc64.rpm s390x: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.ppc.rpm java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el7_2.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.ppc.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el7_2.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el7_2.ppc64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el7_2.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el7_2.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el7_2.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el7_2.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.s390.rpm java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.s390x.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el7_2.s390x.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.s390.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el7_2.s390x.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el7_2.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.i686.rpm java-1.8.0-ibm-devel-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm java-1.8.0-ibm-src-1.8.0.3.20-1jpp.1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5556 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGdurXlSAg2UNWIIRAnIaAJwIBTsMod5OrlROHcXxbpCuqnY/eACfcekk TLTrAbAE3GmrnNksgMFtm4E= =rKwt -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 12:29:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2016 12:29:01 +0000 Subject: [RHSA-2016:2137-01] Critical: java-1.7.1-ibm security update Message-ID: <201611021229.uA2CT1hC019815@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2016:2137-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2137.html Issue date: 2016-11-02 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 1386408 - CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.ppc.rpm java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.ppc.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el7_2.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el7_2.ppc.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el7_2.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el7_2.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el7_2.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.s390.rpm java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.s390.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el7_2.s390x.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el7_2.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.i686.rpm java-1.7.1-ibm-devel-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm java-1.7.1-ibm-src-1.7.1.3.60-1jpp.1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5556 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGdv5XlSAg2UNWIIRAgdIAKC+SB1l/p1UZwZGJOOY/Khe9kdjFgCgu0Rj rDyKBjJF1gGfjBqqXUvwhOw= =9b+t -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 12:29:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2016 12:29:35 +0000 Subject: [RHSA-2016:2138-01] Critical: java-1.7.0-ibm security update Message-ID: <201611021229.uA2CTZDG016975@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2016:2138-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2138.html Issue date: 2016-11-02 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP60. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 1386408 - CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.i386.rpm ppc: java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.9.60-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.9.60-1jpp.1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5556 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGdwbXlSAg2UNWIIRAidnAKC8jV0vo6180kCptfJQiNHcFi3cuwCZAdks Phc7rnlyCrnI+uAUF7vG+QE= =RIGg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 17:42:08 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2016 17:42:08 +0000 Subject: [RHSA-2016:2141-01] Important: bind security update Message-ID: <201611021742.uA2HgBjK030632@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:2141-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2141.html Issue date: 2016-11-02 CVE Names: CVE-2016-8864 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.11.src.rpm i386: bind-9.3.6-25.P1.el5_11.11.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.i386.rpm bind-libs-9.3.6-25.P1.el5_11.11.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.11.i386.rpm bind-utils-9.3.6-25.P1.el5_11.11.i386.rpm x86_64: bind-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.11.i386.rpm bind-libs-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.11.src.rpm i386: bind-chroot-9.3.6-25.P1.el5_11.11.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.i386.rpm bind-devel-9.3.6-25.P1.el5_11.11.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.11.i386.rpm x86_64: bind-chroot-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.11.i386.rpm bind-devel-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind-9.3.6-25.P1.el5_11.11.src.rpm i386: bind-9.3.6-25.P1.el5_11.11.i386.rpm bind-chroot-9.3.6-25.P1.el5_11.11.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.i386.rpm bind-devel-9.3.6-25.P1.el5_11.11.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.i386.rpm bind-libs-9.3.6-25.P1.el5_11.11.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.11.i386.rpm bind-utils-9.3.6-25.P1.el5_11.11.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.11.i386.rpm ia64: bind-9.3.6-25.P1.el5_11.11.ia64.rpm bind-chroot-9.3.6-25.P1.el5_11.11.ia64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.ia64.rpm bind-devel-9.3.6-25.P1.el5_11.11.ia64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.ia64.rpm bind-libs-9.3.6-25.P1.el5_11.11.i386.rpm bind-libs-9.3.6-25.P1.el5_11.11.ia64.rpm bind-sdb-9.3.6-25.P1.el5_11.11.ia64.rpm bind-utils-9.3.6-25.P1.el5_11.11.ia64.rpm caching-nameserver-9.3.6-25.P1.el5_11.11.ia64.rpm ppc: bind-9.3.6-25.P1.el5_11.11.ppc.rpm bind-chroot-9.3.6-25.P1.el5_11.11.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.ppc64.rpm bind-devel-9.3.6-25.P1.el5_11.11.ppc.rpm bind-devel-9.3.6-25.P1.el5_11.11.ppc64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.ppc.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.ppc64.rpm bind-libs-9.3.6-25.P1.el5_11.11.ppc.rpm bind-libs-9.3.6-25.P1.el5_11.11.ppc64.rpm bind-sdb-9.3.6-25.P1.el5_11.11.ppc.rpm bind-utils-9.3.6-25.P1.el5_11.11.ppc.rpm caching-nameserver-9.3.6-25.P1.el5_11.11.ppc.rpm s390x: bind-9.3.6-25.P1.el5_11.11.s390x.rpm bind-chroot-9.3.6-25.P1.el5_11.11.s390x.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.s390.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.s390x.rpm bind-devel-9.3.6-25.P1.el5_11.11.s390.rpm bind-devel-9.3.6-25.P1.el5_11.11.s390x.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.s390.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.s390x.rpm bind-libs-9.3.6-25.P1.el5_11.11.s390.rpm bind-libs-9.3.6-25.P1.el5_11.11.s390x.rpm bind-sdb-9.3.6-25.P1.el5_11.11.s390x.rpm bind-utils-9.3.6-25.P1.el5_11.11.s390x.rpm caching-nameserver-9.3.6-25.P1.el5_11.11.s390x.rpm x86_64: bind-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-chroot-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.11.i386.rpm bind-devel-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.11.i386.rpm bind-libs-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.11.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.11.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.3.src.rpm i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.3.src.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.3.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.i686.rpm ppc64: bind-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.ppc.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm s390x: bind-9.8.2-0.47.rc1.el6_8.3.s390x.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.s390x.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.s390x.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.s390.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.s390x.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.s390x.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.i686.rpm ppc64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.ppc.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.s390x.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.s390.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.s390x.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.3.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8864 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01434 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGiVaXlSAg2UNWIIRAtEHAJ4yv9COTrqlLpjBReYD/AP/s9QmMgCdFUJJ 4EFHv2intcb25OFopZzK4UA= =/+fr -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 16:58:44 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2016 16:58:44 +0000 Subject: [RHSA-2016:2142-01] Important: bind97 security update Message-ID: <201611021658.uA2GwlH0009306@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2016:2142-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2142.html Issue date: 2016-11-02 CVE Names: CVE-2016-8864 ===================================================================== 1. Summary: An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer 6. Package List: Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: bind97-9.7.0-21.P2.el5_11.9.src.rpm i386: bind97-9.7.0-21.P2.el5_11.9.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.9.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.9.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.9.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.9.i386.rpm x86_64: bind97-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.9.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.9.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind97-9.7.0-21.P2.el5_11.9.src.rpm i386: bind97-9.7.0-21.P2.el5_11.9.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.9.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.9.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.9.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.9.i386.rpm ia64: bind97-9.7.0-21.P2.el5_11.9.ia64.rpm bind97-chroot-9.7.0-21.P2.el5_11.9.ia64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.ia64.rpm bind97-devel-9.7.0-21.P2.el5_11.9.ia64.rpm bind97-libs-9.7.0-21.P2.el5_11.9.ia64.rpm bind97-utils-9.7.0-21.P2.el5_11.9.ia64.rpm ppc: bind97-9.7.0-21.P2.el5_11.9.ppc.rpm bind97-chroot-9.7.0-21.P2.el5_11.9.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.ppc64.rpm bind97-devel-9.7.0-21.P2.el5_11.9.ppc.rpm bind97-devel-9.7.0-21.P2.el5_11.9.ppc64.rpm bind97-libs-9.7.0-21.P2.el5_11.9.ppc.rpm bind97-libs-9.7.0-21.P2.el5_11.9.ppc64.rpm bind97-utils-9.7.0-21.P2.el5_11.9.ppc.rpm s390x: bind97-9.7.0-21.P2.el5_11.9.s390x.rpm bind97-chroot-9.7.0-21.P2.el5_11.9.s390x.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.s390.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.s390x.rpm bind97-devel-9.7.0-21.P2.el5_11.9.s390.rpm bind97-devel-9.7.0-21.P2.el5_11.9.s390x.rpm bind97-libs-9.7.0-21.P2.el5_11.9.s390.rpm bind97-libs-9.7.0-21.P2.el5_11.9.s390x.rpm bind97-utils-9.7.0-21.P2.el5_11.9.s390x.rpm x86_64: bind97-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.9.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.9.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.9.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8864 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01434 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGhs5XlSAg2UNWIIRAuuvAKCPRQwoplrK9grbRWWbnQ7YwzjNcACfczui OdTNJjTRz4T6sInzlKm7+sc= =DJTn -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 3 08:47:48 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Nov 2016 08:47:48 +0000 Subject: [RHSA-2016:2573-02] Low: glibc security, bug fix, and enhancement update Message-ID: <201611030847.uA38lms5023461@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2016:2573-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2573.html Issue date: 2016-11-03 CVE Names: CVE-2016-3075 ===================================================================== 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075) This issue was discovered by Florian Weimer (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 971416 - Locale alias no_NO.ISO-8859-1 not working. 1027348 - sem_post/sem_wait race causing sem_post to return EINVAL 1064063 - Test suite failure: tst-mqueue5 1099235 - CVE-2015-5277 glibc: nss_files doesn't detect ERANGE problems correctly [rhel-7.3] 1140250 - Unexpected results from using posix_fallocate with nfs target 1211100 - ld.so crash when audit modules provide path 1211823 - iconv: missing support for HKSCS-2008 in BIG5-HKSCS in rhel7 glibc 1249102 - "monstartup: out of memory" on PPC64LE 1255822 - glibc: malloc may fall back to calling mmap prematurely if arenas are contended 1276631 - glibc: hide backtrace from tst-malloc-backtrace 1276753 - malloc: arena free list can become cyclic, increasing contention 1293976 - CVE-2015-5229 glibc: calloc() returns non-zero'ed memory [rhel-7.3.0] 1298354 - Backport test-skeleton.c conversions. 1305406 - invalid fastbin entry (free), missing glibc patch 1320596 - glibc: NULL pointer dereference in stub resolver with unconnectable name server addresses 1321866 - CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r 1335629 - aarch64: MINSIGSTKSZ is (much) too small 1335925 - glibc: Fix aarch64 ABI issues 1346397 - glibc: debug/tst-longjump_chk2 calls printf from a signal handler 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-157.el7.src.rpm x86_64: glibc-2.17-157.el7.i686.rpm glibc-2.17-157.el7.x86_64.rpm glibc-common-2.17-157.el7.x86_64.rpm glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-devel-2.17-157.el7.i686.rpm glibc-devel-2.17-157.el7.x86_64.rpm glibc-headers-2.17-157.el7.x86_64.rpm glibc-utils-2.17-157.el7.x86_64.rpm nscd-2.17-157.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-static-2.17-157.el7.i686.rpm glibc-static-2.17-157.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-157.el7.src.rpm x86_64: glibc-2.17-157.el7.i686.rpm glibc-2.17-157.el7.x86_64.rpm glibc-common-2.17-157.el7.x86_64.rpm glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-devel-2.17-157.el7.i686.rpm glibc-devel-2.17-157.el7.x86_64.rpm glibc-headers-2.17-157.el7.x86_64.rpm glibc-utils-2.17-157.el7.x86_64.rpm nscd-2.17-157.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-static-2.17-157.el7.i686.rpm glibc-static-2.17-157.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-157.el7.src.rpm aarch64: glibc-2.17-157.el7.aarch64.rpm glibc-common-2.17-157.el7.aarch64.rpm glibc-debuginfo-2.17-157.el7.aarch64.rpm glibc-devel-2.17-157.el7.aarch64.rpm glibc-headers-2.17-157.el7.aarch64.rpm glibc-utils-2.17-157.el7.aarch64.rpm nscd-2.17-157.el7.aarch64.rpm ppc64: glibc-2.17-157.el7.ppc.rpm glibc-2.17-157.el7.ppc64.rpm glibc-common-2.17-157.el7.ppc64.rpm glibc-debuginfo-2.17-157.el7.ppc.rpm glibc-debuginfo-2.17-157.el7.ppc64.rpm glibc-debuginfo-common-2.17-157.el7.ppc.rpm glibc-debuginfo-common-2.17-157.el7.ppc64.rpm glibc-devel-2.17-157.el7.ppc.rpm glibc-devel-2.17-157.el7.ppc64.rpm glibc-headers-2.17-157.el7.ppc64.rpm glibc-utils-2.17-157.el7.ppc64.rpm nscd-2.17-157.el7.ppc64.rpm ppc64le: glibc-2.17-157.el7.ppc64le.rpm glibc-common-2.17-157.el7.ppc64le.rpm glibc-debuginfo-2.17-157.el7.ppc64le.rpm glibc-debuginfo-common-2.17-157.el7.ppc64le.rpm glibc-devel-2.17-157.el7.ppc64le.rpm glibc-headers-2.17-157.el7.ppc64le.rpm glibc-utils-2.17-157.el7.ppc64le.rpm nscd-2.17-157.el7.ppc64le.rpm s390x: glibc-2.17-157.el7.s390.rpm glibc-2.17-157.el7.s390x.rpm glibc-common-2.17-157.el7.s390x.rpm glibc-debuginfo-2.17-157.el7.s390.rpm glibc-debuginfo-2.17-157.el7.s390x.rpm glibc-debuginfo-common-2.17-157.el7.s390.rpm glibc-debuginfo-common-2.17-157.el7.s390x.rpm glibc-devel-2.17-157.el7.s390.rpm glibc-devel-2.17-157.el7.s390x.rpm glibc-headers-2.17-157.el7.s390x.rpm glibc-utils-2.17-157.el7.s390x.rpm nscd-2.17-157.el7.s390x.rpm x86_64: glibc-2.17-157.el7.i686.rpm glibc-2.17-157.el7.x86_64.rpm glibc-common-2.17-157.el7.x86_64.rpm glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-devel-2.17-157.el7.i686.rpm glibc-devel-2.17-157.el7.x86_64.rpm glibc-headers-2.17-157.el7.x86_64.rpm glibc-utils-2.17-157.el7.x86_64.rpm nscd-2.17-157.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: glibc-debuginfo-2.17-157.el7.aarch64.rpm glibc-static-2.17-157.el7.aarch64.rpm ppc64: glibc-debuginfo-2.17-157.el7.ppc.rpm glibc-debuginfo-2.17-157.el7.ppc64.rpm glibc-debuginfo-common-2.17-157.el7.ppc.rpm glibc-debuginfo-common-2.17-157.el7.ppc64.rpm glibc-static-2.17-157.el7.ppc.rpm glibc-static-2.17-157.el7.ppc64.rpm ppc64le: glibc-debuginfo-2.17-157.el7.ppc64le.rpm glibc-debuginfo-common-2.17-157.el7.ppc64le.rpm glibc-static-2.17-157.el7.ppc64le.rpm s390x: glibc-debuginfo-2.17-157.el7.s390.rpm glibc-debuginfo-2.17-157.el7.s390x.rpm glibc-debuginfo-common-2.17-157.el7.s390.rpm glibc-debuginfo-common-2.17-157.el7.s390x.rpm glibc-static-2.17-157.el7.s390.rpm glibc-static-2.17-157.el7.s390x.rpm x86_64: glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-static-2.17-157.el7.i686.rpm glibc-static-2.17-157.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-157.el7.src.rpm x86_64: glibc-2.17-157.el7.i686.rpm glibc-2.17-157.el7.x86_64.rpm glibc-common-2.17-157.el7.x86_64.rpm glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-devel-2.17-157.el7.i686.rpm glibc-devel-2.17-157.el7.x86_64.rpm glibc-headers-2.17-157.el7.x86_64.rpm glibc-utils-2.17-157.el7.x86_64.rpm nscd-2.17-157.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-static-2.17-157.el7.i686.rpm glibc-static-2.17-157.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3075 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvmrXlSAg2UNWIIRAsG/AJ0fRsDJSNxnoCSWNMgCDi/u2NjFAwCgkDR3 OavlVFr4MlGbQCVtg86DOzs= =UUul -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 3 08:50:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Nov 2016 08:50:57 +0000 Subject: [RHSA-2016:2574-02] Important: kernel security, bug fix, and enhancement update Message-ID: <201611030850.uA38ovZr026940@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:2574-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2574.html Issue date: 2016-11-03 CVE Names: CVE-2013-4312 CVE-2015-8374 CVE-2015-8543 CVE-2015-8746 CVE-2015-8812 CVE-2015-8844 CVE-2015-8845 CVE-2015-8956 CVE-2016-2053 CVE-2016-2069 CVE-2016-2117 CVE-2016-2384 CVE-2016-2847 CVE-2016-3070 CVE-2016-3156 CVE-2016-3699 CVE-2016-3841 CVE-2016-4569 CVE-2016-4578 CVE-2016-4581 CVE-2016-4794 CVE-2016-5412 CVE-2016-5828 CVE-2016-5829 CVE-2016-6136 CVE-2016-6198 CVE-2016-6327 CVE-2016-6480 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for Containers (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1141249 - Xen guests may hang after migration or suspend/resume 1234586 - Backtrace after unclean shutdown with XFS v5 and project quotas 1267042 - XFS needs to better handle EIO and ENOSPC 1277863 - Test case failure: Screen - Resolution after no Screen Boot on Intel Valley View Gen7 [8086:0f31] 1278224 - panic in iscsi_target.c 1283341 - cannot mount RHEL7 NFS server with nfsvers=4.1,sec=krb5 but nfsvers=4.0,sec=krb5 works 1286261 - CVE-2015-8374 kernel: Information leak when truncating of compressed/inlined extents on BTRFS 1286500 - Tool thin_dump failing to show 'mappings' 1290475 - CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference 1292481 - device mapper hung tasks on an openshift/docker system 1295802 - CVE-2015-8746 kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client 1297813 - CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted 1299662 - VFIO: include no-IOMMU mode - not supported 1300023 - soft lockup in nfs4_put_stid with 3.10.0-327.4.4.el7 1300237 - CVE-2016-2053 kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature() 1301893 - CVE-2016-2069 kernel: race condition in the TLB flush logic 1302166 - MAC address of VF is not editable even when attached to host 1303532 - CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. 1305118 - XFS support for deferred dio completion 1307091 - fstrim failing on mdadm raid 5 device 1308444 - CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor 1308846 - CVE-2016-3070 kernel: Null pointer dereference in trace_writeback_dirty_page() 1312298 - CVE-2016-2117 kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers 1313428 - CVE-2016-2847 kernel: pipe: limit the per-user amount of pages allocated in pipes 1318172 - CVE-2016-3156 kernel: ipv4: denial of service when destroying a network interface 1321096 - BUG: s390 socketcall() syscalls audited with wrong value in field a0 1326540 - CVE-2015-8845 CVE-2015-8844 kernel: incorrect restoration of machine specific registers from userspace 1329653 - CVE-2016-3699 kernel: ACPI table override allowed when securelevel is enabled 1333712 - CVE-2016-4581 kernel: Slave being first propagated copy causes oops in propagate_mnt 1334643 - CVE-2016-4569 kernel: Information leak in Linux sound module in timer.c 1335215 - CVE-2016-4578 kernel: Information leak in events in timer.c 1335889 - CVE-2016-4794 kernel: Use after free in array_map_alloc 1349539 - T460[p/s] audio output on dock won't work 1349916 - CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode 1349917 - CVE-2016-5828 Kernel: powerpc: tm: crash via exec system call on PPC 1350509 - CVE-2016-5829 kernel: Heap buffer overflow in hiddev driver 1353533 - CVE-2016-6136 kernel: Race condition vulnerability in execve argv arguments 1354525 - CVE-2016-6327 kernel: infiniband: Kernel crash by sending ABORT_TASK command 1355654 - CVE-2016-6198 kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs 1361245 - [Hyper-V][RHEL 7.2] VMs panic when configured with Dynamic Memory as opposed to Static Memory 1362466 - CVE-2016-6480 kernel: scsi: aacraid: double fetch in ioctl_send_fib() 1364971 - CVE-2016-3841 kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets. 1383395 - CVE-2015-8956 kernel: NULL dereference in RFCOMM bind callback 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-514.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm kernel-doc-3.10.0-514.el7.noarch.rpm x86_64: kernel-3.10.0-514.el7.x86_64.rpm kernel-debug-3.10.0-514.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-devel-3.10.0-514.el7.x86_64.rpm kernel-headers-3.10.0-514.el7.x86_64.rpm kernel-tools-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.el7.x86_64.rpm perf-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-514.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm kernel-doc-3.10.0-514.el7.noarch.rpm x86_64: kernel-3.10.0-514.el7.x86_64.rpm kernel-debug-3.10.0-514.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-devel-3.10.0-514.el7.x86_64.rpm kernel-headers-3.10.0-514.el7.x86_64.rpm kernel-tools-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.el7.x86_64.rpm perf-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm Red Hat Enterprise Linux for Containers (v. 7): Source: kernel-3.10.0-508.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-508.el7.noarch.rpm kernel-doc-3.10.0-508.el7.noarch.rpm ppc64: kernel-3.10.0-508.el7.ppc64.rpm kernel-bootwrapper-3.10.0-508.el7.ppc64.rpm kernel-debug-3.10.0-508.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-508.el7.ppc64.rpm kernel-debug-devel-3.10.0-508.el7.ppc64.rpm kernel-debuginfo-3.10.0-508.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-508.el7.ppc64.rpm kernel-devel-3.10.0-508.el7.ppc64.rpm kernel-headers-3.10.0-508.el7.ppc64.rpm kernel-tools-3.10.0-508.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-508.el7.ppc64.rpm kernel-tools-libs-3.10.0-508.el7.ppc64.rpm perf-3.10.0-508.el7.ppc64.rpm perf-debuginfo-3.10.0-508.el7.ppc64.rpm python-perf-3.10.0-508.el7.ppc64.rpm python-perf-debuginfo-3.10.0-508.el7.ppc64.rpm ppc64le: kernel-3.10.0-508.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-508.el7.ppc64le.rpm kernel-debug-3.10.0-508.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-508.el7.ppc64le.rpm kernel-debuginfo-3.10.0-508.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-508.el7.ppc64le.rpm kernel-devel-3.10.0-508.el7.ppc64le.rpm kernel-headers-3.10.0-508.el7.ppc64le.rpm kernel-tools-3.10.0-508.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-508.el7.ppc64le.rpm kernel-tools-libs-3.10.0-508.el7.ppc64le.rpm perf-3.10.0-508.el7.ppc64le.rpm perf-debuginfo-3.10.0-508.el7.ppc64le.rpm python-perf-3.10.0-508.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-508.el7.ppc64le.rpm s390x: kernel-3.10.0-508.el7.s390x.rpm kernel-debug-3.10.0-508.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-508.el7.s390x.rpm kernel-debug-devel-3.10.0-508.el7.s390x.rpm kernel-debuginfo-3.10.0-508.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-508.el7.s390x.rpm kernel-devel-3.10.0-508.el7.s390x.rpm kernel-headers-3.10.0-508.el7.s390x.rpm kernel-kdump-3.10.0-508.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-508.el7.s390x.rpm kernel-kdump-devel-3.10.0-508.el7.s390x.rpm perf-3.10.0-508.el7.s390x.rpm perf-debuginfo-3.10.0-508.el7.s390x.rpm python-perf-3.10.0-508.el7.s390x.rpm python-perf-debuginfo-3.10.0-508.el7.s390x.rpm x86_64: kernel-3.10.0-508.el7.x86_64.rpm kernel-debug-3.10.0-508.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-508.el7.x86_64.rpm kernel-debuginfo-3.10.0-508.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-508.el7.x86_64.rpm kernel-devel-3.10.0-508.el7.x86_64.rpm kernel-headers-3.10.0-508.el7.x86_64.rpm kernel-tools-3.10.0-508.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-508.el7.x86_64.rpm kernel-tools-libs-3.10.0-508.el7.x86_64.rpm perf-3.10.0-508.el7.x86_64.rpm perf-debuginfo-3.10.0-508.el7.x86_64.rpm python-perf-3.10.0-508.el7.x86_64.rpm python-perf-debuginfo-3.10.0-508.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-514.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm kernel-doc-3.10.0-514.el7.noarch.rpm ppc64: kernel-3.10.0-514.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.el7.ppc64.rpm kernel-debug-3.10.0-514.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.el7.ppc64.rpm kernel-devel-3.10.0-514.el7.ppc64.rpm kernel-headers-3.10.0-514.el7.ppc64.rpm kernel-tools-3.10.0-514.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.el7.ppc64.rpm perf-3.10.0-514.el7.ppc64.rpm perf-debuginfo-3.10.0-514.el7.ppc64.rpm python-perf-3.10.0-514.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.el7.ppc64.rpm ppc64le: kernel-3.10.0-514.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.el7.ppc64le.rpm kernel-debug-3.10.0-514.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.el7.ppc64le.rpm kernel-devel-3.10.0-514.el7.ppc64le.rpm kernel-headers-3.10.0-514.el7.ppc64le.rpm kernel-tools-3.10.0-514.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.el7.ppc64le.rpm perf-3.10.0-514.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.el7.ppc64le.rpm python-perf-3.10.0-514.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.el7.ppc64le.rpm s390x: kernel-3.10.0-514.el7.s390x.rpm kernel-debug-3.10.0-514.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.el7.s390x.rpm kernel-debug-devel-3.10.0-514.el7.s390x.rpm kernel-debuginfo-3.10.0-514.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.el7.s390x.rpm kernel-devel-3.10.0-514.el7.s390x.rpm kernel-headers-3.10.0-514.el7.s390x.rpm kernel-kdump-3.10.0-514.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.el7.s390x.rpm perf-3.10.0-514.el7.s390x.rpm perf-debuginfo-3.10.0-514.el7.s390x.rpm python-perf-3.10.0-514.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.el7.s390x.rpm x86_64: kernel-3.10.0-514.el7.x86_64.rpm kernel-debug-3.10.0-514.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-devel-3.10.0-514.el7.x86_64.rpm kernel-headers-3.10.0-514.el7.x86_64.rpm kernel-tools-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.el7.x86_64.rpm perf-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-514.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.el7.ppc64.rpm perf-debuginfo-3.10.0-514.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-514.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-514.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.el7.noarch.rpm kernel-doc-3.10.0-514.el7.noarch.rpm x86_64: kernel-3.10.0-514.el7.x86_64.rpm kernel-debug-3.10.0-514.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-devel-3.10.0-514.el7.x86_64.rpm kernel-headers-3.10.0-514.el7.x86_64.rpm kernel-tools-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.el7.x86_64.rpm perf-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.el7.x86_64.rpm perf-debuginfo-3.10.0-514.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-4312 https://access.redhat.com/security/cve/CVE-2015-8374 https://access.redhat.com/security/cve/CVE-2015-8543 https://access.redhat.com/security/cve/CVE-2015-8746 https://access.redhat.com/security/cve/CVE-2015-8812 https://access.redhat.com/security/cve/CVE-2015-8844 https://access.redhat.com/security/cve/CVE-2015-8845 https://access.redhat.com/security/cve/CVE-2015-8956 https://access.redhat.com/security/cve/CVE-2016-2053 https://access.redhat.com/security/cve/CVE-2016-2069 https://access.redhat.com/security/cve/CVE-2016-2117 https://access.redhat.com/security/cve/CVE-2016-2384 https://access.redhat.com/security/cve/CVE-2016-2847 https://access.redhat.com/security/cve/CVE-2016-3070 https://access.redhat.com/security/cve/CVE-2016-3156 https://access.redhat.com/security/cve/CVE-2016-3699 https://access.redhat.com/security/cve/CVE-2016-3841 https://access.redhat.com/security/cve/CVE-2016-4569 https://access.redhat.com/security/cve/CVE-2016-4578 https://access.redhat.com/security/cve/CVE-2016-4581 https://access.redhat.com/security/cve/CVE-2016-4794 https://access.redhat.com/security/cve/CVE-2016-5412 https://access.redhat.com/security/cve/CVE-2016-5828 https://access.redhat.com/security/cve/CVE-2016-5829 https://access.redhat.com/security/cve/CVE-2016-6136 https://access.redhat.com/security/cve/CVE-2016-6198 https://access.redhat.com/security/cve/CVE-2016-6327 https://access.redhat.com/security/cve/CVE-2016-6480 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvnGXlSAg2UNWIIRAt0KAJ9EHwzXCUk4h0/OWw0UutzqBegyHQCgudbG nc4j6RLeW23njfwjT51CsVU= =N1Fg -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 3 08:51:29 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Nov 2016 08:51:29 +0000 Subject: [RHSA-2016:2575-02] Moderate: curl security, bug fix, and enhancement update Message-ID: <201611030851.uA38pU7S027223@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2016:2575-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2575.html Issue date: 2016-11-03 CVE Names: CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 ===================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5419) * It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5420) * It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-7141) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1260178 - curl and libcurl truncates username/password in URL to 255 characters 1269855 - Certificate verification fails with multiple https urls [el7/curl] 1275769 - curl requires public ssh key file [RHEL-7] 1305974 - --disable-epsv option ignored for IPv6 hosts 1347904 - Ceph RGW deadlocks in curl_multi_wait 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: curl-7.29.0-35.el7.src.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: curl-7.29.0-35.el7.src.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: curl-7.29.0-35.el7.src.rpm aarch64: curl-7.29.0-35.el7.aarch64.rpm curl-debuginfo-7.29.0-35.el7.aarch64.rpm libcurl-7.29.0-35.el7.aarch64.rpm libcurl-devel-7.29.0-35.el7.aarch64.rpm ppc64: curl-7.29.0-35.el7.ppc64.rpm curl-debuginfo-7.29.0-35.el7.ppc.rpm curl-debuginfo-7.29.0-35.el7.ppc64.rpm libcurl-7.29.0-35.el7.ppc.rpm libcurl-7.29.0-35.el7.ppc64.rpm libcurl-devel-7.29.0-35.el7.ppc.rpm libcurl-devel-7.29.0-35.el7.ppc64.rpm ppc64le: curl-7.29.0-35.el7.ppc64le.rpm curl-debuginfo-7.29.0-35.el7.ppc64le.rpm libcurl-7.29.0-35.el7.ppc64le.rpm libcurl-devel-7.29.0-35.el7.ppc64le.rpm s390x: curl-7.29.0-35.el7.s390x.rpm curl-debuginfo-7.29.0-35.el7.s390.rpm curl-debuginfo-7.29.0-35.el7.s390x.rpm libcurl-7.29.0-35.el7.s390.rpm libcurl-7.29.0-35.el7.s390x.rpm libcurl-devel-7.29.0-35.el7.s390.rpm libcurl-devel-7.29.0-35.el7.s390x.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: curl-7.29.0-35.el7.src.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvp/XlSAg2UNWIIRAlEJAJsGXP/eFO+jx+W8B0wiD9WQ4SEg1gCgqmMq 0TzSpjGHS/3pkZhQmcghKqM= =YdqC -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 3 08:51:49 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Nov 2016 08:51:49 +0000 Subject: [RHSA-2016:2576-02] Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update Message-ID: <201611030851.uA38pnVa026314@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update Advisory ID: RHSA-2016:2576-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2576.html Issue date: 2016-11-03 CVE Names: CVE-2015-8869 ===================================================================== 1. Summary: An update for libguestfs and virt-p2v is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images. Virt-p2v is a tool for conversion of a physical server to a virtual guest. The following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766) Security Fix(es): * An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869) Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 855058 - RFE: virt-p2v: display more information about storage devices 1064041 - virt-sparsify fails if a btrfs filesystem contains readonly snapshots 1099976 - virt-builder gives GPG warning message with gnupg2 1156298 - Remove files in package libguestfs-bash-completion, these files are bash completion files, some of the virt tool completion are already implement in another file, so can remove its completion file 1164708 - set-label can only set <=127 bytes for btrfs and <=126 bytes for ntfs filesystem which not meet the help message. Also for ntfs it should give a warning message when the length >128 bytes 1166057 - btrfs filesystem will not work well if you create the filesystem with multiple disks at the same time, such as: mkfs-btrfs "/dev/sda1 /dev/sdb1" 1167916 - P2V: invalid conversion server prints unexpected end of file waiting for password prompt. 1173695 - RFE: allow passing in a pre-opened libvirt connection from python 1174551 - "lstatnslist" and "lstatlist" don't give an error if the API is used wrongly 1176801 - File /etc/sysconfig/kernel isn't updated when convert XenPV guest with regular kernel installed 1180769 - Security context on image file gets reset 1190669 - Support virt-v2v conversion of Windows > 7 1213324 - virt-v2v: warning: unknown guest operating system: windows windows 6.3 when converting win8,win8.1,win2012,win2012R2,win10 to rhev 1213701 - Fail to import win8/win2012 to rhev with error "selected display type is not supported" 1218766 - Rebase libguestfs in RHEL 7.3 1225789 - Wrong video driver is installed for rhel5.11 guest after conversion to libvirt 1227599 - P2V invalid password prints unexpected end of file waiting for command prompt. 1227609 - virt-p2v: Using "Back" button causes output list to be repopulated multiple times 1229119 - Unrelated info in fstab makes virt-v2v fail with unclear error info 1229386 - virt-p2v in non-GUI mode doesn't show any conversion progress or status 1238053 - v2v:Duplicate disk target set when convert guest with cdrom attached 1239154 - appliance fails to start with "supermin: ext2fs_file_write: /var/log/tallylog: Could not allocate block in ext2 filesystem" 1242853 - mount-loop failed to setup loop device: No such file or directory 1260801 - virt-builder --ssh-inject doesn't set proper permissions on created files 1261242 - virt-v2v should prevent using '-of' option appears twice on the command line 1261436 - No warning shows when convert a win7 guest with AVG AntiVirus installed 1262959 - virt-builder/virt-customize set password does not work 1264835 - ppc64le: virt-customize --install fail to detect the guest arch 1267032 - guestfish copy-in command behaves oddly/unexpectedly with wildcards 1277074 - Virt-p2v client shouldn't present the vdsm option because it's not usable 1277122 - RFE: virt-sparsify: make '--in-place' sparsification safe to abort (gracefully or ungracefully) 1287826 - Remove virt-v2v support for ppc64le 1290755 - guestfish should be able to handle LVM thin layouts 1292437 - Backport virt-v2v pull dcpath from libvirt 1293527 - There should be a reminder to avoid user to edit a guest image by multiple tools at the same time in guestfish man page 1296606 - virt-v2v doesn't remove VirtualBox additions correctly because of file quoting 1306557 - Running 'git clone' in virt-builder or virt-customize results in an error message 1308769 - virt-v2v does not copy additional disks to Glance 1309580 - OS name of win8.1 x64 guest shows incorrect in rhevm3.6 general info 1309619 - Wrong warning info "use standard VGA" shows when converting windows > 7 by virt-v2v 1309706 - error: internal error: Invalid floppy device name: hdb 1309796 - Filter perl provides 1311373 - Fail to install QXL driver for windows 2008r2 and win7 guest after conversion by virt-v2v 1312254 - virt-v2v -o libvirt doesn't preserve or use correct 1314244 - RFE: virt-p2v log window should process colour escapes and backspaces 1315237 - Remove reference info about --dcpath in virt-v2v manual page 1316479 - v2v cmd cannot exit and "block I/O error in device 'appliance': No space left on device (28)" is printed when specified "-v -x" 1318440 - virt-sysprep will fail detecting OS if "/usr" is a distinct partition mounted in "/" via fstab 1325825 - virt-v2v should prevent using multiple '-b' and '-n' option appears on the command line 1326266 - virt-v2v should prevent multiple conflicting for "-oa " 1328766 - Remove --in-place option in virt-v2v help 1332025 - Inspection does not parse /etc/redhat-release containing "Derived from Red Hat Enterprise Linux 7.1 (Source)" 1332090 - CVE-2015-8869 ocaml: sizes arguments are sign-extended from 32 to 64 bits 1340407 - Multiple network ports will not be aligned at p2v client 1340464 - [RFE] Suggestion give user a reminder for "Cancel conversion" button 1340809 - Testing connection timeout when input regular user of conversion server with checked "use sudo......"button 1341564 - virt-p2v spinner should be hidden when it stops spinning 1341608 - Ethtool command is not supported on p2v client 1341984 - virt-get-kernel prompts an 'invalid value' error when using --format auto 1342337 - Should remind a warning about disk image has a partition when using virt-p2v-make-disk 1342398 - Convert a guest from RHEL by virt-v2v but its origin info shows RHEV at rhevm 1342447 - Ifconfig command is not supported on p2v client 1343167 - Failure when disk contains an LV with activationskip=y 1343414 - Failed SSH to conversion server by ssh identity http url at p2v client 1343423 - [RFE]Should give a better description about 'curl error 22' when failed using ssh identity http url at p2v client 1345809 - virt-customize --truncate-recursive should give an error message when specifying a no-existing path 1345813 - virt-sysprep --install always failed to install the packages specified 1348900 - virt-p2v should update error prompt when 'Test connection' with a non-existing user in conversion server 1349237 - virt-inspector can not get windows drive letters for GPT disks 1349342 - Error info is not clear when failed ssh to conversion server using non-root user with password on p2v client 1350363 - Improve error info "remote server timeout unexpectedly waiting for password prompt" when connect to a bogus server at p2v client 1352761 - Virt-manager can't show OS icons of win7/win8/ubuntu guest. 1354335 - overlay of disk images does not specify the format of the backing file 1358142 - Some info will show when convert guest to libvirt by virt-v2v with parameter --quiet 1359652 - Fail to inspect Windows ISO file 1362354 - virt-dib failed to create image using DIB_YUM_REPO_CONF 1362357 - run_command runs exit handlers when execve fails (e.g. due to missing executable) 1362668 - Miscellaneous fixes to tool options 1362669 - Backport improved --selinux-relabel support for virt-sysprep, virt-builder, virt-customize 1364347 - virt-sparsify --in-place failed with UEFI system 1364419 - [virt-p2v]Failed to connect to conversion server while testing LSI-mpt2sas hardware which using bnx2x network driver 1365005 - Guest name is incorrect if convert guest from disk image by virt-v2v 1366456 - Converting rhel7 host installed on RAID:warning: fstrim: fstrim: /sysroot/: the discard operation is not supported 1367615 - OVMF file which is built for rhel7.3 can't be used for virt-v2v uefi conversion 1370424 - virt-manager coredump when vm with gluster image exists 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libguestfs-1.32.7-3.el7.src.rpm noarch: libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm libguestfs-tools-1.32.7-3.el7.noarch.rpm x86_64: libguestfs-1.32.7-3.el7.x86_64.rpm libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm libguestfs-java-1.32.7-3.el7.x86_64.rpm libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm libguestfs-xfs-1.32.7-3.el7.x86_64.rpm perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm python-libguestfs-1.32.7-3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm libguestfs-javadoc-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm x86_64: libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm libguestfs-devel-1.32.7-3.el7.x86_64.rpm libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm libguestfs-rescue-1.32.7-3.el7.x86_64.rpm libguestfs-rsync-1.32.7-3.el7.x86_64.rpm lua-guestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm ruby-libguestfs-1.32.7-3.el7.x86_64.rpm virt-dib-1.32.7-3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libguestfs-1.32.7-3.el7.src.rpm virt-p2v-1.32.7-2.el7.src.rpm noarch: libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm libguestfs-tools-1.32.7-3.el7.noarch.rpm virt-p2v-1.32.7-2.el7.noarch.rpm x86_64: libguestfs-1.32.7-3.el7.x86_64.rpm libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm libguestfs-java-1.32.7-3.el7.x86_64.rpm libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm libguestfs-xfs-1.32.7-3.el7.x86_64.rpm perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm python-libguestfs-1.32.7-3.el7.x86_64.rpm virt-v2v-1.32.7-3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm libguestfs-javadoc-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm x86_64: libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm libguestfs-devel-1.32.7-3.el7.x86_64.rpm libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm libguestfs-rescue-1.32.7-3.el7.x86_64.rpm libguestfs-rsync-1.32.7-3.el7.x86_64.rpm lua-guestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm ruby-libguestfs-1.32.7-3.el7.x86_64.rpm virt-dib-1.32.7-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libguestfs-1.32.7-3.el7.src.rpm noarch: libguestfs-inspect-icons-1.32.7-3.el7.noarch.rpm libguestfs-tools-1.32.7-3.el7.noarch.rpm x86_64: libguestfs-1.32.7-3.el7.x86_64.rpm libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm libguestfs-java-1.32.7-3.el7.x86_64.rpm libguestfs-tools-c-1.32.7-3.el7.x86_64.rpm libguestfs-xfs-1.32.7-3.el7.x86_64.rpm perl-Sys-Guestfs-1.32.7-3.el7.x86_64.rpm python-libguestfs-1.32.7-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: libguestfs-bash-completion-1.32.7-3.el7.noarch.rpm libguestfs-gobject-doc-1.32.7-3.el7.noarch.rpm libguestfs-javadoc-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-ja-1.32.7-3.el7.noarch.rpm libguestfs-man-pages-uk-1.32.7-3.el7.noarch.rpm x86_64: libguestfs-debuginfo-1.32.7-3.el7.x86_64.rpm libguestfs-devel-1.32.7-3.el7.x86_64.rpm libguestfs-gfs2-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-1.32.7-3.el7.x86_64.rpm libguestfs-gobject-devel-1.32.7-3.el7.x86_64.rpm libguestfs-java-devel-1.32.7-3.el7.x86_64.rpm libguestfs-rescue-1.32.7-3.el7.x86_64.rpm libguestfs-rsync-1.32.7-3.el7.x86_64.rpm lua-guestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-1.32.7-3.el7.x86_64.rpm ocaml-libguestfs-devel-1.32.7-3.el7.x86_64.rpm ruby-libguestfs-1.32.7-3.el7.x86_64.rpm virt-dib-1.32.7-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8869 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvqeXlSAg2UNWIIRAriHAJ9FbswQlx4PF1JzLAs/7Ol11kA9ywCaAjyZ FAqe2QgPmgwRZEjHvFMTIqs= =oJlz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 3 08:52:15 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Nov 2016 08:52:15 +0000 Subject: [RHSA-2016:2577-02] Moderate: libvirt security, bug fix, and enhancement update Message-ID: <201611030852.uA38qFcA013231@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2016:2577-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2577.html Issue date: 2016-11-03 CVE Names: CVE-2015-5160 CVE-2015-5313 CVE-2016-5008 ===================================================================== 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es): * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 846810 - Automagically iptables rules added by libvirt can't be avoided/disabled 868771 - The virtual size of the vol should not be reduced after wiped 921135 - qemu: could not load kernel ... Permission denied 986365 - using polkit with virsh for non-root access does not work via ssh or locally 997561 - RFE: virsh: provide easy pci-passthrough netdev attach command 1002423 - Libvirt should forbid or remove the duplicate /
subelements in element of virtual network 1004593 - libvirt should provide a more useful error message when a PCI controller is configured to plug into itself (bus = index) 1004602 - error message need be improved for q35 guest with wrong controller 1025230 - libvirt activate pool with invalid source. 1026136 - Volume download speed is slow 1038888 - [Doc] 3 problems in nwfilter doc 1046833 - Warn users against setting memory hard limit too high when used for mlock or rdma-pin-all 1051350 - Support the readonly attribute for SCSI passthrough devices 1055331 - virDevicePCIAddressParseXML check failed for PCI device 0000:00:00.0 1077068 - Wrong allocation size when create/resize volumes in NFS pool 1097930 - [RFE] Hot Un-Plug CPU - Support dynamic virtual CPU deallocation - libvirt 1103314 - RFE: configure guest NUMA node locality for guest PCI devices 1103845 - glusterfs backend does not support discard (libvirt) 1120053 - Option shareable does not take effect after injecting a cdrom to guest by attach-disk 1134878 - libvirt reports json "backing file" is missing 1139766 - need a non-event way to determine qemu's current offset from utc 1151723 - migration will hang after use migrate with --graphicsuri and guest status will be locked 1159219 - [RFE] Update-device support update startupPolicy option to domain XML 1163091 - pool allocation value too large after volume creation 1166452 - Report better error message for reordered companion controllers 1168453 - Disk should be removed while using no-exist 'file' type volume with startupPolicy='optional' 1180092 - When set/update graphics password to empty, log in guest with spice and vnc show different behaviour 1180486 - [Power KVM] Floppy disk couldn't be detected on PPC64 guest 1195176 - [RFE] add virtio-gpu and virtio-vga support 1196711 - block job status is missing when zero-length copy job is in mirroring phase 1197592 - blockcopy always failed when with option "--pivot" 1209802 - Blockcopy for lun device changes disk type=block to file, however, it's unsupported configuration 1210587 - When libvirt automatically fill up SCSI virtual disk's target address, it doesn't check existing hostdev SCSI device's target address, and this will cause conflict. 1215968 - Libvirt does not generate guest USB addresses 1216281 - Guest show blackscreen after resume the guest which paused by watchdog 1220702 - wrong display of current memory after memory hot-plug 1227880 - update floppy command line options for QEMU's pc-q35-rhel7.2.0+ machine types 1231114 - [RFE] add virtio-input support 1233003 - Manually created LVM is deleted by virsh vol-create-as if it is having the same name 1233115 - Blockcopy always fail when use options "granularity" 1235180 - guest will have broken settings if we cold-unplug a vcpu which included in some domain vcpu sched 1235581 - RFE: Enable the intel-iommu device in QEMU 1240439 - Add multiqueue support for 'direct' interface types. 1243684 - Virsh client doesn't print error message when the connection is reset by server on some ocassion. 1244128 - Setvcpu should inherit the cputune value in cgroups was set before via schedinfo 1244567 - Guest agent should report proper error while guest agent was unreachable and restart libvirtd service 1245476 - error not right when set memtune but get failed 1245525 - libvirt should reject metadata elements not belonging to any namespace 1245647 - CVE-2015-5160 libvirt: Ceph id/key leaked in the process list 1247521 - RFE: libvirt: support multiple volume hosts for gluster volumes 1247987 - volume info has incorrect allocation value for extended partition. 1248277 - no error output when pass a negative number to setvcpus 1249441 - cpu-stats returns error messages with --start (number >=32) 1249981 - iothreadpin will pin one of libvirtd thread with qemu 1.5 1250287 - domfsinfo do not have output in quiet mode 1250331 - Change-media cannot insert if disk source element with startupPolicy 1251461 - libvirt produced ambiguous error message when create disk pool with a block device which has no disk label 1253107 - blkiotune cannot live update value into domain xml via --weight 1254152 - error should be improved when use some virsh command get failure 1256999 - libvirt shouldn't add extra "auth type" into domain xml when using iscsi volume disk with secret setting. 1257486 - libvirt could have a check to host node during use numatune 1260576 - guest which use big maxmemory will lose track after restart libvirtd 1260749 - RFE: support QXL vram64 parameter 1261432 - net-dhcp-leases should return error when parse invalid mac 1263574 - vpx: Include dcpath output in libvirt XML 1264008 - libvirt take too much time to redefine a guest when set a big iothreads 1265049 - Offline migration failed with memory device when guest is shutoff. 1265114 - Wrong error when call allocPages and specify a 0 page size 1266078 - Audit log entries for hot(un)plugged memory devices are sometimes incorrect 1266982 - libvirt should emit warning/error if vhostuser network device is used, but shared memory is not configured 1267256 - do not crash if a machine config in /etc/libvirt is missing a machine type 1269575 - Guest state "crashed" does not get updated after "virsh reset" 1269715 - Can't start VM with memory modules if memory placement is auto 1270427 - libvirt should escape possible invalid characters. 1270709 - Volume's allocation should be updated automatically while doing virsh vol-wipe 1270715 - Wrong display of numatune result if guest use numad advise 1271069 - Change media fail with virtio scsi cdrom when tray is open 1271107 - The vaule of Used memory in 'virsh dominfo' is 0 when the guest is shut off 1272301 - virsh client crash when pass an empty string to dump option format 1273480 - ppc64le: VFIO doesn't work for small guests (1 GiB) 1273491 - VM with attached VFIO device is powered off when trying to hotplug increase memory of VM. 1273686 - libvirt do not check the if the serial type is changed during migrate/save 1275039 - internal error: Invalid or not yet handled value 'emptyBackingString' for VMX entry 'ide1:0.fileName' for device type 'cdrom-image' 1276198 - Fail to create pool with a virtual HBA in NPIV 1277121 - CVE-2015-5313 libvirt: filesystem storage volume names path traversal flaw 1277781 - Libvirtd segment fault when create and destroy a fc_host pool with a short pause 1278068 - cannot start virtual machine after renaming it 1278404 - error "unsupported migration cookie feature memory-hotplug" is reported despite migration working 1278421 - Cannot PXE boot using VF devices 1278727 - "virsh domjobinfo" hangs on destination host during migration. 1281706 - virsh domcontrol will show different result to a inactive guest 1281707 - some virsh cmd get failure without set error message 1281710 - It's better support to delete snapshots for rbd volume 1282288 - Unable to set permission when a volume is created in root squash netfs pool 1282744 - Actual downtime - Sometimes libvirt doesn't report 'downtime_net' in jobStats while migrating VM/s 1282846 - libvirt can not start a VM with non-ACSII or long names: Invalid machine name (from systemd) 1283085 - Creating external disk snapshot for a guest which has two disks with the same prefix name?the disks become the same name in xml 1285665 - Fail to valid the guest's xml while set the graphical listen as ipv6 address which end with "::" on rhel7 1286679 - Rebase libvirt to current upstream release 1288000 - Virsh lacks support for the scale (MiB/s OR Bytes/s) for block job bandwidth 1288690 - Error message misleads users when 2 or more IDE controllers are configured 1289288 - Live Migration dynamic cpu throttling for auto-convergence (libvirt) 1289363 - 59-character name-length limitation when creating VMs 1289391 - Libvirt incorrectly unplug the backend when host device frontent hotplug fails 1290324 - libvirt should forbid set current cpu is 0 in xml 1293241 - libvirt should forbid set 0,^0 in cpuset instead of generate a xml which have broken settings 1293804 - libvirt fails to unlink the image disks after creating VMs using virt-install: cannot unlink file 'FOO': Success 1293899 - Libvirt mishandle the internal snapshot with AHCI device 1294617 - Migration fails with -dname option when guest agent is specified 1297020 - ppc64 guests default to legacy -usb option instead of -device pci-ohci 1297690 - XML-RPC error : Cannot write data: Transport endpoint is not connected 1298065 - The size of raw image is incorect after clone without --nonsparse 1299696 - Set spice graphic port to '-1', the port allocated to the guest can't be used again after the guest is managedsaved or shutoff. 1301021 - RFE: add support for LUKS disk encryption format driver w/ RBD, iSCSI, and qcow2 1302373 - libvirt_driver_qemu.so references libvirt_driver_storage.so 1305922 - Set cgroup device ACLs to allow block device for NVRAM backing store 1306556 - [RFE] Allow specifying cpu pinning for inactive vcpus 1308317 - libvirt check the wrong cpu placement status when change the emulator/iothreadpin configuration 1312188 - virtlogd failed to open guest log file while doing migration 1313264 - direct interface with multiqueue enabled donesn't support hotplugging 1313314 - libvirt will not override a target name with prefix of 'vif' in guest's xml interface part, which do not conform to the description in libvirt.org 1313627 - Fail to restore vm with usb keyboard config on ppc64le 1314594 - Libvirt should reject to rename a domain in saved status. 1315059 - improve the error when undefine transient network 1316371 - libvirt auto remove the vcpupin config when cold-unplug vcpu 1316384 - libvirt report wrong error when parse vcpupin info 1316420 - libvirtd crashed if set vcpusched vcpus over maxvcpu 1316433 - cmd domstats cause libvirtd memleak 1316465 - active virtual network based on linux bridge will becase inactive after libvirtd restart 1317531 - libvirt does not report PCI_HEADER_TYPE in node device XML 1318569 - Eject cdrom fails since tray is locked but next try succeeds 1318993 - vol-create-from failed for logical pool 1319044 - log error when requested on a 1320447 - [RFE] Report memory hotunplug failure 1320470 - Migrating guest with default guest agent socket path from 1.3.x to 1.2.17 failed 1320500 - migration from RHEL6.8 to RHEL7.3 host failed with error "Unsupported migration cookie feature persistent" 1320836 - when vol-create-as a volume with invalid name in a disk pool, libvirt produced error, but parted still created a partition and multipathd didn't generate symbolic link in /dev/mapper 1320893 - libvirt-python: rename a domain with empty string will make it disappear 1321546 - libvirt fails to create a macvtap deivce if an attempted name was already created by some process other than libvirt 1322210 - Fail to hotplug guest agent with libvirt-1.3.2-1.el7 1323085 - generate bootindex even when is specified 1324551 - Hotplug of memory/rng device fails after unplugging device of the same type that is not last 1324757 - libvirtd crashed if destroy then start a guest which have redirdev device 1325043 - libvirt forget free priv->machineName when clear guest resource 1325072 - "virtlogd --verbose" doesn't output verbose messages 1325075 - The old logging way(file) is used when no qemu.conf file exists 1325080 - Virtlogd doesn't release client resource after guest restore from a saved file. 1325757 - virsh create fails if