From bugzilla at redhat.com Wed Feb 1 10:10:55 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Feb 2017 10:10:55 +0000 Subject: [RHSA-2017:0225-01] Moderate: libtiff security update Message-ID: <201702011010.v11AAw0Q017112@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libtiff security update Advisory ID: RHSA-2017:0225-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0225.html Issue date: 2017-02-01 CVE Names: CVE-2015-8870 CVE-2016-5652 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9540 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1389222 - CVE-2016-5652 libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow 1397751 - CVE-2016-9534 libtiff: TIFFFlushData1 heap-buffer-overflow 1397755 - CVE-2016-9535 libtiff: Predictor heap-buffer-overflow 1397758 - CVE-2016-9536 libtiff: t2p_process_jpeg_strip heap-buffer-overflow 1397760 - CVE-2016-9537 libtiff: Out-of-bounds write vulnerabilities in tools/tiffcrop.c 1397768 - CVE-2016-9540 libtiff: cpStripToTile heap-buffer-overflow 1397769 - CVE-2016-9533 libtiff: PixarLog horizontalDifference heap-buffer-overflow 1402778 - CVE-2015-8870 libtiff: Integer overflow in tools/bmp2tiff.c 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libtiff-3.9.4-21.el6_8.src.rpm i386: libtiff-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm x86_64: libtiff-3.9.4-21.el6_8.i686.rpm libtiff-3.9.4-21.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-devel-3.9.4-21.el6_8.i686.rpm libtiff-static-3.9.4-21.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm libtiff-devel-3.9.4-21.el6_8.i686.rpm libtiff-devel-3.9.4-21.el6_8.x86_64.rpm libtiff-static-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libtiff-3.9.4-21.el6_8.src.rpm x86_64: libtiff-3.9.4-21.el6_8.i686.rpm libtiff-3.9.4-21.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm libtiff-devel-3.9.4-21.el6_8.i686.rpm libtiff-devel-3.9.4-21.el6_8.x86_64.rpm libtiff-static-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libtiff-3.9.4-21.el6_8.src.rpm i386: libtiff-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-devel-3.9.4-21.el6_8.i686.rpm ppc64: libtiff-3.9.4-21.el6_8.ppc.rpm libtiff-3.9.4-21.el6_8.ppc64.rpm libtiff-debuginfo-3.9.4-21.el6_8.ppc.rpm libtiff-debuginfo-3.9.4-21.el6_8.ppc64.rpm libtiff-devel-3.9.4-21.el6_8.ppc.rpm libtiff-devel-3.9.4-21.el6_8.ppc64.rpm s390x: libtiff-3.9.4-21.el6_8.s390.rpm libtiff-3.9.4-21.el6_8.s390x.rpm libtiff-debuginfo-3.9.4-21.el6_8.s390.rpm libtiff-debuginfo-3.9.4-21.el6_8.s390x.rpm libtiff-devel-3.9.4-21.el6_8.s390.rpm libtiff-devel-3.9.4-21.el6_8.s390x.rpm x86_64: libtiff-3.9.4-21.el6_8.i686.rpm libtiff-3.9.4-21.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm libtiff-devel-3.9.4-21.el6_8.i686.rpm libtiff-devel-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-static-3.9.4-21.el6_8.i686.rpm ppc64: libtiff-debuginfo-3.9.4-21.el6_8.ppc64.rpm libtiff-static-3.9.4-21.el6_8.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-21.el6_8.s390x.rpm libtiff-static-3.9.4-21.el6_8.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm libtiff-static-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libtiff-3.9.4-21.el6_8.src.rpm i386: libtiff-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-devel-3.9.4-21.el6_8.i686.rpm x86_64: libtiff-3.9.4-21.el6_8.i686.rpm libtiff-3.9.4-21.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm libtiff-devel-3.9.4-21.el6_8.i686.rpm libtiff-devel-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm libtiff-static-3.9.4-21.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm libtiff-static-3.9.4-21.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libtiff-4.0.3-27.el7_3.src.rpm x86_64: libtiff-4.0.3-27.el7_3.i686.rpm libtiff-4.0.3-27.el7_3.x86_64.rpm libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm libtiff-devel-4.0.3-27.el7_3.i686.rpm libtiff-devel-4.0.3-27.el7_3.x86_64.rpm libtiff-static-4.0.3-27.el7_3.i686.rpm libtiff-static-4.0.3-27.el7_3.x86_64.rpm libtiff-tools-4.0.3-27.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libtiff-4.0.3-27.el7_3.src.rpm x86_64: libtiff-4.0.3-27.el7_3.i686.rpm libtiff-4.0.3-27.el7_3.x86_64.rpm libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm libtiff-devel-4.0.3-27.el7_3.i686.rpm libtiff-devel-4.0.3-27.el7_3.x86_64.rpm libtiff-static-4.0.3-27.el7_3.i686.rpm libtiff-static-4.0.3-27.el7_3.x86_64.rpm libtiff-tools-4.0.3-27.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libtiff-4.0.3-27.el7_3.src.rpm aarch64: libtiff-4.0.3-27.el7_3.aarch64.rpm libtiff-debuginfo-4.0.3-27.el7_3.aarch64.rpm libtiff-devel-4.0.3-27.el7_3.aarch64.rpm ppc64: libtiff-4.0.3-27.el7_3.ppc.rpm libtiff-4.0.3-27.el7_3.ppc64.rpm libtiff-debuginfo-4.0.3-27.el7_3.ppc.rpm libtiff-debuginfo-4.0.3-27.el7_3.ppc64.rpm libtiff-devel-4.0.3-27.el7_3.ppc.rpm libtiff-devel-4.0.3-27.el7_3.ppc64.rpm ppc64le: libtiff-4.0.3-27.el7_3.ppc64le.rpm libtiff-debuginfo-4.0.3-27.el7_3.ppc64le.rpm libtiff-devel-4.0.3-27.el7_3.ppc64le.rpm s390x: libtiff-4.0.3-27.el7_3.s390.rpm libtiff-4.0.3-27.el7_3.s390x.rpm libtiff-debuginfo-4.0.3-27.el7_3.s390.rpm libtiff-debuginfo-4.0.3-27.el7_3.s390x.rpm libtiff-devel-4.0.3-27.el7_3.s390.rpm libtiff-devel-4.0.3-27.el7_3.s390x.rpm x86_64: libtiff-4.0.3-27.el7_3.i686.rpm libtiff-4.0.3-27.el7_3.x86_64.rpm libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm libtiff-devel-4.0.3-27.el7_3.i686.rpm libtiff-devel-4.0.3-27.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: libtiff-debuginfo-4.0.3-27.el7_3.aarch64.rpm libtiff-static-4.0.3-27.el7_3.aarch64.rpm libtiff-tools-4.0.3-27.el7_3.aarch64.rpm ppc64: libtiff-debuginfo-4.0.3-27.el7_3.ppc.rpm libtiff-debuginfo-4.0.3-27.el7_3.ppc64.rpm libtiff-static-4.0.3-27.el7_3.ppc.rpm libtiff-static-4.0.3-27.el7_3.ppc64.rpm libtiff-tools-4.0.3-27.el7_3.ppc64.rpm ppc64le: libtiff-debuginfo-4.0.3-27.el7_3.ppc64le.rpm libtiff-static-4.0.3-27.el7_3.ppc64le.rpm libtiff-tools-4.0.3-27.el7_3.ppc64le.rpm s390x: libtiff-debuginfo-4.0.3-27.el7_3.s390.rpm libtiff-debuginfo-4.0.3-27.el7_3.s390x.rpm libtiff-static-4.0.3-27.el7_3.s390.rpm libtiff-static-4.0.3-27.el7_3.s390x.rpm libtiff-tools-4.0.3-27.el7_3.s390x.rpm x86_64: libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm libtiff-static-4.0.3-27.el7_3.i686.rpm libtiff-static-4.0.3-27.el7_3.x86_64.rpm libtiff-tools-4.0.3-27.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libtiff-4.0.3-27.el7_3.src.rpm x86_64: libtiff-4.0.3-27.el7_3.i686.rpm libtiff-4.0.3-27.el7_3.x86_64.rpm libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm libtiff-devel-4.0.3-27.el7_3.i686.rpm libtiff-devel-4.0.3-27.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-27.el7_3.i686.rpm libtiff-debuginfo-4.0.3-27.el7_3.x86_64.rpm libtiff-static-4.0.3-27.el7_3.i686.rpm libtiff-static-4.0.3-27.el7_3.x86_64.rpm libtiff-tools-4.0.3-27.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8870 https://access.redhat.com/security/cve/CVE-2016-5652 https://access.redhat.com/security/cve/CVE-2016-9533 https://access.redhat.com/security/cve/CVE-2016-9534 https://access.redhat.com/security/cve/CVE-2016-9535 https://access.redhat.com/security/cve/CVE-2016-9536 https://access.redhat.com/security/cve/CVE-2016-9537 https://access.redhat.com/security/cve/CVE-2016-9540 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkbOXXlSAg2UNWIIRAnjDAJ4gVk3+VywCcLC3N1RKzul687ZW8QCfTzJt wgGwbbLO6IYrzVJoFb/jZ6U= =hp6s -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 1 22:26:45 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Feb 2017 22:26:45 +0000 Subject: [RHSA-2017:0226-01] Moderate: rabbitmq-server security update Message-ID: <201702012226.v11MQk0S031775@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rabbitmq-server security update Advisory ID: RHSA-2017:0226-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0226.html Issue date: 2017-02-01 CVE Names: CVE-2015-8786 ===================================================================== 1. Summary: An update for rabbitmq-server is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix(es): * A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large. (CVE-2015-8786) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1404150 - CVE-2015-8786 rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: rabbitmq-server-3.3.5-30.el7ost.src.rpm noarch: rabbitmq-server-3.3.5-30.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8786 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkl5iXlSAg2UNWIIRAtWSAKC6Ioz+cDjzJrGKltMwfV7QCVi4hwCbBCyh oh01pugmNmXoTau2zLb3hAk= =L/k5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 2 05:43:12 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 2 Feb 2017 05:43:12 +0000 Subject: [RHSA-2017:0238-01] Important: thunderbird security update Message-ID: <201702020543.v125hC09011483@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2017:0238-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0238.html Issue date: 2017-02-02 CVE Names: CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1415924 - CVE-2017-5373 Mozilla: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (MFSA 2017-01) 1416271 - CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02) 1416272 - CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02) 1416273 - CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02) 1416274 - CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02) 1416279 - CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02) 1416280 - CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02) 1416281 - CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-45.7.0-1.el5_11.src.rpm i386: thunderbird-45.7.0-1.el5_11.i386.rpm thunderbird-debuginfo-45.7.0-1.el5_11.i386.rpm x86_64: thunderbird-45.7.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-45.7.0-1.el5_11.src.rpm i386: thunderbird-45.7.0-1.el5_11.i386.rpm thunderbird-debuginfo-45.7.0-1.el5_11.i386.rpm x86_64: thunderbird-45.7.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-45.7.0-1.el6_8.src.rpm i386: thunderbird-45.7.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.7.0-1.el6_8.i686.rpm x86_64: thunderbird-45.7.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-45.7.0-1.el6_8.src.rpm i386: thunderbird-45.7.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.7.0-1.el6_8.i686.rpm ppc64: thunderbird-45.7.0-1.el6_8.ppc64.rpm thunderbird-debuginfo-45.7.0-1.el6_8.ppc64.rpm s390x: thunderbird-45.7.0-1.el6_8.s390x.rpm thunderbird-debuginfo-45.7.0-1.el6_8.s390x.rpm x86_64: thunderbird-45.7.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-45.7.0-1.el6_8.src.rpm i386: thunderbird-45.7.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.7.0-1.el6_8.i686.rpm x86_64: thunderbird-45.7.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-45.7.0-1.el7_3.src.rpm x86_64: thunderbird-45.7.0-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-45.7.0-1.el7_3.src.rpm aarch64: thunderbird-45.7.0-1.el7_3.aarch64.rpm thunderbird-debuginfo-45.7.0-1.el7_3.aarch64.rpm ppc64le: thunderbird-45.7.0-1.el7_3.ppc64le.rpm thunderbird-debuginfo-45.7.0-1.el7_3.ppc64le.rpm x86_64: thunderbird-45.7.0-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-45.7.0-1.el7_3.src.rpm x86_64: thunderbird-45.7.0-1.el7_3.x86_64.rpm thunderbird-debuginfo-45.7.0-1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5373 https://access.redhat.com/security/cve/CVE-2017-5375 https://access.redhat.com/security/cve/CVE-2017-5376 https://access.redhat.com/security/cve/CVE-2017-5378 https://access.redhat.com/security/cve/CVE-2017-5380 https://access.redhat.com/security/cve/CVE-2017-5383 https://access.redhat.com/security/cve/CVE-2017-5390 https://access.redhat.com/security/cve/CVE-2017-5396 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYksbBXlSAg2UNWIIRAmE/AJ9v2GkhbI7z8KNm4DsEjP8Qhjn8/wCfQrsj udSzVHVv4uPEHHnQzABhJOE= =E0xe -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 6 04:57:59 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 5 Feb 2017 23:57:59 -0500 Subject: [RHSA-2017:0253-01] Moderate: spice-server security update Message-ID: <201702060458.v164vxts004906@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: spice-server security update Advisory ID: RHSA-2017:0253-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0253.html Issue date: 2017-02-06 CVE Names: CVE-2016-9577 CVE-2016-9578 ===================================================================== 1. Summary: An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es): * A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) * A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578) These issues were discovered by Frediano Ziglio (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All applications using SPICE (most notably all QEMU-KVM instances using the SPICE console) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1399566 - CVE-2016-9578 spice: Remote DoS via crafted message 1401603 - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: spice-server-0.12.4-13.el6_8.2.src.rpm x86_64: spice-server-0.12.4-13.el6_8.2.x86_64.rpm spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm spice-server-devel-0.12.4-13.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: spice-server-0.12.4-13.el6_8.2.src.rpm x86_64: spice-server-0.12.4-13.el6_8.2.x86_64.rpm spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm spice-server-devel-0.12.4-13.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: spice-server-0.12.4-13.el6_8.2.src.rpm x86_64: spice-server-0.12.4-13.el6_8.2.x86_64.rpm spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm spice-server-devel-0.12.4-13.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: spice-server-0.12.4-13.el6_8.2.src.rpm x86_64: spice-server-0.12.4-13.el6_8.2.x86_64.rpm spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-13.el6_8.2.x86_64.rpm spice-server-devel-0.12.4-13.el6_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9577 https://access.redhat.com/security/cve/CVE-2016-9578 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYmAJUXlSAg2UNWIIRAlUAAJ4l5sd4XzgYDEY7jYdsY9tPY24T0QCgnbvA 0CuIfprnS5cvz7i6BMXDM5E= =x6n1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 6 04:58:03 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 5 Feb 2017 23:58:03 -0500 Subject: [RHSA-2017:0254-01] Moderate: spice security update Message-ID: <201702060458.v164w3qO031455@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: spice security update Advisory ID: RHSA-2017:0254-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0254.html Issue date: 2017-02-06 CVE Names: CVE-2016-9577 CVE-2016-9578 ===================================================================== 1. Summary: An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) * A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578) These issues were discovered by Frediano Ziglio (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All applications using SPICE (most notably all QEMU-KVM instances using the SPICE console) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1399566 - CVE-2016-9578 spice: Remote DoS via crafted message 1401603 - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: spice-0.12.4-20.el7_3.src.rpm x86_64: spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-0.12.4-20.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-devel-0.12.4-20.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: spice-0.12.4-20.el7_3.src.rpm x86_64: spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-0.12.4-20.el7_3.x86_64.rpm spice-server-devel-0.12.4-20.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: spice-0.12.4-20.el7_3.src.rpm x86_64: spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-0.12.4-20.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-devel-0.12.4-20.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: spice-0.12.4-20.el7_3.src.rpm x86_64: spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-0.12.4-20.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-devel-0.12.4-20.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9577 https://access.redhat.com/security/cve/CVE-2016-9578 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYmAJYXlSAg2UNWIIRAouvAKDEsDCpWxlCGhB2EEiZUCy9gJI+tACcCYOZ 20Jg0NYBs1m9+s/BoVL4RN4= =QJe6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 6 06:24:51 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 6 Feb 2017 06:24:51 +0000 Subject: [RHSA-2017:0252-01] Moderate: ntp security update Message-ID: <201702060624.v166Oq6S030598@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2017:0252-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0252.html Issue date: 2017-02-06 CVE Names: CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 ===================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the ntpd daemon will restart automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1397319 - CVE-2016-9310 ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector 1397341 - CVE-2016-7429 ntp: Attack on interface selection 1397345 - CVE-2016-7426 ntp: Client rate limiting and server responses 1397347 - CVE-2016-7433 ntp: Broken initial sync calculations regression 1398350 - CVE-2016-9311 ntp: Null pointer dereference when trap service is enabled 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-10.el6_8.2.src.rpm i386: ntp-4.2.6p5-10.el6_8.2.i686.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm ntpdate-4.2.6p5-10.el6_8.2.i686.rpm x86_64: ntp-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntpdate-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm ntp-perl-4.2.6p5-10.el6_8.2.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6_8.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-perl-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-10.el6_8.2.src.rpm x86_64: ntp-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntpdate-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-10.el6_8.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-perl-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-10.el6_8.2.src.rpm i386: ntp-4.2.6p5-10.el6_8.2.i686.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm ntpdate-4.2.6p5-10.el6_8.2.i686.rpm ppc64: ntp-4.2.6p5-10.el6_8.2.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.ppc64.rpm ntpdate-4.2.6p5-10.el6_8.2.ppc64.rpm s390x: ntp-4.2.6p5-10.el6_8.2.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.s390x.rpm ntpdate-4.2.6p5-10.el6_8.2.s390x.rpm x86_64: ntp-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntpdate-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm ntp-perl-4.2.6p5-10.el6_8.2.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6_8.2.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-10.el6_8.2.ppc64.rpm ntp-perl-4.2.6p5-10.el6_8.2.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-10.el6_8.2.s390x.rpm ntp-perl-4.2.6p5-10.el6_8.2.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-perl-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-10.el6_8.2.src.rpm i386: ntp-4.2.6p5-10.el6_8.2.i686.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm ntpdate-4.2.6p5-10.el6_8.2.i686.rpm x86_64: ntp-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntpdate-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm ntp-perl-4.2.6p5-10.el6_8.2.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6_8.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-perl-4.2.6p5-10.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-25.el7_3.1.src.rpm x86_64: ntp-4.2.6p5-25.el7_3.1.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm ntpdate-4.2.6p5-25.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-25.el7_3.1.noarch.rpm ntp-perl-4.2.6p5-25.el7_3.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm sntp-4.2.6p5-25.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-25.el7_3.1.src.rpm x86_64: ntp-4.2.6p5-25.el7_3.1.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm ntpdate-4.2.6p5-25.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-25.el7_3.1.noarch.rpm ntp-perl-4.2.6p5-25.el7_3.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm sntp-4.2.6p5-25.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-25.el7_3.1.src.rpm aarch64: ntp-4.2.6p5-25.el7_3.1.aarch64.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.aarch64.rpm ntpdate-4.2.6p5-25.el7_3.1.aarch64.rpm ppc64: ntp-4.2.6p5-25.el7_3.1.ppc64.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.ppc64.rpm ntpdate-4.2.6p5-25.el7_3.1.ppc64.rpm ppc64le: ntp-4.2.6p5-25.el7_3.1.ppc64le.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.ppc64le.rpm ntpdate-4.2.6p5-25.el7_3.1.ppc64le.rpm s390x: ntp-4.2.6p5-25.el7_3.1.s390x.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.s390x.rpm ntpdate-4.2.6p5-25.el7_3.1.s390x.rpm x86_64: ntp-4.2.6p5-25.el7_3.1.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm ntpdate-4.2.6p5-25.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: ntp-debuginfo-4.2.6p5-25.el7_3.1.aarch64.rpm sntp-4.2.6p5-25.el7_3.1.aarch64.rpm noarch: ntp-doc-4.2.6p5-25.el7_3.1.noarch.rpm ntp-perl-4.2.6p5-25.el7_3.1.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-25.el7_3.1.ppc64.rpm sntp-4.2.6p5-25.el7_3.1.ppc64.rpm ppc64le: ntp-debuginfo-4.2.6p5-25.el7_3.1.ppc64le.rpm sntp-4.2.6p5-25.el7_3.1.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-25.el7_3.1.s390x.rpm sntp-4.2.6p5-25.el7_3.1.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm sntp-4.2.6p5-25.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-25.el7_3.1.src.rpm x86_64: ntp-4.2.6p5-25.el7_3.1.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm ntpdate-4.2.6p5-25.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-25.el7_3.1.noarch.rpm ntp-perl-4.2.6p5-25.el7_3.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm sntp-4.2.6p5-25.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7426 https://access.redhat.com/security/cve/CVE-2016-7429 https://access.redhat.com/security/cve/CVE-2016-7433 https://access.redhat.com/security/cve/CVE-2016-9310 https://access.redhat.com/security/cve/CVE-2016-9311 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYmBasXlSAg2UNWIIRAtaKAKCm2dAxAx1w4jCUz0puJyIXXpuaeQCgtbPU QI1oAu3rHY96U/5WIC/xF4g= =qaRk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 9 12:35:51 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 9 Feb 2017 12:35:51 +0000 Subject: [RHSA-2017:0263-01] Critical: java-1.8.0-ibm security update Message-ID: <201702091235.v19CZqpt001715@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2017:0263-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0263.html Issue date: 2017-02-09 CVE Names: CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.i686.rpm ppc64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.ppc64.rpm s390x: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.ppc.rpm java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.ppc.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.s390.rpm java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.s390.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.0-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical https://developer.ibm.com/javasdk/support/security-vulnerabilities/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYnGAvXlSAg2UNWIIRAvvtAKCal2mhZkEa7rpXfOMrCLGXn+7TDwCcDDhu rel2kdg7+FrrssLU08I2ul8= =/Idb -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 13 11:47:24 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Feb 2017 11:47:24 +0000 Subject: [RHSA-2017:0269-01] Critical: java-1.7.0-openjdk security update Message-ID: <201702131147.v1DBlP1C031130@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2017:0269-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0269.html Issue date: 2017-02-13 CVE Names: CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.src.rpm i386: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.src.rpm i386: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.src.rpm i386: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8.i686.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el6_8.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el7_3.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el7_3.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.src.rpm aarch64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm ppc64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm ppc64le: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm s390x: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.aarch64.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el7_3.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.ppc64.rpm ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.ppc64le.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.s390x.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.131-2.6.9.0.el7_3.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.131-2.6.9.0.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYoZxcXlSAg2UNWIIRAvlTAJwKVF4PmR0oIqQakvIA6GtyzDo/hACgo/OT jVjA9l0Oq4A9crHj0Ikegog= =Yl4u -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 15 10:53:37 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Feb 2017 10:53:37 +0000 Subject: [RHSA-2017:0270-01] Important: kernel security and bug fix update Message-ID: <201702151053.v1FAraRQ002401@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0270-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0270.html Issue date: 2017-02-15 CVE Names: CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) Bug Fix(es): * Previously, an XFS corruption in some cases occurred on Seagate 8TB drive based volumes after a planned system shutdown or reboot, when a disk write back cache was used. With this update, the megaraid_sas driver has been fixed and the XFS corruption no longer occurs in the described scenario. (BZ#1398177) * Previously, booting a kdump kernel in some cases failed with this error: Kernel panic - not syncing: Watchdog detected hard LOCKUP on CPU 0. This update ensures that the hpet timer software counters, including hpet_default_delta and hpet_t1_cmp, are initialized before an interrupt request is registered, and the kdump kernel now boots without the mentioned error message. (BZ#1404180) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.48.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.48.1.el7.noarch.rpm kernel-doc-3.10.0-229.48.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.48.1.el7.x86_64.rpm kernel-debug-3.10.0-229.48.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.48.1.el7.x86_64.rpm kernel-devel-3.10.0-229.48.1.el7.x86_64.rpm kernel-headers-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.48.1.el7.x86_64.rpm perf-3.10.0-229.48.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.48.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm python-perf-3.10.0-229.48.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.48.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.48.1.el7.noarch.rpm kernel-doc-3.10.0-229.48.1.el7.noarch.rpm ppc64: kernel-3.10.0-229.48.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.48.1.el7.ppc64.rpm kernel-debug-3.10.0-229.48.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.48.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.48.1.el7.ppc64.rpm kernel-devel-3.10.0-229.48.1.el7.ppc64.rpm kernel-headers-3.10.0-229.48.1.el7.ppc64.rpm kernel-tools-3.10.0-229.48.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.48.1.el7.ppc64.rpm perf-3.10.0-229.48.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm s390x: kernel-3.10.0-229.48.1.el7.s390x.rpm kernel-debug-3.10.0-229.48.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.48.1.el7.s390x.rpm kernel-debug-devel-3.10.0-229.48.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.48.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.48.1.el7.s390x.rpm kernel-devel-3.10.0-229.48.1.el7.s390x.rpm kernel-headers-3.10.0-229.48.1.el7.s390x.rpm kernel-kdump-3.10.0-229.48.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.48.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.48.1.el7.s390x.rpm perf-3.10.0-229.48.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.48.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.s390x.rpm x86_64: kernel-3.10.0-229.48.1.el7.x86_64.rpm kernel-debug-3.10.0-229.48.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.48.1.el7.x86_64.rpm kernel-devel-3.10.0-229.48.1.el7.x86_64.rpm kernel-headers-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.48.1.el7.x86_64.rpm perf-3.10.0-229.48.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.48.1.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.48.1.ael7b.noarch.rpm kernel-doc-3.10.0-229.48.1.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.48.1.ael7b.ppc64le.rpm perf-3.10.0-229.48.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.48.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.48.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm python-perf-3.10.0-229.48.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.48.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.48.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.48.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.48.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.48.1.el7.s390x.rpm python-perf-3.10.0-229.48.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.48.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm python-perf-3.10.0-229.48.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.48.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.48.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm python-perf-3.10.0-229.48.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.48.1.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYpDMZXlSAg2UNWIIRAhZtAJ9YypoNHDPMukWEOpCOpqA/iMIuIwCgoj2/ OWfq7c/1TLKu67K+wzUaCY8= =l2Ll -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 15 12:17:12 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Feb 2017 12:17:12 +0000 Subject: [RHSA-2017:0275-01] Critical: flash-plugin security update Message-ID: <201702151217.v1FCHDpU021926@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2017:0275-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0275.html Issue date: 2017-02-15 CVE Names: CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2994 CVE-2017-2995 CVE-2017-2996 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.221. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1422237 - CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2994 CVE-2017-2995 CVE-2017-2996 flash-plugin: multiple code execution issues fixed in APSB17-04 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-24.0.0.221-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.221-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-24.0.0.221-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.221-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-24.0.0.221-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.221-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2982 https://access.redhat.com/security/cve/CVE-2017-2984 https://access.redhat.com/security/cve/CVE-2017-2985 https://access.redhat.com/security/cve/CVE-2017-2986 https://access.redhat.com/security/cve/CVE-2017-2987 https://access.redhat.com/security/cve/CVE-2017-2988 https://access.redhat.com/security/cve/CVE-2017-2990 https://access.redhat.com/security/cve/CVE-2017-2991 https://access.redhat.com/security/cve/CVE-2017-2992 https://access.redhat.com/security/cve/CVE-2017-2993 https://access.redhat.com/security/cve/CVE-2017-2994 https://access.redhat.com/security/cve/CVE-2017-2995 https://access.redhat.com/security/cve/CVE-2017-2996 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb17-04.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYpEauXlSAg2UNWIIRAiyWAJ0Z26ndEXRM2gwUZTsRGbU8ephOQwCgs5Rl 3BMU483nA2gSfsBDrJ8Df34= =eakx -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 15 13:56:00 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Feb 2017 13:56:00 +0000 Subject: [RHSA-2017:0276-01] Moderate: bind security update Message-ID: <201702151356.v1FDu26Z009960@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security update Advisory ID: RHSA-2017:0276-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0276.html Issue date: 2017-02-15 CVE Names: CVE-2017-3135 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1420193 - CVE-2017-3135 bind: Assertion failure when using DNS64 and RPZ Can Lead to Crash 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-38.el7_3.2.src.rpm noarch: bind-license-9.9.4-38.el7_3.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-9.9.4-38.el7_3.2.i686.rpm bind-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.2.i686.rpm bind-libs-lite-9.9.4-38.el7_3.2.x86_64.rpm bind-utils-9.9.4-38.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-38.el7_3.2.x86_64.rpm bind-chroot-9.9.4-38.el7_3.2.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-devel-9.9.4-38.el7_3.2.i686.rpm bind-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.2.i686.rpm bind-lite-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-38.el7_3.2.src.rpm noarch: bind-license-9.9.4-38.el7_3.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-9.9.4-38.el7_3.2.i686.rpm bind-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.2.i686.rpm bind-libs-lite-9.9.4-38.el7_3.2.x86_64.rpm bind-utils-9.9.4-38.el7_3.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-38.el7_3.2.x86_64.rpm bind-chroot-9.9.4-38.el7_3.2.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-devel-9.9.4-38.el7_3.2.i686.rpm bind-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.2.i686.rpm bind-lite-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-38.el7_3.2.src.rpm aarch64: bind-9.9.4-38.el7_3.2.aarch64.rpm bind-chroot-9.9.4-38.el7_3.2.aarch64.rpm bind-debuginfo-9.9.4-38.el7_3.2.aarch64.rpm bind-libs-9.9.4-38.el7_3.2.aarch64.rpm bind-libs-lite-9.9.4-38.el7_3.2.aarch64.rpm bind-pkcs11-9.9.4-38.el7_3.2.aarch64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.aarch64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.aarch64.rpm bind-utils-9.9.4-38.el7_3.2.aarch64.rpm noarch: bind-license-9.9.4-38.el7_3.2.noarch.rpm ppc64: bind-9.9.4-38.el7_3.2.ppc64.rpm bind-chroot-9.9.4-38.el7_3.2.ppc64.rpm bind-debuginfo-9.9.4-38.el7_3.2.ppc.rpm bind-debuginfo-9.9.4-38.el7_3.2.ppc64.rpm bind-libs-9.9.4-38.el7_3.2.ppc.rpm bind-libs-9.9.4-38.el7_3.2.ppc64.rpm bind-libs-lite-9.9.4-38.el7_3.2.ppc.rpm bind-libs-lite-9.9.4-38.el7_3.2.ppc64.rpm bind-utils-9.9.4-38.el7_3.2.ppc64.rpm ppc64le: bind-9.9.4-38.el7_3.2.ppc64le.rpm bind-chroot-9.9.4-38.el7_3.2.ppc64le.rpm bind-debuginfo-9.9.4-38.el7_3.2.ppc64le.rpm bind-libs-9.9.4-38.el7_3.2.ppc64le.rpm bind-libs-lite-9.9.4-38.el7_3.2.ppc64le.rpm bind-pkcs11-9.9.4-38.el7_3.2.ppc64le.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.ppc64le.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.ppc64le.rpm bind-utils-9.9.4-38.el7_3.2.ppc64le.rpm s390x: bind-9.9.4-38.el7_3.2.s390x.rpm bind-chroot-9.9.4-38.el7_3.2.s390x.rpm bind-debuginfo-9.9.4-38.el7_3.2.s390.rpm bind-debuginfo-9.9.4-38.el7_3.2.s390x.rpm bind-libs-9.9.4-38.el7_3.2.s390.rpm bind-libs-9.9.4-38.el7_3.2.s390x.rpm bind-libs-lite-9.9.4-38.el7_3.2.s390.rpm bind-libs-lite-9.9.4-38.el7_3.2.s390x.rpm bind-utils-9.9.4-38.el7_3.2.s390x.rpm x86_64: bind-9.9.4-38.el7_3.2.x86_64.rpm bind-chroot-9.9.4-38.el7_3.2.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-9.9.4-38.el7_3.2.i686.rpm bind-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.2.i686.rpm bind-libs-lite-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.x86_64.rpm bind-utils-9.9.4-38.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: bind-debuginfo-9.9.4-38.el7_3.2.aarch64.rpm bind-devel-9.9.4-38.el7_3.2.aarch64.rpm bind-lite-devel-9.9.4-38.el7_3.2.aarch64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.aarch64.rpm bind-sdb-9.9.4-38.el7_3.2.aarch64.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.aarch64.rpm ppc64: bind-debuginfo-9.9.4-38.el7_3.2.ppc.rpm bind-debuginfo-9.9.4-38.el7_3.2.ppc64.rpm bind-devel-9.9.4-38.el7_3.2.ppc.rpm bind-devel-9.9.4-38.el7_3.2.ppc64.rpm bind-lite-devel-9.9.4-38.el7_3.2.ppc.rpm bind-lite-devel-9.9.4-38.el7_3.2.ppc64.rpm bind-pkcs11-9.9.4-38.el7_3.2.ppc64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.ppc.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.ppc64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.ppc.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.ppc64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.ppc64.rpm bind-sdb-9.9.4-38.el7_3.2.ppc64.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.ppc64.rpm ppc64le: bind-debuginfo-9.9.4-38.el7_3.2.ppc64le.rpm bind-devel-9.9.4-38.el7_3.2.ppc64le.rpm bind-lite-devel-9.9.4-38.el7_3.2.ppc64le.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.ppc64le.rpm bind-sdb-9.9.4-38.el7_3.2.ppc64le.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.ppc64le.rpm s390x: bind-debuginfo-9.9.4-38.el7_3.2.s390.rpm bind-debuginfo-9.9.4-38.el7_3.2.s390x.rpm bind-devel-9.9.4-38.el7_3.2.s390.rpm bind-devel-9.9.4-38.el7_3.2.s390x.rpm bind-lite-devel-9.9.4-38.el7_3.2.s390.rpm bind-lite-devel-9.9.4-38.el7_3.2.s390x.rpm bind-pkcs11-9.9.4-38.el7_3.2.s390x.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.s390.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.s390x.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.s390.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.s390x.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.s390x.rpm bind-sdb-9.9.4-38.el7_3.2.s390x.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.s390x.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-devel-9.9.4-38.el7_3.2.i686.rpm bind-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.2.i686.rpm bind-lite-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-38.el7_3.2.src.rpm noarch: bind-license-9.9.4-38.el7_3.2.noarch.rpm x86_64: bind-9.9.4-38.el7_3.2.x86_64.rpm bind-chroot-9.9.4-38.el7_3.2.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-9.9.4-38.el7_3.2.i686.rpm bind-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.2.i686.rpm bind-libs-lite-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.2.x86_64.rpm bind-utils-9.9.4-38.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-38.el7_3.2.i686.rpm bind-debuginfo-9.9.4-38.el7_3.2.x86_64.rpm bind-devel-9.9.4-38.el7_3.2.i686.rpm bind-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.2.i686.rpm bind-lite-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-9.9.4-38.el7_3.2.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3135 https://access.redhat.com/security/updates/classification/#moderate https://kb.isc.org/article/AA-01453 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYpF3YXlSAg2UNWIIRApTWAJ431cJbWLnPdQOS8vi04wnlPgpxDQCfSKrB wnuma0ruVmKXHc67yInvJxU= =FD7M -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 15 23:03:11 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Feb 2017 23:03:11 +0000 Subject: [RHSA-2017:0282-01] Moderate: openstack-cinder, openstack-glance, and openstack-nova security update Message-ID: <201702152303.v1FN3C5H023051@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder, openstack-glance, and openstack-nova security update Advisory ID: RHSA-2017:0282-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0282.html Issue date: 2017-02-15 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running external processes. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw. (CVE-2015-5162) This issue was discovered by Richard W.M. Jones (Red Hat). Bug Fix(es): * qemu-img calls were unrestricted by ulimit. oslo.concurrency has been updated to add support for process limits ('prlimit'), which is needed to fix the CVE-2015-5162 security vulnerability. (BZ#1383415) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 1316791 - Instance was deleted successfully without detaching its volume, if nova-compute was killed during running "nova delete" 1349005 - cinder volume backup throws UnicodeDecodeError: 'ascii' and access denied 1365899 - Missing dependency of python-oslo-log and python-oslo-policy in openstack-cinder 1370598 - multipathd segfault during volume attach 1378906 - nova-scheduler fails to start because of the too big nova database 1380289 - [Backport] Block based migration doesn't work for instances that have a volume attached 1381533 - Multi-Ephemeral instance Live Block Migration fails silently 1383415 - [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [OSP-7] 1386268 - NetApp Cinder driver: cloning operations are unsuccessful 1391970 - [tempest] test_delete_attached_volume fails in RHOS7 1394964 - Live migration with config-drive fails with InvalidSharedStorage error 1399760 - rbd snapshot delete fails if backend is missing file 1409820 - Creating Encrypted Volumes with Cinder(Ceph backend) gives false positive 1410046 - Multiple attempts made to delete iSCSI multipath path devices 1416884 - [7.0.z] nova creates an invalid ethernet/bridge interface definition in virsh xml 1420451 - revert Use stashed volume connector in _local_cleanup_bdm_volumes from openstack-nova-2015.1.4-28.el7ost 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: openstack-cinder-2015.1.3-12.el7ost.src.rpm openstack-glance-2015.1.2-3.el7ost.src.rpm openstack-nova-2015.1.4-32.el7ost.src.rpm python-oslo-concurrency-1.8.2-2.el7ost.src.rpm noarch: openstack-cinder-2015.1.3-12.el7ost.noarch.rpm openstack-cinder-doc-2015.1.3-12.el7ost.noarch.rpm openstack-glance-2015.1.2-3.el7ost.noarch.rpm openstack-glance-doc-2015.1.2-3.el7ost.noarch.rpm openstack-nova-2015.1.4-32.el7ost.noarch.rpm openstack-nova-api-2015.1.4-32.el7ost.noarch.rpm openstack-nova-cells-2015.1.4-32.el7ost.noarch.rpm openstack-nova-cert-2015.1.4-32.el7ost.noarch.rpm openstack-nova-common-2015.1.4-32.el7ost.noarch.rpm openstack-nova-compute-2015.1.4-32.el7ost.noarch.rpm openstack-nova-conductor-2015.1.4-32.el7ost.noarch.rpm openstack-nova-console-2015.1.4-32.el7ost.noarch.rpm openstack-nova-doc-2015.1.4-32.el7ost.noarch.rpm openstack-nova-network-2015.1.4-32.el7ost.noarch.rpm openstack-nova-novncproxy-2015.1.4-32.el7ost.noarch.rpm openstack-nova-objectstore-2015.1.4-32.el7ost.noarch.rpm openstack-nova-scheduler-2015.1.4-32.el7ost.noarch.rpm openstack-nova-serialproxy-2015.1.4-32.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-2015.1.4-32.el7ost.noarch.rpm python-cinder-2015.1.3-12.el7ost.noarch.rpm python-glance-2015.1.2-3.el7ost.noarch.rpm python-nova-2015.1.4-32.el7ost.noarch.rpm python-oslo-concurrency-1.8.2-2.el7ost.noarch.rpm python-oslo-concurrency-doc-1.8.2-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYpN4FXlSAg2UNWIIRAnS3AJwIUCsmeX5Dt73NZfzTmBcsVlzyiQCfYwrR s8VLQ4vomotJDGMJCDHoig8= =OhaY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 20 11:05:22 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Feb 2017 11:05:22 +0000 Subject: [RHSA-2017:0286-01] Moderate: openssl security update Message-ID: <201702201105.v1KB5N0M029887@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2017:0286-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0286.html Issue date: 2017-02-20 CVE Names: CVE-2016-8610 CVE-2017-3731 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.4.src.rpm i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.4.src.rpm x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.4.src.rpm i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.4.ppc.rpm openssl-1.0.1e-48.el6_8.4.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.4.ppc.rpm openssl-devel-1.0.1e-48.el6_8.4.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.4.s390.rpm openssl-1.0.1e-48.el6_8.4.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm openssl-devel-1.0.1e-48.el6_8.4.s390.rpm openssl-devel-1.0.1e-48.el6_8.4.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.4.ppc64.rpm openssl-static-1.0.1e-48.el6_8.4.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm openssl-perl-1.0.1e-48.el6_8.4.s390x.rpm openssl-static-1.0.1e-48.el6_8.4.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.4.src.rpm i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-60.el7_3.1.src.rpm x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-60.el7_3.1.src.rpm x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-60.el7_3.1.src.rpm aarch64: openssl-1.0.1e-60.el7_3.1.aarch64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm openssl-devel-1.0.1e-60.el7_3.1.aarch64.rpm openssl-libs-1.0.1e-60.el7_3.1.aarch64.rpm ppc64: openssl-1.0.1e-60.el7_3.1.ppc64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc64.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc64.rpm ppc64le: openssl-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc64le.rpm s390x: openssl-1.0.1e-60.el7_3.1.s390x.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm openssl-devel-1.0.1e-60.el7_3.1.s390.rpm openssl-devel-1.0.1e-60.el7_3.1.s390x.rpm openssl-libs-1.0.1e-60.el7_3.1.s390.rpm openssl-libs-1.0.1e-60.el7_3.1.s390x.rpm x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: openssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm openssl-perl-1.0.1e-60.el7_3.1.aarch64.rpm openssl-static-1.0.1e-60.el7_3.1.aarch64.rpm ppc64: openssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm openssl-perl-1.0.1e-60.el7_3.1.ppc64.rpm openssl-static-1.0.1e-60.el7_3.1.ppc.rpm openssl-static-1.0.1e-60.el7_3.1.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-perl-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-static-1.0.1e-60.el7_3.1.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm openssl-perl-1.0.1e-60.el7_3.1.s390x.rpm openssl-static-1.0.1e-60.el7_3.1.s390.rpm openssl-static-1.0.1e-60.el7_3.1.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-60.el7_3.1.src.rpm x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2017-3731 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv/20170126.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYqs1TXlSAg2UNWIIRAt7bAJ0ZCDFTFcNP3/qrBxA46aRJQAvxkACaA9Ak 1zK4rWazcUYTZw5zQhD4SXA= =I+Z7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 22 16:29:42 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Feb 2017 16:29:42 +0000 Subject: [RHSA-2017:0295-01] Important: kernel-rt security update Message-ID: <201702221629.v1MGTccf003356@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2017:0295-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0295.html Issue date: 2017-02-22 CVE Names: CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-514.6.1.rt56.430.el7.src.rpm noarch: kernel-rt-doc-3.10.0-514.6.1.rt56.430.el7.noarch.rpm x86_64: kernel-rt-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-kvm-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-514.6.1.rt56.430.el7.src.rpm noarch: kernel-rt-doc-3.10.0-514.6.1.rt56.430.el7.noarch.rpm x86_64: kernel-rt-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYrbxbXlSAg2UNWIIRAj4VAJsGFb/B+2G0HtMNLXx8f0iX8IoangCgv+J7 bQ6xbf+bo8tazT+MCNvAfbs= =Jg0K -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 22 17:22:31 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Feb 2017 17:22:31 +0000 Subject: [RHSA-2017:0293-01] Important: kernel security update Message-ID: <201702221722.v1MHMXOS015188@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0293-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0293.html Issue date: 2017-02-22 CVE Names: CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.13.2.el6.src.rpm i386: kernel-2.6.32-642.13.2.el6.i686.rpm kernel-debug-2.6.32-642.13.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm kernel-devel-2.6.32-642.13.2.el6.i686.rpm kernel-headers-2.6.32-642.13.2.el6.i686.rpm perf-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.2.el6.noarch.rpm kernel-doc-2.6.32-642.13.2.el6.noarch.rpm kernel-firmware-2.6.32-642.13.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm kernel-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-headers-2.6.32-642.13.2.el6.x86_64.rpm perf-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.13.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.2.el6.noarch.rpm kernel-doc-2.6.32-642.13.2.el6.noarch.rpm kernel-firmware-2.6.32-642.13.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm kernel-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-headers-2.6.32-642.13.2.el6.x86_64.rpm perf-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.13.2.el6.src.rpm i386: kernel-2.6.32-642.13.2.el6.i686.rpm kernel-debug-2.6.32-642.13.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm kernel-devel-2.6.32-642.13.2.el6.i686.rpm kernel-headers-2.6.32-642.13.2.el6.i686.rpm perf-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.2.el6.noarch.rpm kernel-doc-2.6.32-642.13.2.el6.noarch.rpm kernel-firmware-2.6.32-642.13.2.el6.noarch.rpm ppc64: kernel-2.6.32-642.13.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.13.2.el6.ppc64.rpm kernel-debug-2.6.32-642.13.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.13.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.13.2.el6.ppc64.rpm kernel-devel-2.6.32-642.13.2.el6.ppc64.rpm kernel-headers-2.6.32-642.13.2.el6.ppc64.rpm perf-2.6.32-642.13.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm s390x: kernel-2.6.32-642.13.2.el6.s390x.rpm kernel-debug-2.6.32-642.13.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.s390x.rpm kernel-debug-devel-2.6.32-642.13.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.13.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.13.2.el6.s390x.rpm kernel-devel-2.6.32-642.13.2.el6.s390x.rpm kernel-headers-2.6.32-642.13.2.el6.s390x.rpm kernel-kdump-2.6.32-642.13.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.13.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.13.2.el6.s390x.rpm perf-2.6.32-642.13.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.13.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.s390x.rpm x86_64: kernel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm kernel-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-headers-2.6.32-642.13.2.el6.x86_64.rpm perf-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.13.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm python-perf-2.6.32-642.13.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.13.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.13.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.13.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.13.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.13.2.el6.s390x.rpm python-perf-2.6.32-642.13.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.13.2.el6.src.rpm i386: kernel-2.6.32-642.13.2.el6.i686.rpm kernel-debug-2.6.32-642.13.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm kernel-devel-2.6.32-642.13.2.el6.i686.rpm kernel-headers-2.6.32-642.13.2.el6.i686.rpm perf-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.2.el6.noarch.rpm kernel-doc-2.6.32-642.13.2.el6.noarch.rpm kernel-firmware-2.6.32-642.13.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm kernel-devel-2.6.32-642.13.2.el6.x86_64.rpm kernel-headers-2.6.32-642.13.2.el6.x86_64.rpm perf-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.2.el6.i686.rpm perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm python-perf-2.6.32-642.13.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm python-perf-2.6.32-642.13.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYrcimXlSAg2UNWIIRAq0uAJwMSCLBVwArZ/4p+pPkhDCXitQgygCeOvSC POoLwU9WiNqKkOjZQKhgZFw= =9UHR -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 22 17:23:28 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Feb 2017 17:23:28 +0000 Subject: [RHSA-2017:0294-01] Important: kernel security update Message-ID: <201702221723.v1MHNWBw024517@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0294-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0294.html Issue date: 2017-02-22 CVE Names: CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-514.6.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.2.el7.noarch.rpm kernel-doc-3.10.0-514.6.2.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-headers-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.2.el7.x86_64.rpm perf-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-514.6.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.2.el7.noarch.rpm kernel-doc-3.10.0-514.6.2.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-headers-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.2.el7.x86_64.rpm perf-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-514.6.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.2.el7.noarch.rpm kernel-doc-3.10.0-514.6.2.el7.noarch.rpm ppc64: kernel-3.10.0-514.6.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.6.2.el7.ppc64.rpm kernel-debug-3.10.0-514.6.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.6.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.6.2.el7.ppc64.rpm kernel-devel-3.10.0-514.6.2.el7.ppc64.rpm kernel-headers-3.10.0-514.6.2.el7.ppc64.rpm kernel-tools-3.10.0-514.6.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.6.2.el7.ppc64.rpm perf-3.10.0-514.6.2.el7.ppc64.rpm perf-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm python-perf-3.10.0-514.6.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-514.6.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.6.2.el7.ppc64le.rpm kernel-debug-3.10.0-514.6.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.6.2.el7.ppc64le.rpm kernel-devel-3.10.0-514.6.2.el7.ppc64le.rpm kernel-headers-3.10.0-514.6.2.el7.ppc64le.rpm kernel-tools-3.10.0-514.6.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.6.2.el7.ppc64le.rpm perf-3.10.0-514.6.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm python-perf-3.10.0-514.6.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm s390x: kernel-3.10.0-514.6.2.el7.s390x.rpm kernel-debug-3.10.0-514.6.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.6.2.el7.s390x.rpm kernel-debug-devel-3.10.0-514.6.2.el7.s390x.rpm kernel-debuginfo-3.10.0-514.6.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.6.2.el7.s390x.rpm kernel-devel-3.10.0-514.6.2.el7.s390x.rpm kernel-headers-3.10.0-514.6.2.el7.s390x.rpm kernel-kdump-3.10.0-514.6.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.6.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.6.2.el7.s390x.rpm perf-3.10.0-514.6.2.el7.s390x.rpm perf-debuginfo-3.10.0-514.6.2.el7.s390x.rpm python-perf-3.10.0-514.6.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.s390x.rpm x86_64: kernel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-headers-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.2.el7.x86_64.rpm perf-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.6.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.6.2.el7.ppc64.rpm perf-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.6.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.6.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.6.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-514.6.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.2.el7.noarch.rpm kernel-doc-3.10.0-514.6.2.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-devel-3.10.0-514.6.2.el7.x86_64.rpm kernel-headers-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.2.el7.x86_64.rpm perf-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.2.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYrckFXlSAg2UNWIIRAngmAKCgaqcYM+XTKHS/I1Z1pigpEQBPOgCeJ43+ e9FajezDcn9Codkmm/nU1Cc= =bNp7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 22 22:45:30 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Feb 2017 22:45:30 +0000 Subject: [RHSA-2017:0300-01] Moderate: python-oslo-middleware security update Message-ID: <201702222245.v1MMjXIu016150@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-oslo-middleware security update Advisory ID: RHSA-2017:0300-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0300.html Issue date: 2017-02-22 CVE Names: CVE-2017-2592 ===================================================================== 1. Summary: An update for python-oslo-middleware is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: The OpenStack Oslo Middleware library provides components that can be injected into WSGI pipelines to intercept request and response flows. The base class can be enhanced with functionality like adding or updating HTTP headers, or to offer support for limiting size or connections. Security Fix(es): * An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. Remote users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens). (CVE-2017-2592) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Divya K Konoor (IBM) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1414698 - CVE-2017-2592 python-oslo-middleware: CatchErrors leaks sensitive values into error logs 6. Package List: Red Hat OpenStack Platform 10.0: Source: python-oslo-middleware-3.19.0-1.2.el7ost.src.rpm noarch: python-oslo-middleware-3.19.0-1.2.el7ost.noarch.rpm python-oslo-middleware-lang-3.19.0-1.2.el7ost.noarch.rpm python-oslo-middleware-tests-3.19.0-1.2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2592 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYrhR6XlSAg2UNWIIRAsY7AJ9tE67GTjrit+XzZCeIFfWdN+PhhQCgj0fR Hj5OiTy7ZqOVxlpFUWX60zI= =kGBu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 23 17:45:55 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Feb 2017 17:45:55 +0000 Subject: [RHSA-2017:0307-01] Moderate: kernel security and bug fix update Message-ID: <201702231745.v1NHjuSG009554@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2017:0307-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0307.html Issue date: 2017-02-23 CVE Names: CVE-2016-6136 CVE-2016-9555 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. (CVE-2016-6136, Moderate) * A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate) Bug Fix(es): * The qlnic driver previously attempted to fetch pending transmission descriptors before all writes were complete, which lead to firmware hangs. With this update, the qlcnic driver has been fixed to complete all writes before the hardware fetches any pending transmission descriptors. As a result, the firmware no longer hangs with the qlcnic driver. (BZ#1403143) * Previously, when a NFS share was mounted, the file-system (FS) cache was incorrectly enabled even when the "-o fsc" option was not used in the mount command. Consequently, the cachefilesd service stored files in the NFS share even when not instructed to by the user. With this update, NFS does not use the FS cache if not instructed by the "-o fsc" option. As a result, NFS no longer enables caching if the "-o fsc" option is not used. (BZ#1399172) * Previously, an NFS client and NFS server got into a NFS4 protocol loop involving a WRITE action and a NFS4ERR_EXPIRED response when the current_fileid counter got to the wraparound point by overflowing the value of 32 bits. This update fixes the NFS server to handle the current_fileid wraparound. As a result, the described NFS4 protocol loop no longer occurs. (BZ#1399174) * Previously, certain configurations of the Hewlett Packard Smart Array (HPSA) devices caused hardware to be set offline incorrectly when the HPSA driver was expected to wait for existing I/O operations to complete. Consequently, a kernel panic occurred. This update prevents the described problem. As a result, the kernel panic no longer occurs. (BZ#1399175) * Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398185) * Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1397739) * When the "punching hole" feature of the fallocate utility was used on an ext4 file system inode with extent depth of 1, the extent tree of the inode sometimes became corrupted. With this update, the underlying source code has been fixed, and extent tree corruption no longer occurs in the described situation. (BZ#1397808) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353533 - CVE-2016-6136 kernel: Race condition vulnerability in execve argv arguments 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.15.1.el6.src.rpm i386: kernel-2.6.32-642.15.1.el6.i686.rpm kernel-debug-2.6.32-642.15.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm kernel-devel-2.6.32-642.15.1.el6.i686.rpm kernel-headers-2.6.32-642.15.1.el6.i686.rpm perf-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.15.1.el6.noarch.rpm kernel-doc-2.6.32-642.15.1.el6.noarch.rpm kernel-firmware-2.6.32-642.15.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.15.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm kernel-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-headers-2.6.32-642.15.1.el6.x86_64.rpm perf-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.15.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.15.1.el6.noarch.rpm kernel-doc-2.6.32-642.15.1.el6.noarch.rpm kernel-firmware-2.6.32-642.15.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.15.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm kernel-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-headers-2.6.32-642.15.1.el6.x86_64.rpm perf-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.15.1.el6.src.rpm i386: kernel-2.6.32-642.15.1.el6.i686.rpm kernel-debug-2.6.32-642.15.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm kernel-devel-2.6.32-642.15.1.el6.i686.rpm kernel-headers-2.6.32-642.15.1.el6.i686.rpm perf-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.15.1.el6.noarch.rpm kernel-doc-2.6.32-642.15.1.el6.noarch.rpm kernel-firmware-2.6.32-642.15.1.el6.noarch.rpm ppc64: kernel-2.6.32-642.15.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.15.1.el6.ppc64.rpm kernel-debug-2.6.32-642.15.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.15.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.15.1.el6.ppc64.rpm kernel-devel-2.6.32-642.15.1.el6.ppc64.rpm kernel-headers-2.6.32-642.15.1.el6.ppc64.rpm perf-2.6.32-642.15.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm s390x: kernel-2.6.32-642.15.1.el6.s390x.rpm kernel-debug-2.6.32-642.15.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.s390x.rpm kernel-debug-devel-2.6.32-642.15.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.15.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.15.1.el6.s390x.rpm kernel-devel-2.6.32-642.15.1.el6.s390x.rpm kernel-headers-2.6.32-642.15.1.el6.s390x.rpm kernel-kdump-2.6.32-642.15.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.15.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.15.1.el6.s390x.rpm perf-2.6.32-642.15.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.15.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.s390x.rpm x86_64: kernel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.15.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm kernel-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-headers-2.6.32-642.15.1.el6.x86_64.rpm perf-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.15.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm python-perf-2.6.32-642.15.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.15.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.15.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.15.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.15.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.15.1.el6.s390x.rpm python-perf-2.6.32-642.15.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.15.1.el6.src.rpm i386: kernel-2.6.32-642.15.1.el6.i686.rpm kernel-debug-2.6.32-642.15.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm kernel-devel-2.6.32-642.15.1.el6.i686.rpm kernel-headers-2.6.32-642.15.1.el6.i686.rpm perf-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.15.1.el6.noarch.rpm kernel-doc-2.6.32-642.15.1.el6.noarch.rpm kernel-firmware-2.6.32-642.15.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.15.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm kernel-devel-2.6.32-642.15.1.el6.x86_64.rpm kernel-headers-2.6.32-642.15.1.el6.x86_64.rpm perf-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.15.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.15.1.el6.i686.rpm perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm python-perf-2.6.32-642.15.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.15.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm python-perf-2.6.32-642.15.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.15.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6136 https://access.redhat.com/security/cve/CVE-2016-9555 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYrx/HXlSAg2UNWIIRApU4AJ9l6szvNPjDAgH1twm0WZQtFSL+eACbBZsL 3UKxmm2CJO6fK4ol4lktDrA= =ZuqW -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 23 17:46:37 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Feb 2017 17:46:37 +0000 Subject: [RHSA-2017:0309-01] Important: qemu-kvm security and bug fix update Message-ID: <201702231746.v1NHke3j020735@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: RHSA-2017:0309-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0309.html Issue date: 2017-02-23 CVE Names: CVE-2016-2857 CVE-2017-2615 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on the host with privileges of Qemu process on the host. (CVE-2017-2615) * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857. This update also fixes the following bug: * Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring. (BZ#1408389) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate() 1408389 - [RHEL6.8.z] KVM guest shuts itself down after 128th reboot 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.6.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.i686.rpm ppc64: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.ppc64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.ppc64.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: qemu-kvm-0.12.1.2-2.491.el6_8.6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2857 https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYrx/qXlSAg2UNWIIRAhdsAKCzhR8i3aEw3BHYJJI5iXq3HapPkACgwYRx QFHAdYZFRrqgZIcUiVg27dA= =crB6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 23 17:47:15 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Feb 2017 17:47:15 +0000 Subject: [RHSA-2017:0316-01] Important: kernel security and bug fix update Message-ID: <201702231747.v1NHlHAD024939@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0316-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0316.html Issue date: 2017-02-23 CVE Names: CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue. Bug Fix(es): * When an NFS server received a compound Remote Procedure Call (RPC) with multiple operations where the SECINFO operation was the ninth or later operation, the server terminated unexpectedly. This update fixes the NFS server to correctly initialize all arguments of all compound RPC operations that are beyond the first eight operations. As a result, the NFS server no longer crashes in the described situation. (BZ#1413035) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: kernel-2.6.32-573.40.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.40.1.el6.noarch.rpm kernel-doc-2.6.32-573.40.1.el6.noarch.rpm kernel-firmware-2.6.32-573.40.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.40.1.el6.x86_64.rpm kernel-debug-2.6.32-573.40.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.40.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.40.1.el6.x86_64.rpm kernel-devel-2.6.32-573.40.1.el6.x86_64.rpm kernel-headers-2.6.32-573.40.1.el6.x86_64.rpm perf-2.6.32-573.40.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.40.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm python-perf-2.6.32-573.40.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: kernel-2.6.32-573.40.1.el6.src.rpm i386: kernel-2.6.32-573.40.1.el6.i686.rpm kernel-debug-2.6.32-573.40.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.40.1.el6.i686.rpm kernel-devel-2.6.32-573.40.1.el6.i686.rpm kernel-headers-2.6.32-573.40.1.el6.i686.rpm perf-2.6.32-573.40.1.el6.i686.rpm perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.40.1.el6.noarch.rpm kernel-doc-2.6.32-573.40.1.el6.noarch.rpm kernel-firmware-2.6.32-573.40.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.40.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.40.1.el6.ppc64.rpm kernel-debug-2.6.32-573.40.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.40.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.40.1.el6.ppc64.rpm kernel-devel-2.6.32-573.40.1.el6.ppc64.rpm kernel-headers-2.6.32-573.40.1.el6.ppc64.rpm perf-2.6.32-573.40.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.40.1.el6.s390x.rpm kernel-debug-2.6.32-573.40.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.40.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.40.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.40.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.40.1.el6.s390x.rpm kernel-devel-2.6.32-573.40.1.el6.s390x.rpm kernel-headers-2.6.32-573.40.1.el6.s390x.rpm kernel-kdump-2.6.32-573.40.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.40.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.40.1.el6.s390x.rpm perf-2.6.32-573.40.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.40.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.40.1.el6.x86_64.rpm kernel-debug-2.6.32-573.40.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.40.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.40.1.el6.x86_64.rpm kernel-devel-2.6.32-573.40.1.el6.x86_64.rpm kernel-headers-2.6.32-573.40.1.el6.x86_64.rpm perf-2.6.32-573.40.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: kernel-debug-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.40.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.40.1.el6.i686.rpm perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm python-perf-2.6.32-573.40.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.40.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm python-perf-2.6.32-573.40.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.40.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.40.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.40.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.40.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.40.1.el6.s390x.rpm python-perf-2.6.32-573.40.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.40.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm python-perf-2.6.32-573.40.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.40.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYryAUXlSAg2UNWIIRAjmQAKCTmPf6PQcw3a6FA+fZb06P6DOwAACfQvds veY8z8VY5ewF646wsRGayAk= =URf4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 24 16:26:20 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 24 Feb 2017 16:26:20 +0000 Subject: [RHSA-2017:0323-01] Important: kernel security update Message-ID: <201702241626.v1OGQMm6012725@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0323-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0323.html Issue date: 2017-02-24 CVE Names: CVE-2017-2634 CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) * It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. (CVE-2017-2634, Moderate) Important: This update disables the DCCP kernel module at load time by using the kernel module blacklist method. The module is disabled in an attempt to reduce further exposure to additional issues. Please see Red Hat Bugzilla (BZ#1425177) for additional information. Red Hat would like to thank Andrey Konovalov (Google) for reporting CVE-2017-6074. The CVE-2017-2634 issue was discovered by Wade Mealing (Red Hat Product Security). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 1424751 - CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-419.el5.src.rpm i386: kernel-2.6.18-419.el5.i686.rpm kernel-PAE-2.6.18-419.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-419.el5.i686.rpm kernel-PAE-devel-2.6.18-419.el5.i686.rpm kernel-debug-2.6.18-419.el5.i686.rpm kernel-debug-debuginfo-2.6.18-419.el5.i686.rpm kernel-debug-devel-2.6.18-419.el5.i686.rpm kernel-debuginfo-2.6.18-419.el5.i686.rpm kernel-debuginfo-common-2.6.18-419.el5.i686.rpm kernel-devel-2.6.18-419.el5.i686.rpm kernel-headers-2.6.18-419.el5.i386.rpm kernel-xen-2.6.18-419.el5.i686.rpm kernel-xen-debuginfo-2.6.18-419.el5.i686.rpm kernel-xen-devel-2.6.18-419.el5.i686.rpm noarch: kernel-doc-2.6.18-419.el5.noarch.rpm x86_64: kernel-2.6.18-419.el5.x86_64.rpm kernel-debug-2.6.18-419.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-419.el5.x86_64.rpm kernel-debug-devel-2.6.18-419.el5.x86_64.rpm kernel-debuginfo-2.6.18-419.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-419.el5.x86_64.rpm kernel-devel-2.6.18-419.el5.x86_64.rpm kernel-headers-2.6.18-419.el5.x86_64.rpm kernel-xen-2.6.18-419.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-419.el5.x86_64.rpm kernel-xen-devel-2.6.18-419.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-419.el5.src.rpm i386: kernel-2.6.18-419.el5.i686.rpm kernel-PAE-2.6.18-419.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-419.el5.i686.rpm kernel-PAE-devel-2.6.18-419.el5.i686.rpm kernel-debug-2.6.18-419.el5.i686.rpm kernel-debug-debuginfo-2.6.18-419.el5.i686.rpm kernel-debug-devel-2.6.18-419.el5.i686.rpm kernel-debuginfo-2.6.18-419.el5.i686.rpm kernel-debuginfo-common-2.6.18-419.el5.i686.rpm kernel-devel-2.6.18-419.el5.i686.rpm kernel-headers-2.6.18-419.el5.i386.rpm kernel-xen-2.6.18-419.el5.i686.rpm kernel-xen-debuginfo-2.6.18-419.el5.i686.rpm kernel-xen-devel-2.6.18-419.el5.i686.rpm ia64: kernel-2.6.18-419.el5.ia64.rpm kernel-debug-2.6.18-419.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-419.el5.ia64.rpm kernel-debug-devel-2.6.18-419.el5.ia64.rpm kernel-debuginfo-2.6.18-419.el5.ia64.rpm kernel-debuginfo-common-2.6.18-419.el5.ia64.rpm kernel-devel-2.6.18-419.el5.ia64.rpm kernel-headers-2.6.18-419.el5.ia64.rpm kernel-xen-2.6.18-419.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-419.el5.ia64.rpm kernel-xen-devel-2.6.18-419.el5.ia64.rpm noarch: kernel-doc-2.6.18-419.el5.noarch.rpm ppc: kernel-2.6.18-419.el5.ppc64.rpm kernel-debug-2.6.18-419.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-419.el5.ppc64.rpm kernel-debug-devel-2.6.18-419.el5.ppc64.rpm kernel-debuginfo-2.6.18-419.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-419.el5.ppc64.rpm kernel-devel-2.6.18-419.el5.ppc64.rpm kernel-headers-2.6.18-419.el5.ppc.rpm kernel-headers-2.6.18-419.el5.ppc64.rpm kernel-kdump-2.6.18-419.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-419.el5.ppc64.rpm kernel-kdump-devel-2.6.18-419.el5.ppc64.rpm s390x: kernel-2.6.18-419.el5.s390x.rpm kernel-debug-2.6.18-419.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-419.el5.s390x.rpm kernel-debug-devel-2.6.18-419.el5.s390x.rpm kernel-debuginfo-2.6.18-419.el5.s390x.rpm kernel-debuginfo-common-2.6.18-419.el5.s390x.rpm kernel-devel-2.6.18-419.el5.s390x.rpm kernel-headers-2.6.18-419.el5.s390x.rpm kernel-kdump-2.6.18-419.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-419.el5.s390x.rpm kernel-kdump-devel-2.6.18-419.el5.s390x.rpm x86_64: kernel-2.6.18-419.el5.x86_64.rpm kernel-debug-2.6.18-419.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-419.el5.x86_64.rpm kernel-debug-devel-2.6.18-419.el5.x86_64.rpm kernel-debuginfo-2.6.18-419.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-419.el5.x86_64.rpm kernel-devel-2.6.18-419.el5.x86_64.rpm kernel-headers-2.6.18-419.el5.x86_64.rpm kernel-xen-2.6.18-419.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-419.el5.x86_64.rpm kernel-xen-devel-2.6.18-419.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2634 https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYsF6RXlSAg2UNWIIRArzvAJ9SCaKb6epAD6/qsr3qLrFAPR65AQCguelF 5oxufghK9DNNVjnmS33h/z0= =Ghmo -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 24 16:27:38 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 24 Feb 2017 16:27:38 +0000 Subject: [RHSA-2017:0324-01] Important: kernel security update Message-ID: <201702241627.v1OGRf9e025791@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0324-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0324.html Issue date: 2017-02-24 CVE Names: CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: kernel-2.6.32-504.57.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.57.1.el6.noarch.rpm kernel-doc-2.6.32-504.57.1.el6.noarch.rpm kernel-firmware-2.6.32-504.57.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.57.1.el6.x86_64.rpm kernel-debug-2.6.32-504.57.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.57.1.el6.x86_64.rpm kernel-devel-2.6.32-504.57.1.el6.x86_64.rpm kernel-headers-2.6.32-504.57.1.el6.x86_64.rpm perf-2.6.32-504.57.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: kernel-2.6.32-504.57.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.57.1.el6.noarch.rpm kernel-doc-2.6.32-504.57.1.el6.noarch.rpm kernel-firmware-2.6.32-504.57.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.57.1.el6.x86_64.rpm kernel-debug-2.6.32-504.57.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.57.1.el6.x86_64.rpm kernel-devel-2.6.32-504.57.1.el6.x86_64.rpm kernel-headers-2.6.32-504.57.1.el6.x86_64.rpm perf-2.6.32-504.57.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.57.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm python-perf-2.6.32-504.57.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.57.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm python-perf-2.6.32-504.57.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.57.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYsF7AXlSAg2UNWIIRAje5AJ46cF+XvCUdc19THZ+ko+ltQNk/qQCgq3/u HFIFPp3Qk+/Hnk/9Yf2Q5xs= =Ajdv -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 27 23:47:40 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Feb 2017 23:47:40 +0000 Subject: [RHSA-2017:0328-01] Important: qemu-kvm-rhev security update Message-ID: <201702272347.v1RNlfjR019411@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2017:0328-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0328.html Issue date: 2017-02-27 CVE Names: CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat OpenStack Platform 10.0: Source: qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtLqQXlSAg2UNWIIRAgNjAJ48+NT8AbIR+7/RTJwKZJVz+Ba5+ACgia93 oDjg/IklYC6HKpHJrq+sLdA= =fbaW -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 27 23:47:59 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Feb 2017 23:47:59 +0000 Subject: [RHSA-2017:0329-01] Important: qemu-kvm-rhev security update Message-ID: <201702272348.v1RNm0ph010850@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2017:0329-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0329.html Issue date: 2017-02-27 CVE Names: CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat OpenStack Platform 9.0: Source: qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtLqmXlSAg2UNWIIRAugmAJ4+c9I3t9a3Vpm73rmD12j4nAz9aACfb+9U US/wd0tA4F18ztKq0ZHvpEY= =hYKy -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 27 23:48:18 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Feb 2017 23:48:18 +0000 Subject: [RHSA-2017:0330-01] Important: qemu-kvm-rhev security update Message-ID: <201702272348.v1RNmJoZ020042@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2017:0330-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0330.html Issue date: 2017-02-27 CVE Names: CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtLq4XlSAg2UNWIIRAj7AAJ9eHZrw61n99KAoDAiGxZtNWTV1gwCgqUA0 NSRldIhU6EQT4YnoBOfCv+Q= =+19v -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 27 23:48:35 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Feb 2017 23:48:35 +0000 Subject: [RHSA-2017:0331-01] Important: qemu-kvm-rhev security update Message-ID: <201702272348.v1RNmbdJ019744@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2017:0331-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0331.html Issue date: 2017-02-27 CVE Names: CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtLrMXlSAg2UNWIIRAjfjAJ9dcjCcn0XuPeU8PzjpkH0NNrUV5wCfTcZt 26tVjD3097mzmaUGSlsXvS0= =Up+N -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 27 23:49:08 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Feb 2017 23:49:08 +0000 Subject: [RHSA-2017:0332-01] Important: qemu-kvm-rhev security update Message-ID: <201702272349.v1RNn9Hs020347@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2017:0332-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0332.html Issue date: 2017-02-27 CVE Names: CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtLrdXlSAg2UNWIIRAn53AJ0ffmfDw8L8rbaxP7IQoY395Al21ACdHF6+ mZtYDmqAnBZhWh734a339bQ= =cSKT -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 27 23:49:25 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Feb 2017 23:49:25 +0000 Subject: [RHSA-2017:0333-01] Important: qemu-kvm-rhev security update Message-ID: <201702272349.v1RNnR0D020407@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2017:0333-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0333.html Issue date: 2017-02-27 CVE Names: CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtLr/XlSAg2UNWIIRApC7AKCd4hJYG3Bspk2DzcUE8DckfM93jgCfVeVe TKl7aqOkOliWbWkr4DA5td0= =aw7G -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 27 23:49:42 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Feb 2017 23:49:42 +0000 Subject: [RHSA-2017:0334-01] Important: qemu-kvm-rhev security update Message-ID: <201702272349.v1RNnhuQ020036@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2017:0334-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0334.html Issue date: 2017-02-27 CVE Names: CVE-2016-2857 CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate() 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.491.el6_8.7.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.491.el6_8.7.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.491.el6_8.7.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.7.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2857 https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtLsQXlSAg2UNWIIRAqJOAJ9RC1i361XE0GpXYaghH9A0rdv8RACfYzT2 zYkBZqobcN9NCGpN/iTcWlk= =TYIX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 09:16:52 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 09:16:52 +0000 Subject: [RHSA-2017:0336-01] Critical: java-1.7.1-ibm security update Message-ID: <201702280916.v1S9Grtg008140@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2017:0336-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0336.html Issue date: 2017-02-28 CVE Names: CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.ppc.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.ppc.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.ppc.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.s390.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.s390.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical https://developer.ibm.com/javasdk/support/security-vulnerabilities/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtT+VXlSAg2UNWIIRAlsUAKC/YVMsT2MtkXqUC3tLLKKz44xx5gCgwDER EwgATWRMA0TtHHTG3g1+yS8= =8vwr -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 09:18:12 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 09:18:12 +0000 Subject: [RHSA-2017:0337-01] Critical: java-1.7.0-ibm security update Message-ID: <201702280918.v1S9IE81009416@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2017:0337-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0337.html Issue date: 2017-02-28 CVE Names: CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR10-FP1. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm ppc: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical https://developer.ibm.com/javasdk/support/security-vulnerabilities/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtUA1XlSAg2UNWIIRAmq2AKCV7nZR8VjvrfQRlilHGTp4hInPCwCfX+Ta Td7/ZemYxEfQYiWKAXVFWQM= =svw8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 09:18:57 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 09:18:57 +0000 Subject: [RHSA-2017:0338-01] Critical: java-1.6.0-ibm security update Message-ID: <201702280918.v1S9IwGn000493@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2017:0338-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0338.html Issue date: 2017-02-28 CVE Names: CVE-2016-2183 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 ===================================================================== 1. Summary: An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP41. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.s390.rpm java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.41-1jpp.1.el5_11.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.s390.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.i386.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.ppc64.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el6_8.i686.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.41-1jpp.1.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/updates/classification/#critical https://developer.ibm.com/javasdk/support/security-vulnerabilities/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtUBoXlSAg2UNWIIRApiXAJ9xsreaWxBBwXTonXH44WyZXgi9lQCff7Af V9aIFEfn6rgnHnPDRDtFk4M= =uhKq -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 10:22:50 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 05:22:50 -0500 Subject: [RHSA-2017:0339-01] Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support One-Month Notice Message-ID: <201702281022.v1SAMojZ020979@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support One-Month Notice Advisory ID: RHSA-2017:0339-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0339.html Issue date: 2017-02-28 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 4 Extended Life Cycle Support Add-On (ELS). This notification applies only to those customers subscribed to the Extended Life Cycle Support (ELS) channel for Red Hat Enterprise Linux 4. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017. In addition, on-going technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: redhat-release-4AS-10.15.src.rpm i386: redhat-release-4AS-10.15.i386.rpm ia64: redhat-release-4AS-10.15.ia64.rpm x86_64: redhat-release-4AS-10.15.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: redhat-release-4ES-10.15.src.rpm i386: redhat-release-4ES-10.15.i386.rpm x86_64: redhat-release-4ES-10.15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtU93XlSAg2UNWIIRAgxfAJ4nioKUH9NwGvG0WUR/eTiqWl2nrgCdF1pH eGYxUeH+q7NQmlHcBp5aVXM= =2v+V -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 10:22:59 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 05:22:59 -0500 Subject: [RHSA-2017:0340-01] Low: Red Hat Enterprise Linux 5 One-Month Retirement Notice Message-ID: <201702281022.v1SAMxEx020997@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5 One-Month Retirement Notice Advisory ID: RHSA-2017:0340-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0340.html Issue date: 2017-02-28 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 5. This notification applies only to those customers subscribed to the channel for Red Hat Enterprise Linux 5. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected Urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (under "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected Urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. To enjoy even more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Instructions for migrating from RHEL 5 to RHEL7 are available at https://access.redhat.com/articles/1211223. Red Hat also offers a Pre-upgrade Assistant tool to aid with the migration of RHEL 5 systems to RHEL 7. For more information about this tool, please see https://access.redhat.com/solutions/1468623. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: redhat-release-5Client-5.11.0.8.src.rpm i386: redhat-release-5Client-5.11.0.8.i386.rpm x86_64: redhat-release-5Client-5.11.0.8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: redhat-release-5Server-5.11.0.8.src.rpm i386: redhat-release-5Server-5.11.0.8.i386.rpm ia64: redhat-release-5Server-5.11.0.8.ia64.rpm ppc: redhat-release-5Server-5.11.0.8.ppc.rpm s390x: redhat-release-5Server-5.11.0.8.s390x.rpm x86_64: redhat-release-5Server-5.11.0.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ https://access.redhat.com/articles/64664 https://access.redhat.com/articles/1211223 https://access.redhat.com/solutions/1468623 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtU+AXlSAg2UNWIIRAvGpAJ9kCGSxCFXbzjkVv3tErghasgIP9QCfa116 n/2uSH0L5+8RrPuNm3RDhy8= =ta9R -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 10:23:05 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 05:23:05 -0500 Subject: [RHSA-2017:0341-01] Low: Red Hat Enterprise Linux 7.1 Extended Update Support One-Month Notice Message-ID: <201702281023.v1SAN501019165@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 7.1 Extended Update Support One-Month Notice Advisory ID: RHSA-2017:0341-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0341.html Issue date: 2017-02-28 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 7.1 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 7.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.1 will be retired as of March 31, 2017, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 7.1 EUS after March 31, 2017. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 7.1 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains updated redhat-release-server and redhat-release-computenode packages that provide a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: redhat-release-computenode-7.1-1.el7_1.2.src.rpm x86_64: redhat-release-computenode-7.1-1.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: redhat-release-server-7.1-1.el7_1.5.src.rpm ppc64: redhat-release-server-7.1-1.el7_1.5.ppc64.rpm s390x: redhat-release-server-7.1-1.el7_1.5.s390x.rpm x86_64: redhat-release-server-7.1-1.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: redhat-release-server-7.1-1.ael7b_1.5.src.rpm ppc64le: redhat-release-server-7.1-1.ael7b_1.5.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/articles/64664 https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtU+HXlSAg2UNWIIRAkfjAJ9liekTeaoeMzcMoMJJhy7EEY68mgCgqzfB oQWA5hwcNt1o+OXhNeYkNFk= =zguB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 10:23:11 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 05:23:11 -0500 Subject: [RHSA-2017:0342-01] Low: Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC) One-Month Notice Message-ID: <201702281023.v1SANB76030212@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC) One-Month Notice Advisory ID: RHSA-2017:0342-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0342.html Issue date: 2017-02-28 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 5.6. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.6 server) - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.6 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 AMC after March 31, 2017. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 5.6 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Long Life (v. 5.6 server): Source: redhat-release-5Server-5.6.0.12.src.rpm i386: redhat-release-5Server-5.6.0.12.i386.rpm ia64: redhat-release-5Server-5.6.0.12.ia64.rpm x86_64: redhat-release-5Server-5.6.0.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtU+OXlSAg2UNWIIRAgp+AJ9bvc0dgaOzg5TZoJf2A6u3DjWvVACgm71n nFcMHjFe6Yu5E4a7HxYnUPk= =C3A1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 15:12:05 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 15:12:05 +0000 Subject: [RHSA-2017:0345-01] Important: kernel security update Message-ID: <201702281512.v1SFC8Jt027901@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0345-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0345.html Issue date: 2017-02-28 CVE Names: CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.77.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.77.1.el6.noarch.rpm kernel-firmware-2.6.32-358.77.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.77.1.el6.x86_64.rpm kernel-debug-2.6.32-358.77.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.77.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.77.1.el6.x86_64.rpm kernel-devel-2.6.32-358.77.1.el6.x86_64.rpm kernel-headers-2.6.32-358.77.1.el6.x86_64.rpm perf-2.6.32-358.77.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.77.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.77.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm python-perf-2.6.32-358.77.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtZI+XlSAg2UNWIIRAjskAKCAGX773ijmGH2DhH3xRStR0+eaHgCgkcm+ LugODnSYS9HSqq22TSskN98= =sVS2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 15:12:49 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 15:12:49 +0000 Subject: [RHSA-2017:0346-01] Important: kernel security and bug fix update Message-ID: <201702281512.v1SFCpB7031514@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0346-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0346.html Issue date: 2017-02-28 CVE Names: CVE-2017-2634 CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) * It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. (CVE-2017-2634, Moderate) Important: This update disables the DCCP kernel module at load time by using the kernel module blacklist method. The module is disabled in an attempt to reduce further exposure to additional issues. (BZ#1426309) Red Hat would like to thank Andrey Konovalov (Google) for reporting CVE-2017-6074. The CVE-2017-2634 issue was discovered by Wade Mealing (Red Hat Product Security). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 1424751 - CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.9 server): Source: kernel-2.6.18-348.33.1.el5.src.rpm i386: kernel-2.6.18-348.33.1.el5.i686.rpm kernel-PAE-2.6.18-348.33.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.33.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.33.1.el5.i686.rpm kernel-debug-2.6.18-348.33.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.33.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.33.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.33.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.33.1.el5.i686.rpm kernel-devel-2.6.18-348.33.1.el5.i686.rpm kernel-headers-2.6.18-348.33.1.el5.i386.rpm kernel-xen-2.6.18-348.33.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.33.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.33.1.el5.i686.rpm ia64: kernel-2.6.18-348.33.1.el5.ia64.rpm kernel-debug-2.6.18-348.33.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.33.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.33.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.33.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.33.1.el5.ia64.rpm kernel-devel-2.6.18-348.33.1.el5.ia64.rpm kernel-headers-2.6.18-348.33.1.el5.ia64.rpm kernel-xen-2.6.18-348.33.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.33.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.33.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.33.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.33.1.el5.x86_64.rpm kernel-debug-2.6.18-348.33.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.33.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.33.1.el5.x86_64.rpm kernel-devel-2.6.18-348.33.1.el5.x86_64.rpm kernel-headers-2.6.18-348.33.1.el5.x86_64.rpm kernel-xen-2.6.18-348.33.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.33.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2634 https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtZNgXlSAg2UNWIIRAnUlAJ9SeB6UpfFsSA72bmxNAWPruJMd6gCfcJeT idiI/D5ieioTlGRYFhXeo6w= =VKiI -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 28 15:13:11 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Feb 2017 15:13:11 +0000 Subject: [RHSA-2017:0347-01] Important: kernel security and bug fix update Message-ID: <201702281513.v1SFDE8P027948@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0347-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0347.html Issue date: 2017-02-28 CVE Names: CVE-2017-2634 CVE-2017-6074 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.6 server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) * It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. (CVE-2017-2634, Moderate) Important: This update disables the DCCP kernel module at load time by using the kernel module blacklist method. The module is disabled in an attempt to reduce further exposure to additional issues. (BZ#1426311) Red Hat would like to thank Andrey Konovalov (Google) for reporting CVE-2017-6074. The CVE-2017-2634 issue was discovered by Wade Mealing (Red Hat Product Security). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol 1424751 - CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.6 server): Source: kernel-2.6.18-238.58.1.el5.src.rpm i386: kernel-2.6.18-238.58.1.el5.i686.rpm kernel-PAE-2.6.18-238.58.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.58.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.58.1.el5.i686.rpm kernel-debug-2.6.18-238.58.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.58.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.58.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.58.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.58.1.el5.i686.rpm kernel-devel-2.6.18-238.58.1.el5.i686.rpm kernel-headers-2.6.18-238.58.1.el5.i386.rpm kernel-xen-2.6.18-238.58.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.58.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.58.1.el5.i686.rpm ia64: kernel-2.6.18-238.58.1.el5.ia64.rpm kernel-debug-2.6.18-238.58.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.58.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.58.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.58.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.58.1.el5.ia64.rpm kernel-devel-2.6.18-238.58.1.el5.ia64.rpm kernel-headers-2.6.18-238.58.1.el5.ia64.rpm kernel-xen-2.6.18-238.58.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.58.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.58.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.58.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.58.1.el5.x86_64.rpm kernel-debug-2.6.18-238.58.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.58.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.58.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.58.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.58.1.el5.x86_64.rpm kernel-devel-2.6.18-238.58.1.el5.x86_64.rpm kernel-headers-2.6.18-238.58.1.el5.x86_64.rpm kernel-xen-2.6.18-238.58.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.58.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.58.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2634 https://access.redhat.com/security/cve/CVE-2017-6074 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtZOBXlSAg2UNWIIRAreoAKC64tFIEhi9yPe8xUBZam4f4ME/JACfb9sE qd2uIkQkeCWCE84w7jUtH48= =p8xV -----END PGP SIGNATURE-----